Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:07)
These are the cybersecurity headlines for Monday, March 3, 2025. I'm Steve Prentiss. Hegseth orders Cyber Command to stand down on Russia planning According to an exclusive report from the Record, Defense Secretary Pete Hegseth has ordered US Cyber Command to halt all planning against Russia offensive cyber actions. The directive was given to Cyber Command Chief general Timothy hall, who related to Marine Corps Major general Ryan Heritage. The order does not extend to the National Security Agency or its signals intelligence efforts. The full scope remains unclear, but it aligns with White House efforts to normalize relations with Moscow following the invasion of Ukraine. SolarWinds CISO says security executives are nervous about personal legal liability for breaches Speaking at Cyber Law, Con Brown, who was the highest ranking security official during the 2020 SolarWinds hack, which was linked to Russian intelligence, noted that CISOs are increasingly uncertain about their legal risks, fearing liability while trying to implement strong security measures. Other security executives, he said, are quote re evaluating how they publicly discuss their cybersecurity programs, end quote. He also noted that holding individuals liable for breaches can distract or hinder CISOs in effectively managing the aftermath of cyber attacks. End quote. Microsoft Hangs up on Skype after 14 years a decade and a half after being brought in as a replacement for Windows Live messenger, users of the video, call and messaging service will now be asked to switch to teams free. Their contacts, call logs and messages will be automatically migrated once they log into their accounts. Users who do not want to switch to teams can export their data, including chat history and images shared in messages. But this must all happen by May 5th. Mark Cuban offers to fund government tech unit that was cut this unexpected offer of support was posted on the social network Bluesky and urged the displaced engineers and designers to turn the upheaval to their advantage. Referring to the 18F Technology Unit of the government's General Services Administration, Cuban if you worked for 18F and got fired group together to start a consulting company, it's just a matter of time before Doge needs you to fix the mess they inevitably created. They will have to hire your company as a contractor to fix it, but on your terms. I'm happy to invest and or help. The 18F unit had reportedly built, amongst other things, login.gov, a secure and private way for the public to access services at government agencies including Social Security and the Department of Veterans affairs, thanks to this week's episode's sponsor, ThreatLocker. ThreatLocker is a global leader in zero trust endpoint security offering cybersecurity controls to protect businesses from zero day attacks and ransom. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com that is threat locker.com Ransomware gangs exploit Paragon Partition Manager bug in BYO VD attacks Microsoft has discovered five flaws in the Paragon Partition Manager driver. One of these has been used by ransomware gangs in zero day attacks to gain system privileges in Windows. These were exploited in bring your own vulnerable driver attacks, where threat actors drop the kernel driver on a targeted system to elevate privileges or cause a denial of service scenario on the victim's machine. US recovers $31 million stolen in 2021 Uranium Finance hack this cryptocurrency was originally stolen in 2021 on Uranium Finance, a DEFI protocol on Binance's BNB chain. Hackers exploited vulnerabilities in its smart contracts, leading to its collapse and significant investor losses. Blockchain intelligence firm TRM Labs collaborated with the Southern District of New York and Homeland Security Investig track the stolen assets by analyzing laundering patterns and tracing transactions through tornado cash and cross chain swaps. Law enforcement successfully seized the funds in February of this year, marking one of the most significant cryptocurrency recoveries in recent years. Microsoft Identifies Generative AI hacking for Hire Scheme Hackers following up on a story we have been covering over the last few weeks, Microsoft has now identified individuals from Iran, China, Vietnam and the UK as key players in an international scheme to hijack and sell Microsoft accounts capable of bypassing generative AI safety guidelines. In December, Microsoft petitioned a Virginia court to seize infrastructure from 10 unnamed individuals accused of running a hacking as a service operation using stolen API keys. These compromised accounts provided unauthorized access to Azure OpenAI to generating harmful content, including falsified celebrity imagery. Microsoft's Digital Crimes Unit is leading the legal effort to shut down the operation, though specifics on the safety violations were not disclosed. Philippine Army Suffers a Cyber Attack the Philippine army confirmed a cyber attack after a local hacking group claimed to have breached its systems and accessed confidential documents. Army spokesperson colonel Louis Dema Alla described it as an illegal access attempt that was swiftly contained with no detected data theft or damage. However, digital security group Deep WebConnect reported that hacker group Exodus Security claimed responsibility, alleging it had compromised 10,000 records of active and retired service members. The leaked data reportedly includes personal, military and financial details, although its authenticity and exact volume remain unverified. It's only Monday, but that doesn't mean you shouldn't be thinking about Friday already. That's because we've got a great Super Cyber Friday event happening this week at 1pm Eastern, 10am Pacific. This week we're talking about the commodification of cybercrime, digging into how your security program needs to change now that the barrier to entry on malware is down to almost nothing. Head on over to the events page on cisoseries.com to register to join us this Friday. I'm Steve Prentiss, reporting for the CISO series.