Cyber Security Headlines – Episode Summary

Podcast Information:

• Title: Cyber Security Headlines
• Host/Author: CISO Series
• Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
• Episode: Scattered Spider arrest, telcos attacked, Apple exploit
• Release Date: November 21, 2024

1. Scattered Spider Arrest: Major Cybercrime Charges Filed

In a significant crackdown on cybercriminal activities, California prosecutors have charged five members of the notorious Scattered Spider group, also known as Pernicious Threat, with stealing sensitive data and illicitly obtaining at least $11 million in cryptocurrency assets.

Key Details:

• Targets: The group has been linked to high-profile attacks on companies such as MGM Resorts, Caesars, and Coinbase. Bloomberg sources revealed that Riot Games is among the victims connected to these specific charges.
• Defendants: The alleged members, aged between 20 to 25, reside in Florida, North Carolina, Texas, and Scotland. One defendant has already pleaded guilty in a separate SIM swapping case.
• Modus Operandi: Tyler Buchanan, one of the defendants, was identified through domain registration records linked to malicious websites.

Notable Quote:

“The charges list four unnamed US-based telcos, two IT outsourcing companies, and a crypto firm,” Rich Strofolino stated at [00:06].

2. Chinese Threat Actors Targeting Additional Telcos

Researchers at CrowdStrike have uncovered that the Chinese-linked threat group Liminal Panda has infiltrated telecommunications companies across Southeast Asia and Africa since at least 2020. This group is suspected of conducting cyber espionage operations.

Key Insights:

• Techniques: Liminal Panda utilizes interoperability standards to access multiple telco networks. Their tools are designed for bulk data collection and can search network traffic for specific keywords.
• Comparative Analysis: This operation mirrors previous activities by the threat actor Salt Typhoon, which also targeted US-based telcos.

Notable Quote:

“It's likely interoperability standards allowed the threat actors to access other telco networks as part of the attack, likely for cyber espionage,” explained Adam Myers from CrowdStrike to Axios at [00:06].

3. Apple Issues Emergency Security Update for Critical Vulnerabilities

Apple has released an urgent security patch addressing two critical vulnerabilities that affect a broad range of its products, including iOS, iPadOS, macOS, Sequoia, Safari, and VisionOS. These vulnerabilities were initially disclosed by researchers from Google's Threat Analysis Group.

Vulnerabilities Addressed:

• JavaScript Core Flaw: Potential exploitation points within Apple's JavaScript processing engine.
• WebKit Cookie Management Issue: A vulnerability in WebKit's handling of cookies that could be exploited for unauthorized access.

Impact:

• Active exploitation detected on Intel-based Mac systems.
• This update marks the sixth zero-day vulnerability disclosed by Apple in 2024.

Notable Quote:

“We found signs of active exploitation on Intel-based Mac systems,” the host reported at [00:06].

4. Microsoft Announces Innovative Computing Solutions and Quantum Advances

Microsoft has introduced two significant products aimed at enhancing cloud computing and quantum computing capabilities:

a. Windows 365 Link Device:

• Price: $349
• Features: A thin client PC designed to seamlessly access Windows 365 services. It emphasizes security by design, offering a hardened version of Windows.
• Availability: Devices will ship in April 2025, with support for third-party devices from OEMs like HP, Dell, and Lenovo.

b. Quantum Computing Breakthrough:

• Collaboration: Microsoft and Atom Computing have successfully entangled 24 logical qubits using neutral atoms held by lasers.
• Future Plans: Aiming to deliver machines with over 1,000 physical qubits to commercial customers by next year, divided into logical qubits. Microsoft’s Azure Quantum Compute Virtualization will support quantum error correction for these processors.

Notable Quote:

“The device uses secure by design principles and is framed as a super hardened version of Windows,” Rich Strofolino highlighted at [00:06].

5. Effectiveness of Police Phone Unlocking Tool GrayKey

Recent documents obtained by 404 Media reveal limitations in the effectiveness of GrayKey, a phone unlocking and forensics tool used by law enforcement.

