Blood Center cyberattack, DeepSeek data leak, CISA's future unclear - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines - Detailed Summary Hosted by CISO Series Release Date: January 31, 2025

The latest episode of Cyber Security Headlines, hosted by Steve Prentiss of CISO Series, delves into some of the most pressing issues in the information security landscape. From ransomware attacks on essential services to groundbreaking cybersecurity initiatives by government agencies, this episode provides a comprehensive overview of the current cyber threat environment. Below is a detailed summary of the key topics discussed, enriched with notable quotes and timestamps for reference.

1. New York Blood Center Suffers Ransomware Attack

Timestamp: [00:00]

Steve Prentiss opens the episode by reporting a significant ransomware incident affecting the New York Blood Center Enterprises, one of the largest independent blood centers in the United States, serving over 75 million people.

Incident Overview: On Sunday, the center detected suspicious activity within its IT systems, which was later confirmed as a ransomware attack by third-party cybersecurity experts.
Operational Impact: The attack has compelled officials and staff to reschedule blood drives and implement various workarounds to maintain operations.
Current Status: As of the report, no ransomware gang has taken responsibility for the attack. Importantly, the blood center continues to accept blood donations despite the disruption.

“No ransomware gang has yet taken credit for the attack and the blood center itself says it is still accepting blood donations.” — Steve Prentiss [00:00]

2. DeepSeek's Exposed Database Leaks Sensitive Data

Timestamp: [02:15]

Prentiss highlights a critical data leak involving DeepSeek, China's new AI tool, with researchers from cloud security firm Wiz uncovering an exposed database.

Details of the Leak: The compromised database, managed via Clickhouse—a column-oriented database system designed for handling large data volumes—was inadvertently accessible, leaking sensitive information such as chat histories, API keys, and backend operational details.
Security Measures: DeepSeek has since secured the exposed database to prevent further unauthorized access.

“Deepseek has since secured the exposure.” — Steve Prentiss [02:15]

3. CISA’s Future Unclear Under New Administration

Timestamp: [04:30]

The episode discusses the uncertain future of the Cybersecurity and Infrastructure Security Agency (CISA) amidst the new administration.

Leadership Vacuum: As of the end of the second week of the administration, no individual has been appointed to lead CISA. Additionally, there are no plans to address the upcoming annual gathering of the nation's Secretaries of State in Washington.
Political Implications: Homeland Security Secretary Kristi Noem criticized the agency, stating it had "strayed far off mission." A conservative blueprint suggests relocating CISA to the Transportation Department to narrow its focus on protecting government networks and securing critical infrastructure.

“A conservative blueprint for the Republican administration recommended that CISA be moved to the Transportation Department and focused solely on protecting government networks and coordinating the security of critical infrastructure.” — Steve Prentiss [04:30]

4. Major GitHub Outage Affects Pull Requests and Other Services

Timestamp: [06:45]

GitHub experienced a significant outage impacting issues, pull requests, and other services crucial for developers.

Incident Details: An incident report on GitHub's official status page revealed an issue with their caching infrastructure, leading to degraded availability. Users reported problems with website server connections and the Actions feature.
Mitigation Efforts: GitHub announced plans to failover one of their primary caching hosts to resolve the issue, warning of temporary service disruptions during this process.

“We are failing over one of our primary caching hosts to complete our mitigation of the problem. Users will experience some temporary service disruptions until that event is complete.” — Steve Prentiss [06:45]

5. New Syncjacking Attack Hijacks Devices Using Chrome Extensions

Timestamp: [08:10]

Researchers at SquareX have identified a novel syncjacking attack vector that leverages seemingly legitimate Chrome extensions to gain unauthorized access to users' devices.

Attack Methodology: The attack involves multiple stages, including Google profile hijacking, browser hijacking, and ultimately, complete device takeover. It is highly stealthy, requiring minimal permissions and little victim interaction beyond installing a malicious extension.
Technical Details: The procedure employs social engineering tactics, fake Google Workspace domains, counterfeit browser extensions, and deceptive Zoom updates.
Further Information: A comprehensive description of the attack is available on Bleeping Computer, accessible via the show notes.

