Summary5 min read

Cyber Security Headlines - Detailed Summary

Podcast Title: Cyber Security Headlines
Host: Steve Prentiss, CISO Series
Release Date: January 27, 2025

DHS Advisory Committee Memberships Halted

In a dramatic overhaul of the US cybersecurity framework, the incoming administration has terminated all memberships of advisory committees associated with the Department of Homeland Security (DHS). This decisive action includes disbanding the CISA Cyber Safety Review Board (CSRB), which played a pivotal role in scrutinizing significant cyber incidents.

"This includes members of the CISA Cyber safety review board. CSRB, which had been critical of Microsoft for the July 2023 breach by Storm 0558..."
— Steve Prentiss [00:00]

The CSRB had been actively involved in investigating breaches, including the notorious Lapsus Cybercrime Group intrusions and recent cyberattacks targeting telecom providers, allegedly executed by the SALT typhoon group. The termination of these advisory roles signals a potential shift in how cyber threats will be managed and reviewed at the federal level.

UnitedHealth Updates Data Breach Victim Count to 190 Million

UnitedHealth, the parent company of Change Healthcare, has increased the reported number of data breach victims to 190 million. This update was provided on Friday evening, emphasizing that the majority of affected individuals have already received individual or substitute notices regarding the breach.

"The vast majority of these people have already been provided individual or substitute notice..."
— Steve Prentiss [00:00]

UnitedHealth indicated that the final number of impacted individuals will be confirmed and reported to the Department of Health and Human Services Office for Civil Rights at a later date. However, the company did not elaborate on when it discovered the additional 90 million victims, the methodology behind the new count, or any changes since the previous update.

Meta's LLAMA Framework Vulnerability Exposes AI Systems to Remote Code Execution

Researchers at Oligo Security have identified a high-severity flaw in Meta's LLAMA large language model (LLM) framework. This vulnerability could potentially allow attackers to execute arbitrary code on the LLAMA Stack inference server.

"The vulnerability has a CVE number, has a CVSS score of 6.3..."
— Steve Prentiss [00:00]

While Oligo Security classifies the issue with a CVSS score of 6.3, supply chain security firm Snyk assigns it a more critical severity rating of 9.3. The flaw resides in a component known as Llama Stack, which defines API interfaces for AI application development, including those utilizing Meta's LLAMA models. This discrepancy in severity ratings highlights the potential risks associated with the vulnerability, especially concerning supply chain security.

Clam Antivirus Suffers Denial of Service Vulnerability

Clam Antivirus, an open-source antivirus tool widely used for email scanning, file scanning, and web security on Linux-based systems, has been found to have a denial of service (DoS) vulnerability. Cisco has issued updates to address this critical flaw, which holds a CVE identifier.

"Cisco has released updates to address a denial of service vulnerability in Clam Antivirus..."
— Steve Prentiss [00:00]

Additionally, Cisco warns that a proof of concept (PoC) exploit code for this vulnerability is already available, increasing the urgency for users to apply the necessary patches. The vulnerability affects Cisco Secure Endpoint Connector products across multiple platforms, including Windows, Mac, Linux, and Private Cloud environments.

Hacker Infects Script Kiddies with Fake Malware Builder

Security researchers at CloudSec have uncovered a deceptive tactic employed by threat actors targeting low-skilled hackers, commonly referred to as script kiddies. These actors distribute a fake malware builder that secretly installs a backdoor on the victim's machine, enabling data theft and system takeover.

"Researchers say the infections from this malware hit more than 18,000 devices..."
— Steve Prentiss [00:00]

The malicious campaign has affected over 18,000 devices across Russia, the United States, India, Ukraine, and Turkey. CloudSec emphasizes the importance of not trusting unsigned software, especially those distributed by other cybercriminals, to mitigate such threats.

Hundreds of Fake Reddit Sites Distribute Lumastealer Malware

An alarming trend has emerged with the creation of over 1,000 web pages imitating Reddit and the WeTransfer file service. These counterfeit sites are being used as conduits to distribute the Lumastealer malware, a sophisticated tool designed to exfiltrate data.

