Cyber Security Headlines – Episode Summary

Podcast Information:

• Title: Cyber Security Headlines
• Host/Author: CISO Series
• Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
• Episode: Regulator limits phone use, Hacked police emails, UK seniors scammed
• Release Date: November 11, 2024

Host: Sean Kelly

U.S. Financial Regulator Limits Cell Phone Use at Work

Timestamp: [00:15]

The episode opens with Sean Kelly discussing a significant directive from the Consumer Financial Protection Bureau (CFPB). Due to the escalating threat from the China-linked Advanced Persistent Threat (APT) Group SALT Typhoon, the CFPB has instructed its employees to minimize cell phone usage during work hours. This move comes in response to SALT Typhoon's recent breaches of major telecom providers.

Instead of relying on personal cell phones, the CFPB is encouraging the use of secure platforms like Microsoft Teams and Cisco WebEx for meetings and any communications involving non-public data. Sean Kelly emphasizes, “The CFPB clarified that the directive is a risk mitigation measure and that there is no evidence that the agency has been impacted by the Telecom incidents” (00:45).

Established in 2011, the CFPB plays a crucial role in protecting consumers within the financial sector, ensuring fair, transparent, and competitive financial markets.

FBI Warns of Spike in Hacked Police Emails and Fake Subpoenas

Timestamp: [02:10]

Sean Kelly highlights an urgent warning from the FBI regarding a surge in hacked police email accounts. These compromised accounts are being used to send unauthorized subpoenas and Emergency Data Requests (EDRs) to U.S.-based technology companies. EDRs aim to obtain various user account information, such as email addresses and browsing history, without requiring official review or court-approved documents.

The FBI has observed an increase in government and law enforcement credentials appearing on cybercrime forums, alongside information about the EDR request process. A notable cybercriminal, known by the aliases Pwnestar and Ponipotent, is reportedly selling fake EDR scam packages ranging from $1,000 to $3,000 per successful request. This hacker even offers a full refund if the EDR requests fail.

Addressing this issue, Matt Donahue, founder of the startup Codex and a former FBI agent, stated, “Far too many police departments in the US and other countries often do not enforce basic account security precautions such as requiring phishing-resistant multi-factor authentication” (05:30). Codex is actively working to combat fake EDRs by collaborating with data providers to aggregate information about EDR submitters, facilitating the identification of unauthorized requests.

Scammers Target UK Seniors with Winter Fuel Payment Texts

Timestamp: [07:20]

As winter approaches, senior citizens in the UK are falling victim to sophisticated scam texts related to winter fuel payments and cost-of-living support. These fraudulent messages exploit the recent controversial decisions by the UK government to cut winter fuel payments for approximately 10 million pensioners.

Victims receiving these bogus texts are directed to malicious websites designed to harvest personal and payment information. To date, researchers have identified 597 domains associated with this campaign. Sean Kelly advises UK residents to refrain from clicking on such links and to forward any suspected scam texts to 7726. Additionally, phishing emails should be reported to reportishing.gov.uk.

New iPhone Reboot Feature May Hinder Police Unlock Efforts

Timestamp: [09:50]

A notable development in mobile security was discussed, where Sean Kelly reports on a new feature in iOS 18.1 that causes iPhones stored for forensic examination to reboot themselves after four days in a locked state. Post-reboot, these iPhones become significantly harder to unlock using password-cracking tools.

Security experts have lauded this feature as a substantial enhancement in device security. However, law enforcement authorities may view it as a potential obstacle to their investigative processes. The balance between user security and law enforcement needs continues to be a topic of debate within the cybersecurity community.

Malicious PyPi Package 'Fabrice' Steals AWS Credentials

Timestamp: [12:30]

Sean Kelly brings attention to a troubling issue within the Python development community. The application security firm Socket has identified a malicious Python package named Fabrice (F-A-B-R-I-C-E) that has been present in the Python Package Index (PyPi) since 2021. This package is designed to steal Amazon Web Services (AWS) credentials from unsuspecting developers.

With over 37,000 downloads, Fabrice leverages typosquatting, mimicking the legitimate and widely-used Fabric package, which boasts more than 200 million downloads. This tactic increases the likelihood of inadvertent installations by developers.

To mitigate the risks posed by typosquatting, Sean Kelly suggests implementing both manual and automated checks of PyPi downloads and restricting permissions through AWS Identity and Access Management (IAM).

Windows 11 Updates Disrupt SSH Connections

Timestamp: [15:00]

Recent security updates released by Microsoft for Windows 11 have inadvertently caused disruptions in SSH (Secure Shell) connections. Users operating on Windows 11 versions 2022 H2 and 23 H2 have reported that SSH services fail without generating detailed logs, necessitating manual intervention to restart the SSHD.EXE process.

Microsoft acknowledges that only a limited number of devices are affected and is actively investigating whether the issue impacts both Home and Pro editions of Windows 11. In the interim, a temporary fix has been provided, which involves updating the Access Control List (ACL) permissions on the affected directories to restore SSH functionality.

Google Enhances Chrome’s Protection with AI-Powered Features

Timestamp: [17:45]

In an update to Google Chrome's Safe Browsing feature, the Enhanced Protection mode now incorporates AI-powered protection, previously referred to as proactive protection. Sean Kelly explains that this advancement allows Chrome to detect and alert users about potentially harmful websites, even those that have not been previously identified in Google's databases.

With Enhanced Protection enabled, Chrome conducts more thorough scans on downloads and strengthens protection across all of Google's services when users are signed in. Currently, Google is retesting this AI feature in Chrome Canary, with no official timeline announced for a broader rollout to all users.

Mazda Connect Vulnerabilities Allow Vehicle Hacking

Timestamp: [20:15]

The episode concludes with a report on vulnerabilities discovered in the Mazda Connect infotainment system. Trend Micro's Zero Day Initiative has identified multiple flaws that could permit attackers to execute code with root privileges. These vulnerabilities stem from improper input sanitization within the Mazda Connect CMU.

Exploiting these vulnerabilities requires physical access to the vehicle, where an attacker would need to connect a specially crafted USB device, such as an iPod or mass storage device, to the target system. The affected models include the Mazda 3 from 2014 through 2021. Currently, these issues remain unpatched, and there are no known vulnerabilities in the latest firmware versions.

Sean Kelly underscores the importance of addressing these vulnerabilities promptly to prevent potential exploitation and ensure the security of vehicle infotainment systems.

Conclusion

Sean Kelly wraps up the episode by reminding listeners that more in-depth stories behind these headlines are available at CISOseries.com. For those who enjoy the daily cybersecurity news, additional content, including the Week in Review and live stream demos, can be found on the CISO Series YouTube channel.

Notable Quotes:

• Sean Kelly: “The CFPB clarified that the directive is a risk mitigation measure and that there is no evidence that the agency has been impacted by the Telecom incidents.” (00:45)

• Matt Donahue (Codex Founder & Former FBI Agent): “Far too many police departments in the US and other countries often do not enforce basic account security precautions such as requiring phishing-resistant multi-factor authentication.” (05:30)

For More Information: Visit CISOseries.com to explore detailed stories and stay updated with the latest in cybersecurity news.