Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Thursday, April 3, 2025. I'm Sarah Lane. Security researchers with the Google Threat Intelligence Group found that North Korean IT workers have been infiltrating European companies using fake identities to secure remote jobs, generating revenue for the DPRK regime operating through platforms like Upwork and and Telegram, with payments processed through cryptocurrency to evade detection. Authorities in the US and the UK have issued sanctions and warnings as some workers have also engaged in extortion using insider knowledge. A new skimming attack using the Stripe API has been discovered where cyber criminals inject malicious JavaScript into e commerce checkout pages to steal payment information in real time. Unlike traditional skimming methods, this attack exploits the legitimate Stripe API, making it harder to detect. So far, 49 merchants have been identified as victims and experts recommend real time monitoring and secure iframe solutions to mitigate the risks. A vulnerability in Verizon's Call Filter app allowed users to access incoming call logs for other Verizon numbers through an insecure API. Security researcher Evan Connolly discovered the flaw on February 22nd and Verizon fixed it the following month. The issue stemmed from the app's API failing to verify user phone numbers, enabling unauthorized access to call histories. This posed a privacy risk, especially for high profile individuals. The API was hosted by a third party firm, Sequence, whose website is now offline, raising concerns about data security. Verizon has not yet responded to inquiries about the flaw's impact or potential exploitation. CISA has issued an alert about a powerful malware called Research used by alleged Chinese hackers to exploit a vulnerability in Avanti security tools. The malware can manipulate system integrity, harvest credentials and create backdoors allowing persistent access even after updates. Google owned Mandiant confirmed that the malware is linked to China based espionage actors who have targeted government, defense and finance sectors since back in 2020. Ivanti's integrity checker tool or ICT was also compromised, making detection harder. CISA urges administrators to reset credentials and factory reset affected Ivanti devices to mitigate risks. Huge thanks today to our sponsor Qualys. If you're overwhelmed by noise in your cybersecurity process, cut through the clutter with Qualys Enterprise True Risk Management Quantify your cyber risk in clear financial terms and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter and more efficient risk management. Your secure future starts today with Qualys Enterprise TrueRisk Management. Visit qualys.com etm for more information. GitHub has expanded its security tools after detecting over 39 million leaked secrets in repositories in 2024, including API keys and credentials. Despite measures like push protection, leaks persist due to developer habits and accidental exposure. To combat this, GitHub now offers standalone security products, free security wide secret risk assessments, enhanced push protection with bypass controls, AI powered secret detection via Copilot, and improved detection through cloud provider partnerships. Users are advised to enable push protection, avoid hard coded secrets and use secure storage methods. Google DeepMind has developed a new AI evaluation framework to identify weaknesses in adversarial AI attacks, helping cybersecurity defenders prioritize their strategies. Their research found AI security frameworks to be inconsistent and ineffective. DeepMind analyzed over 12,000 AI driven site cyber attacks and identified 50 key attack challenges. Their study suggests that AI is currently ineffective in certain attack phases, providing defenders with crucial points to break attack chains. The framework also helps AI developers enhance security by addressing vulnerabilities. DeepMind's approach aims to improve cybersecurity defenses against evolving AI powered threats. Europol announced the takedown of the large web sexual child abuse material, or CSAM platform Kidflix, leading to 79 arrests and the seizure of tens of thousands of illegal videos. Authorities identified 1,393 suspects out of 1.8 million platform users, with 39 children rescued. The operation, involving 35 countries, was the largest of its kind in Europol's history. German and Dutch officials seized servers containing 72,000 videos, with estimates suggesting the platform hosted up to 91,000 unique videos. Offenders paid with cryptocurrency and earned tokens by categorizing content. A surge in generative AI scraper bot activity known as gray bots is increasingly impacting web applications, according to a report by Barracuda. Bots like claudebot from Anthropic and bytespider from TikTok aggressively collect online data, disrupting web traffic, distorting analytics, increasing hosting costs and raising compliance risks. Unlike traditional bots, these AI scrapers maintain steady traffic, making mitigation difficult. Organizations are advised to deploy AI powered bot defense systems as simple measures like robots txt are often ignored. The rise of these bots raises ethical, legal and commercial concerns regarding AI driven data collection. Did you know that AI can fill out your security questionnaire for you? Well, if you didn't, you've missed all cybersecurity marketing in the last couple of years. Getting rid of the questionnaire grunt work is huge, but it's the tip of the iceberg regarding how AI can help us deal with risk. But where are the biggest opportunities? That's what we discuss in our latest episode of Defense In Depth. Look for the episode Can AI Improve Third Party Risk Management? Wherever you get your podcasts.