"The pages include a fake discussion thread... the creator of these threads then asks for help to download a specific tool."
— Steve Prentiss [00:00]

These counterfeit platforms mimic the natural conversational style of Reddit, making the threads appear legitimate. Users are lured into downloading the malicious tool, which is then transmitted via fake WeTransfer links. This social engineering tactic underscores the need for vigilance when interacting with online forums and file-sharing services.

Cyber Diplomacy Funding Halted for the Bureau of Cyberspace and Digital Policy

In a move that disrupts ongoing cyber diplomatic efforts, the incoming administration has frozen funding for several foreign assistance programs, including the Bureau of Cyberspace and Digital Policy. Established in 2022, this bureau was central to the US's cyber diplomacy initiatives aimed at combating potential threats and establishing international norms around emerging technologies.

"Nate Fick... described the Bureau as a diplomatic tool not just to remediate cyber incidents..."
— Steve Prentiss [00:00]

The bureau had notable achievements, such as dispatching a Cyber Incident Response Team to Costa Rica, laying a subsea cable into Valu, and conducting training workshops for the Vietnamese government focused on mitigating malicious North Korean activity. The cessation of funding could impede these collaborative efforts and weaken international cyber threat responses.

Pompompurin to be Re-Sentenced After Court Vacates Previous Punishment

Connor Bryan Fitzpatrick, the notorious founder of the Breach Forum, is slated for re-sentencing after the court vacated his previous punishment. Breach Forum was the largest English-language cybercrime marketplace, compromising personal data, including Social Security numbers and bank details of over 14 billion individuals.

"While going through the legal process, he still violated the court's terms by accessing the Internet through a VPN..."
— Steve Prentiss [00:00]

The court initially issued a lenient sentence due to Fitzpatrick's autism diagnosis and his age. However, his continued violations during the legal process, such as using a VPN to access the Internet and communicating via Discord, have led the US Government to file an appeal. This appeals process indicates that Fitzpatrick may face a more severe sentence than the one previously handed down.

Upcoming Event: Super Cyber Friday Discussion

Steve Prentiss invites listeners to participate in the upcoming Super Cyber Friday discussion scheduled for Friday at 1 PM Eastern / 10 AM Pacific. The session will focus on hacking third-party risk management, offering practical tips for better risk assessment.

"Join us for our Super Cyber Friday discussion this week... head on over to the events page@cisoseries.com to register."
— Steve Prentiss [00:00]

Participants will have the opportunity to engage in open discussions, ask questions, and even win prizes through interactive games. Interested individuals can register by visiting cisoseries.com and navigating to the events page.

