CISA Director's ChatGPT Mistake, Poland Power Grid Attack, and Social Media Lawsuit

CISA Director's Data Upload Incident

• ⚠️ CISA's interim director, Madhu Gamukala, uploaded sensitive government material into the public version of ChatGPT, triggering internal security alarms.
• 💡 While SISA stated the use was limited and temporary under DHS controls, the public platform shares data with OpenAI, raising concerns about exposure beyond federal networks.
• 📌 The incident is under review and may lead to administrative consequences, adding to scrutiny of Gamukala's leadership.

Cyberattack on Poland's Power Grid

• ⚡ A coordinated cyberattack in late December compromised control and communication systems at approximately 30 energy facilities in Poland.
• 🎯 The attack, attributed with moderate confidence to Russia's Sandworm group, targeted distributed energy resources and operational technology systems.
• 🔌 While Polish officials stated no outages occurred, researchers found attackers accessed systems and permanently disabled some equipment, highlighting the vulnerability of these less protected systems.

EU-India Cyber Cooperation and Concerns

• 🤝 The EU and India signed a new security and defense partnership, including expanded cyber cooperation and exchanges on threats.
• 🧐 However, European officials privately expressed concerns about India's growing hackers-for-hire ecosystem, which Indian officials deny exists or claim is a private sector matter.

Enhanced WhatsApp Security and LLM Endpoint Targeting

• 🔒 Meta is rolling out strict account settings on WhatsApp for high-risk users, including journalists and public figures, to protect against sophisticated threats like spyware.
• 🔍 Researchers discovered a campaign, dubbed Bizaar Bazaar, targeting exposed or poorly protected large language model (LLM) service endpoints, with over 35,000 attack sessions observed.
• 💻 Attackers exploited misconfigured AI infrastructure to steal compute resources, resell API access, and exfiltrate data.

Vulnerabilities and Data Breaches

• 🛠️ Fortinet released emergency patches for a FortiCloud SSO authentication bypass vulnerability that was actively exploited as a zero-day.
• ⚠️ A high-severity WinRAR path traversal vulnerability continues to be widely exploited six months after its patch, used by financially motivated groups and nation-state actors for espionage and malware deployment.
• 💥 The SoundCloud data breach affected nearly 30 million user accounts, exposing usernames, display names, and other public profile information, but not passwords or financial data.

Social Media Lawsuit and Ransomware Attack

• ⚖️ A California lawsuit accuses Meta, TikTok, and YouTube of harming young people through addictive features like infinite scroll and autoplay, with a jury trial set to begin.
• 🏛️ The case faces challenges due to Section 230 of the Communications Decency Act, but the discovery process could reveal significant internal company data.
• 💰 A Spanish resort town, Sanxenxo, was hit with low-rent ransomware, demanding only $5,000 in Bitcoin, which city officials refused to pay, opting to restore from backups.