← Cybersecurity Headlines
Loading summary
Transcript3 lines
- [00:00]
CISO Series Host
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
Sean Kelly
These are the cybersecurity headlines for Tuesday, January 21, 2025. I'm Sean Kelly. HPE investigates breach claims Last Thursday, well known hacker Intel Broker alleged they're selling data from the systems of Hewlett Packard Enterprise. Intel Broker claims the compromised data includes source code for Zerto and ilo products, private GitHub repositories, digital certificates, Docker Build and personal info from old user deliveries. Intel Broker also says they're offering access to some HPE services including APIs, WePay, GitHub and GitLab. The company confirmed it's investigating the claims and says so far they have not experienced any operational impacts. Former CIA analyst pleads guilty for sharing Top Secret Files 34 year old Asif William Roman of Vienna is facing up to 10 years behind bars for sharing top secret documents on social media. The DOJ J said Rahman was employed with the CIA since 2016 and repeatedly printed out classified documents before taking them home, where he altered them to try and conceal their source. Reports suggest the incident included top secret documents about Israel's military plans to retaliate against Iran following Iranian ballistic missile strikes in October. Rahman leaked the documents on social media, resulting in a major embarrassment to the Pentagon and causing massive geopolitical tension in the Middle East. In addition to altering documents and journal logs, Reman also tried to hide his tracks by destroying a personal smartphone and router he used to upload the classified information, ultimately discarding them into a public trash bin. Data of Nearly half a million hotel guests Exposed Customers of some of the world's best known hotel chains had their personal information compromised after a threat actor gained unauthorized access to hotel management software provider Otellier data breach notification site HaveIBeenPwned added almost a half a million unique accounts from the breach to its database over the weekend. Hibp indicated that the threat actor used the access to hotelier systems to exfiltrate customer data from hotel chains including Marriott, Hilton and Hyatt. Stolen data included 437,000 customer email addresses, names, physical addresses, phone numbers, booking and purchase information, and partial credit card data. Researchers at dark web monitoring firm White intel said that the incident likely stemmed from InfoStealer malware. Yubico warns of two FA security flaw affecting Linux and macOS users Yubico has released a security advisory warning of a high risk vulnerability within the software module that supports two factor authentication for Linux and macOS platforms. This issue allows for partial bypass of two FA protections when using Yubikeys and other FIDO compatible authenticators. This flaw primarily affects systems running on PAM U2F versions prior to 1.3.1 and stems from the authentication authentication process not correctly handling certain errors. Yubico recommends that all affected customers immediately upgrade to the latest version of PAM U2F to mitigate the vulnerability. And now we'd like to thank today's episode sponsor Vanta. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's V A N T A dot com sl headlines cyber threats are lurking in YouTube comments a new study from Trend Micro highlights the rising danger posed by comments on YouTube videos. According to their findings, a significant number of comments contain phishing links or direct users to dangerous websites that host Luma or Vidar stealers. Some hackers are also leveraging file sharing platforms like Mega and Mediafire to distribute malware. The responsibility to protect viewers from these risks often falls on content creators who should vigilantly monitor and manage comments posted beneath their videos. Failure to do so could result in the platform removing their content, especially if the creator was complicit in allowing harmful practices for personal gain. Ukraine's State registers restored following cyber attack the infrastructure of Ukraine's state registers has been fully restored following a large scale cyber attack back on December 19, which was a trip contributed to Russia's military intelligence services. Ukraine's Minister of Justice and Deputy Prime Minister for European and Euro Atlantic Integration of Ukraine, Ola Stefanishina, announced in a Facebook post Monday that the Unified and State registers were now fully operational. Stefanishnya added that Russian attackers were unsuccessful in their objectives during the cyber attack and that no information from the registers was compromised. The Ministry of Justice is now updating the registers to add data entered during the restoration period. Stefanishnya said the Ukrainian government has learned important lessons from this attack and is implementing key changes to its processes. Phishing found most common smartphone Security issue For consumers the 4th Annual Mobile Device Security Scorecard from Omdia revealed the most prominent mobile security issue faced by consumers across the globe was phishing scams. 24% of respondents say they experienced phishing texts, emails or calls. The research also included hands on device testing, which revealed that Samsung S24 offers the best anti phishing protection, while Google Pixel 9 Pro leads with many other security features. The test showed that iPhone 16 Pro and other premium Android smartphones from Honor, Xiaomi and OnePlus are lacking in robust security protections. OMDIA sees value in smartphone vendors offering phishing safeguards to help protect consumers. The report also revealed the second most common security issue reported by consumers was malware and viruses, followed by physical theft. Employees of Failed startups at risk of Stolen Personal Data Dylan Airey, co founder and CEO of Truffle Security, discovered that malicious hackers could potentially buy the defunct domains of failed startups and use them to log into employee cloud accounts. To test the flaw, ARRI bought one failed startup's domain and from it was able to log into ChatGPT, Slack, Notion, Zoom, and an HR system containing Social Security numbers. ARRI used former employee emails to take advantage of the sign in with Google option to access the apps. Startup employees are more vulnerable because startups tend to use Google's apps and cloud software to run their businesses. Google does have tech in its OAuth configuration, called a subidentifier. That should prevent the risks outlined by Arri, but only if the SaaS Cloud provider uses it. While an employee might have multiple email addresses attached to their Google account, the account should only ever have one sub identifier. Google says the ultimate fix is for founders shuttering a company to ensure they properly close all of their cloud services. And that does it for today's cybersecurity headlines. We may have awakened this morning with a new US President, but we also woke up with a new episode of the CISO Series podcast. Everyone's familiar with the dangers of third party data breaches, but do we also need to worry about the vendors used by our third parties? So how deep and how often do our security audits have to go? And what does this mean for an organization's incident response strategy? That's one of the topics we'll dig into on our latest episode of the CISO Series podcast. Look for fourth party data breach. We can barely catch the first party ones. Wherever you get your podcasts, thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly.
- [08:43]
CISO Series Host
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.