Transcript
CISO Series Host (0:00)
From the CISO series, it's Cybersecurity Headlines.
Steve Prentiss (0:07)
These are the cybersecurity headlines for Thursday, March 6, 2025. I'm Steve Prentiss. Former Top NSA Cyber official protests probationary firings Rob Joyce, the NSA's former top cybersecurity official, told Congress on Wednesday that current administration led efforts to fire large numbers of probationary federal employees will be devastating for US Cybersecurity operations. Speaking at the House Select Committee on the Chinese Communist Party, Joyce, who retired last year, stated that countering Chinese hacking campaigns needs top level cybersecurity talent at the NSA and other government agencies. Probationary federal employees are those who have been in their current positions for less than a year, though in many cases those employees have worked other positions in the federal government over their careers. Differing Names for hackers hinders law enforcement says security agent According to an article in cyberscoop, an investigator who cannot be named stated during a speech that could not be quoted in the article that malicious hackers take full advantage of the lack of standardized names for their operations since the justice system was set up long ago and is not built for the sophistication of international criminal cyber gangs. One particular problem involves the fact that the groups make use of the Public Access to Court Electronic Records System, otherwise known as pacer. They use it to study affidavits and to learn how investigations are opened and conducted. In addition, the agent there are disincentives for law enforcement agencies and agents from different districts to work together. Everyone wants to get theirs and everyone wants their stats because that's what they're judged on. End quote. Google releases AI scam detection for Android to fight conversational fraud Conversational fraud, in which a threat actor involves a potential victim in a live text based conversation to help them part with their money, is now being addressed by this new AI app that can flag suspicious patterns and deliver real time warnings over the course of a conversation without sacrificing user privacy, end quote. This Android model runs completely on device and applies only to conversations with phone numbers that are not in the device's contact list. Google emphasized that conversations remain private and that if customers choose to report a chat as spam, then sender details and recent messages with that sender are shared with Google and carriers. This feature is launching in English first in the us, the UK and Canada, with broader expansion planned for a later date. CISA adds Linux kernel and VMware ESXi and workstation flaws to Kev. These latest additions to the known Exploited Vulnerabilities catalog involve a Linux kernel use of uninitialized resource vulnerability and three vulnerabilities in VMware ESXi specifically, an arbitrary write vulnerability, a time of check time of use race condition vulnerability, and a fusion information disclosure vulnerability. Interestingly, Amnesty International stated that the Linux kernel vulnerability was likely used by cellebrite's mobile forensic tools to unlock the Android phone of a Serbian student activist. This is a story we reported on yesterday. Since these have been applied to the KEV, federal agencies are required to fix them by March 25th. Thanks to this week's episode's sponsor ThreatLocker ThreatLocker is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com that is thr eat locker.com US charges Chinese infrastructure Hackers as quoted in bleeping computer the U.S. justice Department has charged Chinese state security officers, along with APT27 and ISOON hackers for network breaches and cyber attacks that have targeted victims globally since 2011. ISOON is spelt lowercase I hyphen uppercase s and then lowercase oon isoon. The victims include US Federal and state government agencies, foreign ministries of multiple governments in Asia, U S based dissidents, as well as a prominent religious organization in the United States. Isoon also goes by the name ANJUN Information Technology, I.e. aNXUN Venezuelans arrested for ATM jackpotting Two individuals, both Venezuelan nationals, were arrested in Illinois for jackpotting ATMs in New York and possibly also in Massachusetts and Illinois. Jackpotting refers to the installation of malware on the hard drive of an ATM or replacing the drive entirely with an infected device. It is believed that these attacks netted the thieves approximately $187,000. They have now been charged with bank theft and conspiracy to commit bank theft and face up to 10 years in prison. Ransomware Group claims Tata attack following up on a story we covered last month, the cybercrime group Hunters International has now claimed responsibility for a cyber attack on Indian engineering firm Tata Technologies and is threatening to leak 1.4 terabytes of its data. This week, the group added Tata to their Tor based leak site and is threatening to make all the data public within the next six days. Silk Typhoon Evolves to exploit Common IT Solutions the Chinese espionage group Silk Typhoon, also known as Hafnium, has been identified by security researchers at Microsoft Threat Intelligence to be increasingly exploiting common IT solutions such as remote management tools and cloud applications to gain initial access. Silk Typhoon is one of the best resourced and technically adept state sponsored threat actors targeting IT services, healthcare, government agencies and higher education institutions globally. Recent activity by the group includes abusing stolen API keys and credentials from privileged access management systems, cloud application providers and cloud data management companies. These activities allow the group to infiltrate downstream customer environments, conduct reconnaissance, and exfiltrate Data related to U.S. government policy, legal processes and other areas of strategic interest. Microsoft says the group also uses password spray attacks, scanning public repositories like GitHub for leaked corporate passwords. We've seen a wave of attempts at platform consolidation across the Security Operations center, but will the unique challenges of the SOC ultimately favor a more modular approach? That's what we're digging into on this week's episode of Defence In Depth. Look for the episode Is there an increasing consolidation of vendors in the SoC? Wherever you get your podcasts, I'm Steve Prentiss reporting for the CISO series.