Transcript
Steve Prentiss (0:00)
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, April 11, 2025. I'm Steve Prentiss. President orders probe of former CISA Director Chris Krebs President Donald Trump signed an executive order on Wednesday intended to remove the security clearance of Chris Krebs, who had served as director of CIS, who was fired in 2020 after having stated that there had been no technological issues with the presidential election. The executive order not only directs agencies to revoke Krebs security clearance, but also to suspend those held by individuals at entities associated with Krebs, including the cybersecurity firm Sentinel 1, where he is the chief intelligence and public policy officer. This directive is pending a review of whether such clearances are consistent with the national interest, According to a sheet supplied by the White House, Nissan Leaf cars can be hacked for remote spying and physical takeover Researchers at PC Automotive, a pen testing and threat intelligence company specializing in the automotive and financial sectors, revealed the hacking potential last week At Black Hat Asia 2025, focusing on the second generation Nissan Leaf made in 2020, they were able to use the infotainment system's Bluetooth capabilities to infiltrate the car's intern. They were then able to escalate privileges and establish a command and control channel over cellular communications to maintain stealthy and persistent access to the vehicle directly over the Internet, up to and including being able to control the steering while the car was in motion. Infosec experts warn of China typhoon retaliation against tariffs Referring to the White House imposition of tariffs on China, cybersecurity adviser Tom Kellerman warns that China may retaliate with systemic cyber attacks as tensions simmer over. Speaking to the Register, he points out how the various typhoon campaigns have, quote, given them a robust foothold within critical infrastructure that will be used to launch destructive attacks. He continued, trade wars were a historical instrument of soft power. Cyber is and will be the modern instrument of choice. In a separate interview with the Register, Annie Fixler, director of the center on Cyber and Technology Innovation at the foundation for Defense of Democracies, said, to the extent that China is holding back on conducting certain types of cyber attacks, it may feel less restrained now. Germany links cyberattack on research group to Russian state backed hackers German authorities are suggesting that a Russian state backed hacking group, likely APT 29, also known as Cozy Bear, was responsible for a recent cyber attack on the Berlin based research institute, the German association for Eastern European Studies, known as dgo. This is the second such incident involving the organization in recent months. The DGO described this second attack, which happened in March, as highly professional and which targeted email systems, bypassing enhanced cybersecurity measures put in place after a previous breach in October with suspected Russian links. End quote Huge thanks to our sponsor Nudge Security Are you struggling to Secure your exploding SaaS footprint? Nudge Security has you covered. Start a free trial today and get immediate visibility of every SaaS account ever created by anyone in your organization. With Nudge Security, you can manage access, ensure secure configurations, vet unfamiliar tools, and automate ongoing governance tasks. Visit nudgesecurity.comcososeries to get your free SaaS inventory today. That is Nudge Nudge E security.comcososeries sensor company Sensata detects ransomware attack the company, based in Attleborough, Massachusetts, provides sensors, relays, switches and other electrical components for the automotive, industrial and aerospace sectors. The company has operations in 14 countries and employs more than 18,000 people. It recently informed the Security and Exchange Commission of a cyber attack that was detected on April 6 that it described as a ransomware incident that resulted in files stored on some devices being encrypted, along with evidence of files stolen from its systems. An investigation is underway to determine exactly which files have been taken. Company representatives say this incident has impacted Sensata's operations, including shipping, receiving, manufacturing, production and various other support functions, and the full scope and impact of the incident is not yet known. Akira bot Campaign uses OpenAI generated spam bypassing CAPTCHA Researchers at SentinelOne are describing an artificial intelligence powered platform called Akira Bot being used to spam website chats, comments sections and contact forms to promote dubious SEO services such as Akira and Service Wrap Go. In a conversation with the Hacker News, the researchers described the procedure as using OpenAI to generate custom outreach messages based on the purpose of the website. What distinguishes this technique is its ability to craft content such that it can bypass spam filters. Senator Wyden to block Trump's CISA nominee due to missing telecoms report Oregon Senator Ron Wyden announced yesterday he is blocking the nomination of Sean Planky to run CISA due to the agency's refusal to release an unclassified 2022 report documenting security problems at U.S. telecommunications companies, calling the action a quote, multi year cover up of the phone company's negligent CyberSecurity. Wyden rejects CISA's statement that it cannot make the report public because of a deliberative process privilege, saying instead the report is a technical document containing factual information about US Telecom security. Cyber experts question Voluntary Pall Mall code governing the use of commercial hacking tools following up on a story we covered last week, the Pall Mall process, a joint initiative led by France and the UK has presented a voluntary code of conduct sign by 21 countries to guide the responsible use of commercial hacking tools. While cybersecurity experts say the guidelines offer modest progress, they see potential in establishing parallel guidance for the private sector. Prompted by concerns over spyware, the initiative aims to address broader commercial cyber intrusion capabilities. Participants, including former exploit brokers and vendors like NSO Group, view the process as a step toward responsible partnerships between governments and industry, ensuring cyber tools are used to target dissidents or journalists. As usual, we've got a busy Friday of live streams today. It starts at 1pm with Super Cyber Friday, where the topic will be hacking social engineering, an hour of critical thinking about how a lack of controls sets us up for financial loss. Then at 3:30pm Eastern, we have our Week in Review show. Carla Sweeney, SVP InfoSec at Red Ventures, will be our guest, providing her expert commentary on the news. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.