← Cybersecurity Headlines
Loading summary
Transcript3 lines
- [00:00]
Unknown Host
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
Steve Prentiss
These are the cybersecurity headlines for Friday, February 14, 2025. I'm Steve Prentiss. U.S. lawmakers demand UK retraction of Apple backdoor Senators Ron Wyden and Andy Biggs are urging newly appointed National Intelligence Director Tulsi Gabbard to push the United Kingdom to revoke its order requiring Apple to GR access to encrypted user data. They warned that the directive threatens Americans privacy and suggested that if the UK refuses to back down, the US should reconsider its deep intelligence sharing ties with its ally. The confidential British order compels Apple to create a backdoor into its Advanced Data Protection System, which encrypts icloud stored data so securely that even Apple cannot access it. Authorities argue that this hinders investigations into terrorism, child exploitation and other serious crimes. The US Lawmaker's appeal highlights growing tensions over encryption, privacy and government surveillance, with potential implications for international cybersecurity cooperation. Sarcoma ransomware claims breach at giant circuit board maker Unimicron this breach is the handiwork of a relatively new operation with the delightful name of Sarcoma. The group has claimed responsibility for an attack against Unimicron, a Taiwan based manufacturer of printed circuit boards, otherwise known as PCBs. The group has already published samples of files allegedly stolen from the company's systems, with a threat to leak everything next week if no ransom is paid. The group claims to have 377 gigabytes of SQL files belonging to the Taiwanese company. Unimicron is one of the largest PCB manufacturers in the world, with plants and service centers in Taiwan, China, Germany and Japan. Its products are extensively used in LCD monitors, computers, peripherals and smartphones. Ransomware attack disrupts Michigan's Sioux Tribe operations A ransomware attack on the Sioux Saint Marie Tribe of Chippewa in Michigan has severely disrupted critical services including health centers, businesses and casinos. Tribe Chairman Austin Lowes stated that the incident began Sunday morning, affecting multiple computer and phone systems across tribal administration. As a result, many departments and businesses were forced to close temporarily. While officials hope to resolve the issue within a week, they are prepared for a longer recovery. The attack has had a particularly devastating impact on the tribe's health division, affecting essential services for its 44,000 members in Michigan's Upper Peninsula. Thanks to today's episode's sponsor, Vanta, do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs. We rely on point in time checks, but more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires five times faster with AI. Now that's a new way to GRC. Get started today at Vanta.com headlines that is V A N T A dot com headlines Russian threat actor Seashell Blizzard enlists Specialist Initial Access Subgroup According to a new report from Microsoft, the group, once known for attacks mostly on Ukraine and countries in Eastern Europe, is now setting its sights on high value targets globally, especially in the uk, the us, Canada and Australia. Its Specialist Initial Access subgroup takes advantage of vulnerabilities in remote access technologies including ConnectWise, Screen Connect and Fortinet 40 client software. The Microsoft report states that the subgroup discovers vulnerabilities in Internet facing infrastructure through direct scanning and the use of third party Internet scanning services and knowledge repositories. This is done with the goal of establishing long term persistence on the affected systems. Final Draft Malware uses Microsoft API for espionage through Windows and Linux Threat hunters at Elastic Security Labs are watching a campaign currently focusing on the Foreign Ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. End quote this group has also targeted a telecommunications organization and a university, both located in Southeast Asia. The procedure involves the execution of a malware named pathloader that makes way for an encrypted shell code named Final Draft and is subsequently injected into the memory of a newly spawned MSPaint EXE process and works on Windows and Linux systems. The researchers believe that this campaign is built for espionage. Zacks possibly suffers another data breach. This breach supposedly happened in June of 2024 with the threat actor releasing data last month January. Zacks is a U.S. based investment research company and the threat actors behind this breach claim to have access to the data of 12 million accounts. The leaked database has already been added to have I Been Pwned? However, Troy Hunt and his organization state that 93% of the email addresses mentioned in this most recent haul were already in the have I Been? Component database from previous breaches, including those not affiliated with Xax. Bleeping Computer also notes that quote There is the possibility of threat actors scraping the information from other services and compiling a database with user information associated with Xax. End quote Astaroth phishing kit bypasses 2fa with reverse proxy techniques a new phishing tool called Asteroth that is spelled A S T A R O T H has surfaced on cybercrime platforms and features advanced technology to bypass two factor authentication. First advertised in January of this year, Astaroth uses session hijacking and real time credential interception to compromise accounts on Gmail, Yahoo, Office365 and other platforms. Researchers at NeXT report that it operates via an evil Jinx style reverse proxy that is spelled E V I L G I N x, positioning itself between users and legitimate login pages to capture usernames, passwords, two FA tokens and session cookies. Unlike traditional phishing kits that struggle to bypass 2fa, Asteroth intercepts authentication tokens in real time, allowing attackers to hijack active sessions before security measures can respond. Cybersecurity expert Jason Sirocco warns that this approach renders 2fa ineffective, as attackers can instantly assume control of compromised accounts. Make sure to join us later today at 3:30pm Eastern for our Week in Review show. Doug Mayer, VP and Chief Information Security Officer at WCG, will be our guest, providing his expert commentary on the news of the week, and we encourage participation and comments through our YouTube live channel. Just go to the events page@cisoseries.com to register. I'm Steve Prentiss reporting for the CISO series.
- [07:48]
Unknown Host
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the Headlines sat.