“This new attack technique involves several steps, including Google profile hijacking, browser hijacking, and eventually device takeover.” — Steve Prentiss [08:10]

6. House Bill Aims to Better Protect Financial Institutions from Ransomware Attacks

Timestamp: [09:35]

A bipartisan legislation titled the Public and Private Sector Ransomware Response Coordination Act is being proposed to enhance protections for financial institutions against ransomware threats.

Objectives of the Bill:
- Direct the Treasury Secretary to report on existing collaborations between federal agencies and private financial companies.
- Examine and improve these partnerships to bolster defenses against cyber attacks.
- Assess whether federal agencies receive timely reports on ransomware incidents targeting financial institutions.
- Evaluate current reporting requirements and determine the necessity for additional legislation.
- Solicit feedback and potential policy solutions from the Treasury Secretary.

“The report would also probe whether relevant federal agencies are receiving timely access to reports on ransomware attacks on financial institutions.” — Steve Prentiss [09:35]

7. TeamViewer Fixes Vulnerability in Windows Client and Host Applications

Timestamp: [11:00]

TeamViewer has addressed a critical security vulnerability in its remote access solutions for Windows platforms.

Vulnerability Details: A high-severity elevation of privilege flaw affects TeamViewer Full Client and Host versions from 11.x through 15.x. An attacker with local access could exploit this vulnerability to gain elevated privileges on a Windows system.
Response and Mitigation: TeamViewer has released security patches to fix the vulnerability and stated that there have been no known attacks exploiting this flaw in the wild.
Discovery: The vulnerability was identified by an anonymous researcher affiliated with the Trend Micro Zero Day Initiative.

“TeamViewer has released security patches for a high severity elevation of privilege vulnerability in its remote access solutions for Windows.” — Steve Prentiss [11:00]

8. DARPA Launches Red C Project to Develop Self-Healing Firmware

Timestamp: [12:45]

The Defense Advanced Research Projects Agency (DARPA) has initiated Red C, a pioneering project aimed at creating firmware capable of autonomously responding to and recovering from cyber attacks.

Project Goals:
- Enable networks to self-repair post-attack by restoring locked files and communicating with other systems to gather forensic data.
- Analyze collected data to identify attack vectors and system vulnerabilities.
- Block identified vulnerabilities to prevent future breaches.
Implementation: Red C focuses on embedding these self-healing capabilities into bus-based computer systems at the firmware level, which are integral to a wide range of devices from personal computers to critical infrastructure systems.
Further Details: A more in-depth explanation of Red C is available in Cyberscoop and the show's notes.

“The forensic sensors in your device's firmware spring to life. They begin healing your network, restoring locked files, and communicating with other systems to collect forensic data.” — Steve Prentiss [12:45]

Upcoming Events and Live Streams

Timestamp: [14:30]

Steve concludes the episode by announcing a busy schedule of live streams for the day:

Super Cyber Friday: Starting at 1 PM Eastern, this session will focus on "Hacking the Third Party Risk Management Process," offering practical tips for evaluating and mitigating third-party risks.
Week in Review Show: At 3:30 PM Eastern, Alexandra Landegger, Global Head of Cyber Strategy and Transformation at RTX, will join to provide expert analysis on the week's cybersecurity news.

Listeners are encouraged to visit cisoseries.com to access the events page and participate in these insightful discussions.

Final Note: For a more in-depth exploration of each headline, listeners can visit CISOseries.com, where full stories and additional resources are available.

Reported by Steve Prentiss for the CISO Series.

