Cyber Security Headlines - February 10, 2025
Host: Steve Prentiss
Podcast: Cyber Security Headlines
Series: CISO Series
Release Date: February 10, 2025
1. Doge Group Faces Outrage and Legal Challenges Over Security Failures
Steve Prentiss opens the episode by addressing the escalating controversy surrounding the Doge Group, officially known as the Department of Government Efficiency (DOGE). The group is under intense scrutiny due to alleged security lapses that amount to an ongoing data breach affecting millions of federal employees.
Steve Prentiss [00:00]: "Experts in cybersecurity and government process are likening the current activities of the Doge Group... as an ongoing data breach."
Key Points:
- Data Exposure: DOGE's actions have led to the exposure of sensitive personal data of federal employees, violating federal laws designed to protect classified and sensitive information.
- Vulnerabilities Created: The breach opens new avenues for malicious hackers to exploit federal systems.
- Elon Musk's Involvement: A significant concern is the attempt by Elon Musk's team to access the Department of the Treasury's payment system within the Bureau of Fiscal Service, which manages critical spending programs like Social Security.
Steve Prentiss [00:00]: "The White House stated last Monday that Doge employees' access to these systems were restricted to read-only."
- Security Clearance Issues: Brian Krebs, citing Wired Magazine, reports that a 19-year-old with prior cybercrime associations was granted access to sensitive systems, bypassing standard security clearances.
Steve Prentiss [00:00]: "This individual is reported to be a former denizen of the com, an archipelago of discord and telegram chat channels..."
- Legal Actions: University of California students have initiated a lawsuit against the federal Education Department to prevent DOGE from accessing federal student financial aid databases, citing violations of the Federal Privacy Act and the Internal Revenue Code.
Conclusion: The DOGE group's activities have sparked significant legal and cybersecurity concerns, highlighting systemic vulnerabilities within federal systems and raising questions about the adequacy of current security protocols.
2. CISA Updates Known Exploited Vulnerabilities Catalog
The podcast delves into the latest additions to the Cybersecurity and Infrastructure Security Agency's (CISA) catalog of known exploited vulnerabilities (KEVs).
New Vulnerabilities Added:
- 7-Zip Mark of the Web Bypass Vulnerability
- DANTE Discovery Process Control Vulnerability
- Cyber Roam OS SQL Injection Vulnerability
- Sophos XG Firewall Buffer Overflow Vulnerability
- Microsoft Outlook Improper Input Validation Vulnerability
Steve Prentiss [00:00]: "Both the Microsoft Outlook vulnerability and the buffer overflow issue from Sophos XG Firewall each have a CVSS score of 9.8."
Impact:
- High Severity: The Microsoft Outlook and Sophos XG Firewall vulnerabilities are rated highly, with CVSS scores of 9.8, indicating critical threats.
- Active Exploitation: Trend Micro security researcher Peter Gurness notes that the 7-Zip vulnerability is actively being exploited by Russian cybercrime groups through sophisticated spear-phishing campaigns.
Action Required:
- Federal Agencies Deadline: All affected federal agencies are mandated to remediate these vulnerabilities by February 27th.
- Reference: A comprehensive list of CVE numbers related to these vulnerabilities is available in the episode's show notes.
3. DeepSeek's Mobile App Sends Unencrypted Sensitive Data
A report from mobile security firm NowSecure reveals significant security flaws in DeepSeek's mobile application for Apple iOS.
Security Issues Identified:
- Unencrypted Data Transmission: The app transmits sensitive user and device data over the internet without proper encryption.
- Insecure Encryption Practices: When encryption is used, it relies on an insecure symmetric algorithm, utilizes a hard-coded encryption key, and reuses initialization vectors, making the data susceptible to breaches.
- Data Handling: Collected data is sent to servers managed by Volcano Engine, a cloud platform owned by ByteDance, the parent company of TikTok.
Steve Prentiss [00:00]: "Deepseek's app encrypts data using an insecure symmetric encryption algorithm, a hard coded encryption key, and reuses initialization vectors."
Implications:
- User Risk: The lack of robust encryption exposes users' sensitive information to potential interception and misuse.
- Regulatory Compliance: These practices likely violate multiple data protection regulations, putting DeepSeek at risk of legal repercussions.
4. UK Introduces Hurricane-Grade Scale for Cyberattacks
The United Kingdom has unveiled a new cyberattack rating system developed by the Cyber Monitoring Center (CMC), comprising members from the cyber insurance industry and cybersecurity thought leaders.
Features of the Scale:
- Parallel to Hurricane Scales: The system mirrors the Saffir-Simpson Hurricane Scale, categorizing cyber events based on severity.
- Scale Range: Events are rated on a scale from one to five, with five representing the most severe incidents.
- Criteria: The categorization considers both the financial impact and the number of UK organizations affected.
Steve Prentiss [00:00]: "As an independent non-profit organization, the CMC will categorize cyber events on a one through five scale, with five being the most severe..."
Purpose:
- Standardization: Provides a uniform framework for defining systemic cyber events, aiding cyber insurance companies and reinsurers in risk assessment.
- Examples: Notable incidents like NotPetya and the CrowdStrike breach serve as benchmarks for what constitutes high-severity events.
5. Hackers Publish Taliban Government Records
A significant cyberattack has targeted the Taliban government's computer systems, resulting in the public release of over 50 gigabytes of stolen documents.
Details of the Breach:
- Publishing Group: The hacker collective known as TabbyLeaks has disseminated links to the stolen data across social media platforms.
- Content Exposed: The leaked information encompasses data from 21 Taliban ministries and government agencies, including details on prisoners, travel restrictions, and various governmental activities.
Steve Prentiss [00:00]: "These links point to 21 Taliban ministries and government agencies and include information about prisoners, travel restrictions and many other types of activities and restrictions."
Taliban's Response:
- Denial of Breach: The Taliban's Ministry of Communications claims that most of the leaked files were already publicly accessible and denies that their systems were hacked.
6. Zyxel Declines to Patch Exploited Flaws in End-of-Life Routers
Security firm Vulnchek reports that Taiwan-based Zyxel has issued a security advisory regarding actively exploited vulnerabilities in its Customer Premises Equipment (CPE) series, including modems and routers.
Issues Highlighted:
- Unpatched Vulnerabilities: Zyxel has stated it will not release patches for these flaws in their end-of-life devices.
- Exposure Risk: Over 1,500 Zyxel CPE series devices remain exposed to the internet, significantly increasing the attack surface for potential cyber threats.
Steve Prentiss [00:00]: "Over 1500 Zyxel CPE series devices are exposed to the Internet, so the attack surface is significant."
Recommendation:
- User Action: Zyxel advises users to transition to newer, supported models to mitigate the risk posed by these unpatched vulnerabilities.
Conclusion
Steve Prentiss provides a comprehensive overview of the latest cybersecurity developments, highlighting significant breaches, emerging vulnerabilities, and the evolving landscape of cyber threats. From governmental data mishandlings and high-severity vulnerabilities to international cyberattacks and unpatched hardware flaws, the episode underscores the critical importance of robust cybersecurity measures and proactive threat mitigation strategies.
For a deeper dive into each of these stories, listeners are encouraged to visit CISOseries.com.
This summary is based on the transcript provided and aims to encapsulate all key discussions and insights presented in the episode of "Cyber Security Headlines" by CISO Series.
