By Option One Technologies
Cybersecurity News
Critical Vulnerabilities Expose Millions of Brother Printers to Remote Attacks
Cybersecurity researchers have discovered eight critical vulnerabilities affecting 689 Brother printer models and 59 additional devices, DarkReading reported. The additional devices are manufactured by Fujifilm, Toshiba, Ricoh, and Konica Minolta.
The most severe vulnerability, CVE-2024-51978, carries a Common Vulnerability Scoring System (CVSS) score of 9.8. It allows attackers to “generate the device’s default administrator password” using device serial numbers, said a researcher.
The vulnerability cannot be patched through firmware updates on existing devices, as it stems from Brother’s password generation algorithm used during manufacturing. Once an attacker obtains a printer’s serial number, they can reverse-engineer the factory password and gain full administrative access to the device.
According to a report by ZDNET, users with affected printers should change the default administrator password immediately. This process can be started through the device’s Web-Based Management menu.
Brother has released firmware updates addressing seven of the eight vulnerabilities. However, the brand acknowledges that the authentication bypass flaw requires changes to the manufacturing process for future devices.
Brother has posted a complete list of affected devices on its website.
Food Retailer Ahold Delhaize Discloses Data Breach Affecting 2.2 Million People
One of the world’s largest food retailers, Ahold Delhaize, has confirmed that in November 2024, a ransomware attack compromised the personal data of more than 2.2 million individuals in the United States, InfoSecurity Magazine reported. Ahold Delhaize operates well-known grocery store brands like Food Lion, Stop & Shop, and Giant Food.
The breach, which occurred on November 6, 2024, primarily exposed internal employment records for current and former employees. Stolen data may include names, contact details, dates of birth, government-issued identification numbers, bank account information, health records, and employment-related information.
The company has not officially identified the attackers. However, the INC Ransom group added Ahold Delhaize to its extortion site in April. It also published documents allegedly taken during the breach.
“We take this issue extremely seriously and will continue to take actions to further protect our systems,” Ahold Delhaize USA said in the letter, according to a report by GroceryDive.
Law Enforcement Agencies Arrest Cybercriminals Behind BreachForums
French authorities have arrested multiple high-profile cybercriminals connected to BreachForums, Cybernews reported. BreachForums is an English-language hacking forum and one of the internet’s most notorious data-trading platforms. It served as a successor to RaidForums following its seizure and shutdown in 2022.
One of those arrested was Kai West, a British national charged with operating under the “IntelBroker” identity. A second was the individual behind “ShinyHunters,” who allegedly administered BreachForums following the 2023 arrest of its previous administrator.
IntelBroker was responsible for numerous high-profile breaches affecting major organizations, including Tesla, Apple, AMD, General Electric, and US government agencies. The threat actor typically stole data from the victims’ networks and sold it on cybercrime forums, causing millions of dollars in damages.
The US Department of Justice has unsealed a four-count criminal indictment against West, with charges carrying maximum sentences ranging from five to twenty years. The arrests represent a significant blow to the cybercrime ecosystem, as BreachForums served as a central marketplace for stolen data and cybercriminal services.
Cybersecurity Tips
Cybercriminals are Optimizing Malicious AI—Organizations Must Prepare Their Cybersecurity Defenses
Cybercriminals are becoming sophisticated enough to fine-tune illicit large language models (LLMs), CSO Online reported. They are using underground forum posts and breach dumps to optimize AI models for specific fraud operations.
This represents a significant evolution in the cybercrime landscape, as it represents the emergence of self-improving attack systems that become more effective over time.
Enhanced Malicious AI Development
Fraudsters are customizing illicit LLMs such as WormGPT and FraudGPT by training them on malicious datasets. These datasets include breached credentials, scam scripts, and infostealer logs.
“This trend is particularly concerning because it demonstrates adversaries ‘closing the loop on model tuning,” said Ian Gray, Vice President of Cyber Threat Intelligence at threat intelligence firm Flashpoint. In other words, their implementation of feedback loops means user input continuously improves the models’ offensive capabilities.
Cybersecurity researchers observed private chat groups where users submitted failed prompt attempts back to LLM developers, resulting in rapid iteration and improved performance within days. In one documented instance, a user reported formatting issues with a financial fraud prompt, and the developer quickly shared an updated version with refined templates.
An Expanding Ecosystem of Criminal AI Services
The cybercrime ecosystem has evolved to feature its own vendor and service marketplaces. It mirrors legitimate software-as-a-service (SaaS) models with several concerning developments:
- Deepfake as a Service (DaaS) offerings that include custom face generation for dating scams, audio spoofing for voice verification fraud, and on-demand video avatars with lip-sync capabilities
- Prompt Engineering as a Service (PEaaS), where specialized “bypass builders” craft jailbreak prompts to defeat mainstream LLM guardrails
- Tiered pricing structures with API access and private key licensing that mirror legitimate business models
These services increasingly include value-added features such as pre-loaded backstories, matching fake documents, and automated scheduling for calls.
Cybersecurity Strategies for Protecting Against Malicious AI
Flashpoint recommends that organizations view AI as an augmentation of human expertise rather than a replacement. They should enhance their collective advantage by utilizing AI to derive insights from high-signal data and to structure unstructured content. However, they should always maintain human control.
The key is balancing automation with expert analysis, thus continuously adapting to evolving threats.
Essential Steps for Malicious AI Defense
- Establish AI Governance Framework: Create cross-functional teams with security, legal, and business stakeholders to define AI cybersecurity requirements and governance policies.
- Implement Input Sanitization: Deploy prompt firewalls and input validation systems to detect and block malicious prompts before they reach AI models.
- Deploy Behavioral Analytics: Use AI-powered monitoring to establish baseline behaviors and detect anomalies indicating potential AI misuse or compromise.
- Secure AI Pipeline Infrastructure: Encrypt AI-generated data, including vector embeddings, secure logs, and implement access controls throughout the AI development lifecycle.
- Monitor and Maintain: Establish continuous monitoring systems, regular cybersecurity assessments, and incident response playbooks specifically designed for AI-related threats.
- Train and Educate: Provide specialized training for cybersecurity teams on AI-specific vulnerabilities and maintain updated threat intelligence on emerging malicious AI tactics.
This approach combines traditional cybersecurity practices with AI-specific protections.
Thanks for Reading
That’s it for this month’s Cybersecurity Briefing. Contact us today to learn more about our services.