For more comprehensive coverage of these headlines and daily cybersecurity stories, visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Steve Prentiss
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Monday, January 27, 2025. I'm Steve Prentiss. DHS Advisory Committee Memberships halted In swift changes to the US Cybersecurity landscape, the new administration has terminated all memberships of advisory committees that report to the Department of Homeland Security. DHS end quot this includes members of the CISA Cyber safety review board. CSRB, which had been critical of Microsoft for the July 2023 breach by Storm 0558, had also led an examination into intrusions by the Lapsus Cybercrime Group and is said to have been in the middle of an investigation into a recent spate of cyberattacks targeting telecom providers allegedly by SALT typhoon end quote UnitedHealth updates the number of data breach victims to 190 million UnitedHealth, the company that owns Change Healthcare, provided this updated figure on Friday evening, adding that the vast majority of these people have already been provided individual or substitute notice, noting that the final number of those impacted will be confirmed and sent to the Department of Health and Human Services Office for Civil Rights at a later date. UnitedHealth did not provide any additional insight into when it learned of the additional 90 million victims, or how it determined the new number, or what has changed since the last update. Meta's LLAMA framework flaw exposes AI systems to remote code execution risks According to researchers at Oligo Security, this is a high severity flaw in Meta's LLAMA large language model framework that could allow an attacker to execute arbitrary code on the LLAMA Stack inference server. The vulnerability, which has a CVE number, has a CVSS score of 6.3, although supply chain security firm Snyk, on the other hand, has assigned it a critical severity rating of 9.3. Oligo says the problem lies in a component called Llama Stack, which defines a set of API interfaces for artificial intelligence application development, including using Meta's own LLAMA models. End quote Clam antivirus suffers denial of service vulnerability and available proof of concept exploit code Cisco has released updates to address a denial of service vulnerability in Clam Antivirus, an open source antivirus tool designed to detect malware, viruses and other malicious threats. It is widely used for email scanning, file scanning and web security, particularly in Linux based systems. The vulnerability has a CVE number and Cisco is also warning of the availability of a Proof of concept exploit code for this flaw. The Clam antivirus vulnerability affects the Cisco Secure endpoint Connector products for Windows, Mac, Linux and Private Cloud, Huge thanks to our sponsor, Conveyor. Conveyor has launched the first AI agent for customer trust. So wtf does that mean? It means the AI agent goes beyond just sharing NDA gated documents like a SoC2 with customers or answering security questionnaires. Conveyor's AI agent, Sue, handles the entire security review process from start to finish. She answers every customer request from sales, completes every questionnaire, and executes every communications and coordination task in between. It's perfect for B2B InfoSec teams sick of manual security review work. Check it out at www.conveyor.com that is C O N V E Y-O-R.com Hacker infects script Kiddies with Fake Malware Builder security researchers at CloudSec, I.e. cloud SEK, are reporting on a threat actor who has targeted low skilled hackers, also known as script kiddies, with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. The researchers say the infections from this malware hit more than 18,000 devices in Russia, the United States, India, Ukraine and Turkey. In reporting on and describing the details of this malware, the researchers remind everyone to never trust unsigned software, especially those distributed by other cybercriminals. Hundreds of fake Reddit sites push Lumastealer malware More than 1,000 web pages are being distributed that mimic Reddit and the WeTransfer file service, and both are conduits for the Lumastealer malware. The pages include a fake discussion thread on a specific topic in a manner that resembles Reddit. It uses natural online chatting styles, and the creator of these threads then asks for help to download a specific tool. Another user offers to help by uploading it to WeTransfer and sharing the link, and a third thanks that user for helping make everything appear legitimate. The fake WeTransfer page downloads the Lumastealer malware Cyber diplomacy Funding Halted for the Bureau of Cyberspace and Digital Policy in addition to the CISA Safety Review Board mentioned earlier, the incoming administration has also quickly frozen a number of foreign assistance programs, including the Bureau of Cyberspace and Digital Policy, which had been created in 2022 to serve as the focal point for cyber diplomacy against potential threats and pursue international norms on emerging technologies. Among its achievements to date were the sending of a first of its kind Cyber Incident Response Team to Costa Rica, landing a subsea cable into Valu, and delivering training workshops to members of the Vietnamese government focused on malicious North Korean activity. Nate Fick, who had been the first cyber ambassador for the US until his departure last Monday described the Bureau as a diplomatic tool not just to remediate cyber incidents, but to prove to partners the value of working with us and to build consensus against the malign actors that conduct these attacks. End Quote Pompompurin to be re Sentenced after court vacates previous punishment the infamous founder of the Breach Forum's website, whose real name is Connor Bryan Fitzpatrick, is to be re sentenced for his actions in building what became the largest English language cybercrime marketplace to date, with personal data including the Social Security numbers and bank details from more than 14 billion individual records, a document filed in court on Tuesday found. The court chose a lenient sentence, citing a diagnosis of autism and Fitzpatrick's age as mitigating circumstances. It was shown that while going through the legal process, he still violated the court's terms by accessing the Internet through a VPN and messaging on discord in those chat rooms. He asserted his innocence regarding the crimes he had confessed to and made light of selling data to foreign nations, encouraging another user to become a foreign asset to China or Russia and to sell government secrets. The appeal filed by the US Government signals that a new sentence could be much more harsh than the one originally issued last year. Remember to register to join us for our Super Cyber Friday discussion this week. On Friday at 1pm Eastern, 10am Pacific, we will be hacking third party risk management, digging into some practical tips to better review risk. If you have never joined us for Super Cyber Friday, these are open discussions on a cybersecurity topic where you can get involved in our chat to ask questions and even win some prizes in our fun games. Just head on over to the events page@cisoseries.com to register. I'm Steve Prentiss reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.