Creepy AI, Codesys, Kyber768, .Net, Gootloader, DARPA, EvilProxy, Aaran Leyland – SWN #317

Doug White

1. Microsoft Discloses Codesys Flaws Allowing Shutdown of Industrial Operations, Spying
2. Enhancing TLS Security: Google Adds Quantum-Resistant Encryption in Chrome 116
3. CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
4. Gootloader SEO watering hole malware targets law firms
5. DARPA sponsors competition for AI innovation and cybersecurity
6. EvilProxy phishing tool targets Microsoft 365 accounts at 100 organizations
7. Get consent before you monitor your staff, UK MPs suggest
8. AI is being used to give dead, missing kids a voice they didn’t ask for

Aaran Leyland

1. Major Police Breach Endangers Safety of Officers & Civilians

   The names of the officers were leaked in an error made by the Police Service of Northern Ireland (PSNI) in response to a Freedom of Information (FoI) request. A FoI request is made by someone who is in search of information that furthers the commercial or trade interests of the individual. A spreadsheet with sensitive details, include names, ranks, departments, and locations of all the serving officers in the PSNI, was published in error. While taken down quickly, officials aren't sure who accessed the spreadsheet and if the information was copied.

   The spreadsheet was uploaded on an FOI website — called WhatDoTheyKnow — on Tuesday at around 2:30 p.m. and removed two hours later with an apology from Chris Todd, a PSNI assistant chief constable. An emergency meeting of the Police Board of Northern Ireland is planned for Aug. 10 to discuss and handle the situation. According to some news reports, the details of the spreadsheet have already begun to spread on social media.

   "This is an issue we take extremely seriously and as our investigation continues, we will keep the Northern Ireland Policing Board and the Information Commissioner's Office updated," the PSNI said in a public statement.

   The breach comes just a day after the attack on the Electoral Commission, raising concerns on the effectiveness of cybersecurity safeguards in the UK.

   To prevent accidental posting or sharing of confidential information on the internet by employees, organizations can implement a combination of technical controls. Here are some specific controls, including and beyond Data Loss Prevention (DLP):

   Data Loss Prevention (DLP):

   Endpoint DLP: Monitors actions that are being performed on items you've determined to be sensitive and to help prevent the unintentional sharing of those items. Network DLP: Monitors data in motion, inspecting network traffic and ensuring sensitive data doesn't leave the organization unauthorized. Storage DLP: Monitors and controls data at rest in file services, cloud storage, and databases. Content Discovery:

   Part of DLP solutions, it scans repositories and local drives to locate sensitive data. If sensitive data is found in inappropriate locations, alerts can be generated. Content Inspection:

   Deep content inspection to analyze the actual content (not just file metadata or type) before it is uploaded or shared. Cloud Access Security Brokers (CASB):

   Offers visibility into cloud application use across the organization, and can control data movement to and from the cloud. Web Application Firewalls (WAF):

   Can be configured to inspect outbound traffic and block the posting of sensitive data to specific internet locations.