Loading summary

Transcript1 lines

[00:00]
Steve Prentiss
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, January 31, 2025. I'm Steve Prentiss. New York Blood center suffers ransomware Attack New York Blood Center Enterprises, one of the largest independent blood centers in the US serving over 75 million people, discovered suspicious activity on its IT system on Sunday and this was later confirmed as a ransomware incident by third party cybersecurity experts. This has forced officials and staff to reschedule blood drives and implement other workarounds. No ransomware gang has yet taken credit for the attack and the blood center itself says it is still accepting blood donations. Deepseek's Exposed database leaks Sensitive Data Researchers from cloud security firm Wiz uncovered an exposed database belonging to China's new AI tool DeepSeek, which has been leaking sensitive data including chat histories, API keys and backend operational details. The exposed database was in Clickhouse, a column oriented database management system designed for online analytical processing when handling large volumes of data. Clickhouse is intended to be accessible only internally by the firm using it. Deepseek has since secured the exposure CISA's future unclear under new Administration at the conclusion of the second week of this new administration, there has been no one named to lead the Cybersecurity and Infrastructure Security Agency, also known as cisa, and no plans for anyone in its leadership to address the annual gathering of the nation's Secretaries of State in Washington. Homeland Security Secretary Kristi Noem had stated prior to her confirmation that the agency had strayed far off mission. A conservative blueprint for the Republican administration recommended that CISA be moved to the Transportation Department and focused solely on protecting government networks and coordinating the security of critical infrastructure. Major GitHub outage affects pull requests and other services an incident report published on GitHub's official status page stated, we are investigating reports of degraded availability for issues and pull requests and continues, we have identified an issue with our caching infrastructure and are working to mitigate it. Users logged by Down Detector are experiencing problems with the website server connection and the Actions feature. As of this recording, the company has said we will be failing over one of our primary caching hosts to complete our mitigation of the problem. Users will experience some temporary service disruptions until that event is complete. End quote. Huge thanks to our sponsor Conveyor. Let me guess, another security questionnaire just landed in your inbox, which means all the follow up tasks you don't have time for are close behind. So what are you going to do? Here's A better question what would sue do? Sue is Conveyor's new AI agent for customer trust. She handles the entire security review process, like answering every customer request from sales, completing every questionnaire, or executing every communications and coordination task in between. No more manual work, just a quick review when she is done. Are you ready to let sue take the reins? Learn more@www.conveyor.com that is C O N V E Y O R New Sync Jacking attack hijacks devices using Chrome extensions According to researchers at squarex, this new attack technique involves several steps, including Google profile hijacking, browser hijacking, and eventually device takeover. It is described as stealthy and requires minimal permissions and almost no victim interaction other than to install what appears to be a legitimate Chrome extension. The process includes social engineering, fake Google Workspace domains, a fake browser extension, and a fake Zoom update. A more thorough description of this procedure is available at Bleeping Computer. Just follow the link in the show notes House bill aims to better protect financial institutions from ransomware attacks this bipartisan legislation, named the Public and Private Sector Ransomware Response Coordination act, would direct the Treasury Secretary to deliver a report on existing collaboration between federal agencies and private financial companies, examining how those partnerships can be improved to better protect the industry from cyber attacks, end quote. The report would also probe whether relevant federal agencies are receiving timely access to reports on ransomware attacks on financial institutions, analyze reporting requirements and assess whether additional legislation is needed, end quote as well as asking the Treasury Secretary to provide feedback and potential policy solutions. TeamViewer fixes vulnerability in Windows client and host applications TeamViewer has released security patches for a high severity elevation of privilege vulnerability in its remote access solutions for Windows. The vulnerability affects TeamViewer full client and TeamViewer host versions. In versions from 11x through to 15x, an attacker with local access could exploit the flaw to achieve local privilege escalation on a Windows system. The company says it is not aware of attacks in the wild. Exploiting this vulnerability, which was discovered by an anonymous researcher from the Trend Micro Zero Day Initiative, DARPA seeks to create firmware that can respond and recover from cyber attacks by itself. Red C that is Red then the capital letter C is a new project from the Defence Advanced Research Projects Agency darpa, which is seeking to give networks the ability to repair themselves after a cyber attack. As described in cyberscoop, the forensic sensors in your device's firmware spring to life. They begin healing your network, restoring locked files, and communicating with other systems to collect forensic data. The firmware then analyzes the data to identify how the attackers entered and exploited system weaknesses, then blocks those vulnerabilities to prevent future breaches. Through the same entry points, the project seeks to build new defenses into bus based computer systems, which are firmware level systems used in everything from personal computers to weapons systems to vehicles. A more complete description of the project as written up in cyberscoop is available in the show Notes to this episode as usual, we've got a busy Friday of live streams today. It starts at 1pm Eastern with Super Cyber Friday, where the topic will be Hacking the third party Risk Management Process, an hour of critical thinking about practical tips for reviewing risk and then at 3:30pm Eastern we have our Week in Review show. Alexandra Landegger, who is Global Head of Cyber Strategy and Transformation at rtx, will be our guest, providing her expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.