Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Thursday, November 21, 2024. I'm Rich Strofolino. US charges scattered spider Members According to an unsealed indictment, California prosecutors charged five members of the Pernicious Threat group for stealing sensitive data and with stealing at least $11 million in crypto assets. The group has previously been tied to attacks on MGM Resorts, Caesars and Coinbase. The five alleged members range from 20 to 25 years old, living in Florida, North Carolina, Texas and Scotland. We don't have a complete list of Scattered Spider victims tied to these specific charges, but Bloomberg sources say one of them was Riot Games. The charges also list four unnamed US Based telcos, two IT outsourcing companies and a crypto firm. One of the defendants has already pleaded guilty in a separate sim swapping case. Investigators traced another of the defendants, Tyler Buchanan, through domain registration records on malicious websites. Chinese Threat Actors infiltrate More Telcos researchers at CrowdStrike discovered a Chinese linked threat group, Liminal Panda, that's infiltrated Telco since at least 2020. The researchers found evidence of the group operating in Southeast Asia and Africa. CrowdStrike's Adam Myers told Axios that it's likely interoperability standards allowed the threat actors to access other telco networks as part of the attack, likely for cyber espionage. The tools used by the group show that they were built for bulk collection and able to search network traffic for specific keywords. If this all sounds familiar, we previously covered a similar operation run by the threat actor Salt Typhoon against US based telcos. Apple issues emergency Security Update the company issued a patch for two vulnerabilities impacting most of Apple's portfolio, including iOS, iPadOS,macOS, Sequoia, Safari and VisionOS. Researchers at Google's Threat Analysis group initially disclosed the issues to Apple. One flaw impacts JavaScript Core. The other is a cookie management issue in WebKit. The company said it found signs of active exploitation on intel based Mac systems, although no details on any threat actors targeting the voter vulnerabilities were released. These mark the sixth zero day vulnerabilities disclosed by Apple this year. Microsoft announces Big and Small Computers we covered a lot of Microsoft news Yesterday. Here are two additional items. Microsoft announced the $349 Windows 365 Link device, a thin client PC designed to access Windows 365 services and a cloud based streaming version of Windows 11 managed by Microsoft Intune. The company says the device uses secure by design principles and is framed as a super hardened version of Windows. Microsoft will also support third party Windows 365, linked devices from OEMs like HP, Dell and Lenovo, and units will ship in April 2025. In other news, Microsoft and Atom Computing announced they successfully entangled 24 logical qubits using neutral atoms held by lasers. The system could detect when neutral atoms disappeared from the machine and correct for that. The company plans to ship this technology to commercial customers next year with machines featuring over 1,000 physical qubits. Those would then be divided into logical qubits. Microsoft already offers Azure Quantum Compute Virtualization to help develop quantum error correction for the processor. And now, thanks to today's episode sponsor Threat Locker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with ThreatLocker. ThreatLocker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O c k e r.com the effectiveness of police phone 404 media obtained documents detailing the effectiveness of the phone unlocking and forensics tool Gray Key typically used by law enforcement. These documents show that Gray Key can only partially retrieve data from the most recent version of iOS iOS 18. While the leaked documents don't detail the limits of what partial data access means, a forbes report in 2018 found partial extraction at that time was limited to unencrypted files and metadata. The documents show Grey Key is much less effective against beta builds. Android phones were also more variable in effectiveness, with Pixel 9 and 8a devices being limited to partial extraction as well. TSA not implementing cybersecurity recommendations A report from the U.S. government Accountability Office or GAO criticized the Transportation Security Administration for failing to address four out of six cybersecurity recommendations it made back in 2018. The TSA did implement a plan to develop strategies to extend its cybersecurity workforce and partially updated its pipeline Security and Incident Recovery protocol plan to include cybersecurity. GAO's recommendations about ransomware best practices have not been heeded by TSA as of yet, from evaluating which transportation sectors were following best practices to aligning its directives with NIST standards, or assessing the effectiveness of federal support for organizations experiencing a ransomware attack. It also noted a lack of metrics to measure the effectiveness of TSA provisions implemented in the wake of the Colonial Pipeline attack. D Link asks you to trash your VPN router the network equipment. OEM issued an advisory recommending that users of older VPN routers replace them immediately. This comes after the company discovered a severe remote code execution flaw. The company is cagey with details and hasn't assigned a CVE number. All impacted models have already gone end of life. Most went out of support in May 2024. D Link will offer owners a 20% discount on newer supported models to spur the retirement of the now problematic routers. GitHub launches open source Security fund the Microsoft subsidiary announced it's accepting applications for the GitHub Secure Open Source Fund, which will invest $1.25 million across 125 projects. Beyond financial support, project maintainers will also receive five to 10 hours per week dedicated to security education, relevant certifications, mentorship, and access to tools like Copilot, Copilot, Autofix, and Secret Scanning. GitHub will accept an initial round of applications through January 7, 2025. Security awareness is a critical part of any security program, so why do we remain skeptical of security awareness programs? Is it just because there are now compliance obligations tied to security awareness that make them a race to the bottom? Or is there more to it than that? That's what we'll be digging into this week on Defense In Depth. The new episode just dropped, so look for our security awareness training platforms effective in your favorite podcast app, or head on over to csoseries.com reporting for the CISO series, I'm Rich Troffolino, reminding you to have a super sparkly day.