Cyber Security Headlines – Episode Summary
Podcast Information:
- Title: Cyber Security Headlines
- Host/Author: CISO Series
- Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
- Episode: EPA warns of critical risks, Four million WordPress sites exposed, Sextortion scams bypass filters
- Release Date: November 19, 2024
1. EPA Warns of Critical Risks in Drinking Water Infrastructure
Host Lauren Verno kicks off the episode by highlighting a troubling report from the EPA’s Office of Inspector General. The report uncovers significant vulnerabilities within the United States' drinking water infrastructure:
- Scope of Vulnerabilities:
- Over 300 drinking water systems assessed.
- Potential impact on 110 million people.
- 97 systems (serving 27 million individuals) identified with critical or high severity issues.
Lauren Verno emphasizes the severity:
"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)
The Office of Inspector General warns that exploitation of these vulnerabilities could not only disrupt water services but also cause irreparable physical damage to the infrastructure.
2. Four Million WordPress Sites Exposed
A significant security breach within the WordPress ecosystem is addressed next:
- Vulnerability Details:
- Affected Plugin: Really Simple Security.
- Impact: Over 4 million WordPress sites are vulnerable.
- Severity: CVSS score of 9.8, labeled as "one of the most serious vulnerabilities ever discovered in their 12-year history."
Lauren Verno relays the urgency:
"Researchers warn of a critical flaw in the really simple security plugin for WordPress sites." (02:15)
The flaw allows attackers to gain full administrative access, even on sites with two-factor authentication enabled, by exploiting improper error handling in the plugin's REST API. Users are strongly urged to upgrade to version 9.1.2, where the issue has been patched.
3. Sextortion Scams Bypass Microsoft Security Filters
The podcast delves into the evolving tactics of sextortion scammers:
- Method of Bypass:
- Exploiting the Microsoft 365 admin portal.
- Utilizing legitimate O365MC and Microsoft.com addresses.
- Manipulating browser tools to bypass character limits in the Message Centers Share feature.
Lauren Verno explains the sophistication:
"Sextortion scams are getting more sophisticated." (04:45)
These scams manage to bypass spam filters, landing in users' focused inboxes. The fraudulent emails often detailed extortion claims, such as alleging infidelity or presenting pictures of the victim's home, and demand Bitcoin payments.
While Microsoft is aware and investigating the issue, server-side restrictions to prevent such attacks have yet to be implemented.
4. Foreign Attack on Library of Congress
A concerning breach targeting a prestigious institution is covered:
- Breach Details:
- Target: Library of Congress.
- Nature: Unauthorized access to emails between Congressional offices and Library staff, including those from the Congressional Research Service.
- Timeline: January to September 2024.
Lauren Verno reports:
"The Library is working to determine which specific communications were compromised." (06:50)
Notably, the breach did not affect the House or Senate IT networks or US Copyright Office systems. The Library is diligently assessing the extent of the compromised communications.
5. Sponsored Segment: Threat Locker
A brief mention of sponsorship introduces Threat Locker, a cybersecurity solution provider:
Lauren Verno shares:
"Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance." (07:30)
Threat Locker offers tools to protect organizations from zero-day exploits and supply chain attacks, with US-based support ensuring smooth onboarding and operation. For more information, listeners are directed to visit threatlocker.com.
6. Cyberattack on AI Company I Learning Engines
The episode highlights a significant breach affecting an AI firm:
- Incident Overview:
- Company: I Learning Engines.
- Impact: Theft of a $250,000 wire payment.
- Method: Hackers accessed the network, misdirected the payment, and deleted several email messages.
- Recovery Status: The wire payment has not been recovered.
Lauren Verno notes:
"I Learning Engines provides automation tools to more than a thousand companies in various sectors including healthcare, education, and retail." (09:10)
The attack underscores the vulnerability of companies handling automation tools across diverse industries.
7. Phobos Ransomware Operator Extradited to US
A notable development in international cybercrime is discussed:
- Details:
- Accused: Russian national linked to the Phobos ransomware operation.
- Extradition: From South Korea to the United States.
- Phobos Ransomware: Active since 2020, responsible for breaches of over 1,000 entities globally.
- Financial Impact: Over $16 million in ransomware payments.
- Charges: 13 count indictment, potential 20 years in prison per wire fraud charge.
Lauren Verno states:
"He is accused of facilitating the distribution of ransomware, extorting victims, and profiting from the attacks." (10:25)
This case highlights ongoing international efforts to combat ransomware activities.
8. Palo Alto Responds to Fourth Exploited Flaw
Security updates from Palo Alto Networks are covered:
- Vulnerability Details:
- Affected Product: Expedition firewall management tool.
- Issue: Critical, unauthenticated remote code execution vulnerability.
- Exploitation: Active exploitation, marking the fourth vulnerability in Expedition within a week.
- Response: Palo Alto has released patches to address the issue and is actively mitigating threats.
Lauren Verno mentions:
"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)
The rapid succession of exploited flaws emphasizes the need for vigilant security measures.
9. Oklahoma Medical Center Hit by Ransomware
A significant ransomware attack impacts healthcare:
- Incident Overview:
- Facility: Great Plains Regional Medical Center, Oklahoma.
- Affected Individuals: Over 133,000 notified.
- Compromised Data: Personal information including names, Social Security numbers, health insurance details, and medical records.
- Timeline: Early September 2024.
- Attackers' Claim: No threat actor has taken credit yet.
Lauren Verno reports:
"The attackers accessed and encrypted files, exfiltrating sensitive information." (13:05)
This attack highlights the ongoing threats to healthcare data security.
10. Upcoming Segment: Cybersecurity Talent and Gatekeeping
The episode teases an upcoming discussion on cybersecurity talent acquisition:
Lauren Verno states:
"In working in cybersecurity, you need an inquisitive mind with an eye for problem solving. Yet so many organizations are turning a blind eye to talent who lack technical degrees." (14:20)
Listeners are invited to tune into the next episode where the topic "Once you show me your diploma, I'll explain why we don't gatekeep" will be explored, addressing how organizations can broaden their criteria to attract diverse talent for their security programs.
Notable Quotes
-
Lauren Verno:
"Exploitable flaws could lead to denial of service attacks, physical infrastructure damage, or compromised customer information." (00:06)
-
Lauren Verno:
"Sextortion scams are getting more sophisticated." (04:45)
-
Lauren Verno:
"This marks the fourth vulnerability in Expedition to be exploited in just a week." (11:50)
Conclusion
This episode of Cyber Security Headlines by CISO Series provides a comprehensive overview of critical cybersecurity issues impacting various sectors, from infrastructure and web platforms to healthcare and international cybercrime. The detailed discussions underscore the evolving nature of cyber threats and the importance of proactive security measures. Additionally, the episode highlights the ongoing challenges in talent acquisition within the cybersecurity field, setting the stage for an insightful future discussion.
For more in-depth coverage of these headlines, listeners are encouraged to visit CISOseries.com.