Cyber Security Headlines: CISA hires ‘Mudge’, Call for Congress to address AI-generated CSAM, loses $41 million in crypto

CISA hires ‘Mudge’ to work on security-by-design principles

On Monday, the US government’s cybersecurity agency (CISA) confirmed it has added Peiter ‘Mudge’ Zatko to its roster as a Senior Technical Advisor. Zatko most recently served as the CISO at Twitter and blew the whistle on the social media giant’s security shortcomings. Zatko’s resume also credits him with some of the earliest buffer overflow vulnerability research, serving as a DARPA program manager and creating the Cyber Fast Track program. Jen Easterly said, “Mudge joins us in a part-time capacity to help us collaboratively shape a culture of security by design that is foundational to every security team, every C-suite, and every board room in the country.”


All 50 states call on Congress to address AI-generated CSAM

In a letter to Congress, the attorneys general from all 50 US states proposed the establishment of a commission dedicated to developing solutions to prevent the creation of AI-generated child sexual abuse material (CSAM). The AGs highlighted the ease with which bad actors can train AI using images of children to create CSAM deepfakes. Although major social platforms prohibit this content, it can slip through the cracks. The US government had already begun evaluating some risks related to AI as the Biden administration rolled out a plan to promote the ethical use of AI in May.

(The Verge and TechCrunch) loses $41 million to hot wallet hackers

Online cryptocurrency casino announced that its Ethereum (ETH) and Binance Smart Chain (BSC) hot wallets had been compromised to perform unauthorized transactions resulting in over $41 million in stolen crypto. The platform swiftly reassured users that their funds were safe, and all other wallets not directly impacted by the attack (including those holding BTC, LTC, XRP, EOS, and TRX) remained fully operational. There is no word on what threat actor stole the crypto or how’s security was breached, but hot wallet attacks are typically the result of the private key being leaked or compromised.’s co-founder Ed Craven said that only a small portion of its digital currency reserves are kept in hot wallets due to their inherent risks.

(Bleeping Computer)

Atlas VPN zero-day leaks users’ real IP addresses

In a proof of concept exploit shared on Reddit, a researcher named ‘Educational-Map-8145’  describes how the Linux client of Atlas VPN, specifically the latest version, 1.0.3, has an API that can be exploited to reveal a user’s real IP address. Atlas VPN’s Linux API listens on localhost ( over port 8076 and offers a command-line interface (CLI) but does not authenticate users. The vulnerability is a severe privacy breach for VPN users as it exposes their approximate physical location and actual IP address, allowing them to be tracked and nullifying one of the core reasons for using a VPN provider.

(Bleeping Computer)

Huge thanks to our sponsor, DataBee, from Comcast Technology Solutions

What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues?

You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit

Ukraine says energy facility disrupted a Fancy Bear intrusion

On Tuesday, Ukraine’s computer emergency response team (CERT-UA) said a Russian cyberespionage group was caught attacking an unspecified critical energy facility in Ukraine. A cybersecurity expert working for the targeted organization thwarted the attack which CERT-UA attributed to Kremlin-controlled hackers known as Fancy Bear or APT28. CERT-UA said the group used phishing emails claiming to contain a link to images of several women that, when clicked, runs a malicious script on the targeted device. However, an employee identified the cyberthreat and took steps to respond including blocking access to Windows Script Host and certain web resources used by Fancy Bear. 

(The Record)

LockBit leaks documents swiped from UK defense contractor

Last month, British perimeter security company, Zaun Ltd., was breached by the notorious LockBit group. In its public breach disclosure on September 1, Zaud Ltd. indicated that LockBit had breached a PC used to control one of its manufacturing machines. The PC was running Windows 7, support for which concluded in 2020, with extended security updates ending in January 2023. Zaun said its cyber defenses prevented threat actors from encrypting their data but that about 10 gigabytes of info was stolen. Lockbit appears to have leaked sensitive documents relating to the physical security of agencies in the UK Ministry of Defence. However,  Zaud said it does not believe that any classified documents were compromised in the attack.

(Dark Reading)

Global cloud security market to reach nearly $63 billion by 2028

According to the 2023 Global Cloud Security Market Report from Research and Markets, the global cloud security market is expected to grow from $40.7 billion in 2023 to $62.9 billion by 2028. The report cites the surge in multi-cloud environments, adoption of advanced technologies like AI and ML for cloud security, proliferation of BYOD and CYOD trends, and the rise of DevSecOps as pivotal factors for the growth. The Data Security segment is anticipated to record the most significant market size growth as businesses increasingly rely on cloud services to store data in the face of stricter data privacy regulations and the rise in remote work. The Banking and Financial Services (BFSI) Sector is poised to attain the largest market size while North America is expected to capture the largest market size of any global region. Finally, Asia Pacific is expected to have the highest cloud security growth rate during the forecast period. 

(Dark Reading)

GhostSec leaks source code of alleged Iranian surveillance tool

The hacking group, GhostSec, is disclosing the source code they say belongs to the Iranian FANAP software group. GhostSec said via Telegram that it has analyzed around 26GB of FANAP’s compressed source code in which it discovered facial recognition “and various other privacy invading features and tools.” So far, GhostSec has released various components of the code, such as configuration files and API data. According to GhostSec, FANAP provides spyware technology to financial services and IT firms, but has now expanded its wares into a comprehensive surveillance system used by the Iranian government to monitor its citizens. FANAP denied the reports about the leak, and said the claims were made “without technical expertise and aimed at inciting public opinion.”

(Dark Reading)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.