Key Findings:

• iOS 18 Limitations: GrayKey can only partially retrieve data from the latest iOS version. In 2018, partial extraction was confined to unencrypted files and metadata.
• Effectiveness on Android: Varied success, with devices like Pixel 9 and 8a limited to partial data extraction.
• Beta Builds: GrayKey is notably less effective against beta versions of iOS.

Notable Quote:

“The documents show Grey Key is much less effective against beta builds,” the host noted at [00:06].

6. TSA Fails to Implement Critical Cybersecurity Recommendations

A report from the U.S. Government Accountability Office (GAO) has criticized the Transportation Security Administration (TSA) for not addressing four out of six cybersecurity recommendations made in 2018.

Areas of Concern:

• Cybersecurity Workforce: Only a partial plan was implemented to extend the cybersecurity workforce.
• Ransomware Best Practices: TSA has yet to adopt best practices, including evaluating sector compliance, aligning directives with NIST standards, and assessing federal support effectiveness during ransomware attacks.
• Metrics Deficiency: Lack of metrics to measure the effectiveness of TSA’s post-Colonial Pipeline attack provisions.

Notable Quote:

“GAO's recommendations about ransomware best practices have not been heeded by TSA as of yet,” Rich Strofolino reported at [00:06].

7. D-Link Advises Replacement of Vulnerable VPN Routers

D-Link has issued an advisory urging users to replace older VPN routers due to the discovery of a severe remote code execution (RCE) vulnerability. The affected models have already reached end-of-life, with most support ending in May 2024.

Action Steps:

• Replacement Incentive: D-Link is offering a 20% discount on newer, supported models to encourage users to retire the problematic routers.
• Details: The company remains vague on the specifics of the vulnerability and has not assigned a CVE number.

Notable Quote:

“All impacted models have already gone end of life,” the host emphasized at [00:06].

8. GitHub Launches Secure Open Source Fund to Enhance Project Security

GitHub, a subsidiary of Microsoft, has unveiled the GitHub Secure Open Source Fund, aimed at bolstering the security of open-source projects. The fund will allocate $1.25 million across 125 projects.

Support Provided:

• Financial Grants: Direct funding to support security initiatives within projects.
• Educational Resources: Five to ten hours per week of security education, including relevant certifications and mentorship.
• Tools and Technologies: Access to advanced tools such as Copilot, Autofix, and Secret Scanning.

Application Details:

• Deadline: Initial round of applications is open until January 7, 2025.

Notable Quote:

“GitHub will accept an initial round of applications through January 7, 2025,” the host announced at [00:06].

Conclusion

In this episode of Cyber Security Headlines, host Rich Strofolino delivered a comprehensive overview of some of the most pressing cybersecurity issues of the day. From significant arrests within the Scattered Spider group to vulnerabilities in major tech companies like Apple and Microsoft, the discussion provided valuable insights into the evolving landscape of information security. Additionally, reports on government agency shortcomings and proactive measures by companies like GitHub underscore the multifaceted approach necessary to tackle cyber threats effectively.

For more detailed stories and daily updates, listeners are encouraged to visit CISOseries.com.

Notable Quotes Recap:

• [00:06]: “The charges list four unnamed US-based telcos, two IT outsourcing companies, and a crypto firm.”
• [00:06]: “It's likely interoperability standards allowed the threat actors to access other telco networks as part of the attack, likely for cyber espionage.”
• [00:06]: “We found signs of active exploitation on Intel-based Mac systems.”
• [00:06]: “The device uses secure by design principles and is framed as a super hardened version of Windows.”
• [00:06]: “The documents show Grey Key is much less effective against beta builds.”
• [00:06]: “GAO's recommendations about ransomware best practices have not been heeded by TSA as of yet.”
• [00:06]: “All impacted models have already gone end of life.”
• [00:06]: “GitHub will accept an initial round of applications through January 7, 2025.”

This summary captures the critical elements discussed in the episode, providing a clear and detailed overview for those who haven’t listened. For the full conversation and additional insights, visit CISOseries.com.