← Cybersecurity Headlines
Cybersecurity Headlines
Stoli U.S. bankrupts, German Crimenetwork seized, FBI telecom advisory
00:09:11
Loading summary
Transcript1 lines
- [00:00]
Sean Kelly
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, December 4, 2024. I'm Sean Kelly. Stolie files for bankruptcy in US after ransomware attack On Friday, Stulley Group's US companies filed for bankruptcy following a ransomware attack it suffered back in August. Chris Caldwell, the president and CEO of Stoli Group subsidiaries Stoli USA and Kentucky Owl, said the incident severely disrupted IT systems, including its ERP platform, and forced the company to resort to manual operations for key processes such as accounting. The incident also prevented the Stoli US Subsidiaries from providing financial reports to lenders who claimed the two companies had defaulted on a $78 million debt. Police see's largest German online Criminal Marketplace German authorities have taken down the country's largest dark web marketplace, unoriginally named Crime Network. Crime Network was established in 2012 and enabled criminals to post stolen data and sell drugs and illicit services such as document forging. The site had over 100,000 users and 100 registered sellers who raked in approximately 93 million euros, equating to $98 million. The site had over 100,000 users and one hundred registered sellers who raked in approximately 73 million euros in Bitcoin and Monero since 2018. The marketplace itself earned at least $5 million over the same period through monthly subscription and transaction fees. Police also arrested a 29 year old, known online as Techman, who was suspected as serving as Crime Network's administrator for several years. FBI advises telecoms to boost security following Chinese hacking campaign Since October, we've been covering ongoing reports that China backed hacking group Salt Typhoon was reportedly in the networks of AT&T, Verizon and Lumen, among others. These attacks are thought to be part of a broad Chinese espionage campaign targeting U.S. officials and also wiretap systems that might identify Chinese individuals under U.S. surveillance. On Tuesday, U.S. government officials warned that Salt Typhoon is still inside networks of some phone and Internet providers. Additionally, on Tuesday, the FBI and CISA issued guidance to telecommunication companies to bolster their defenses through deployment of encryption as well as centralized and consistent monitoring. The government's guidance was issued jointly with security agencies and organizations in New Zealand, Australia, Canada and Britain. Police shutter Matrix encrypted chat service. On Tuesday, Europol announced that French and Dutch law enforcement dismantled the sophisticated encrypted messaging service linked to international drug and arms trafficking and money laundering, authorities said. Matrix has its own operating system and various apps for encrypted messaging, secure calls, video and voice sharing, and anonymous web browser. Its infrastructure consisted of more than 40 servers across several countries, with the majority based in Germany and France. Law enforcement dismantled those servers and announced the arrest of three suspects who allegedly operated the platform. Police also seized roughly €650,000 in cash and cryptocurrencies, confiscated four vehicles and more than 970 mobile phones and now we'd like to thank today's episode sponsor Vanta. As third party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta questionnaire automation, security and compliance teams can complete security reviews up to five times faster, giving you time back to focus on running your security and compliance programs. Over 8,000 global companies like Zoom Info, Smart Recruiters and Noibu use Vanta to save time on security reviews. Visit Vanta.com to learn more about Questionnaire automation. That's v A n decade old Cisco Vulnerability under Active Exploit Cisco is warning customers that an input validation vulnerability in its Adaptive Security Appliance or ASA WebVPN login page is now actively being exploited by threat actors. Cisco documented the bug back in 2014 and exploitation could allow an unauthenticated remote attacker to launch cross site scripting attacks. Cisco discovered exploitation attempts in November and said customers should upgrade to a fixed software release. The company added that there are no workarounds for the issue. This issue highlights how implementing legacy security fixes can get lost in the sea of security priorities that organizations are facing. 2. Data brokers banned by the FTC the Federal Trade Commission announced Tuesday that it's banning data brokers Gravy analytics and Mobile Walla from collecting, using and selling sensitive location data of Americans. The agency alleged the brokers violated the FTC act by collecting and selling information that could be used to track people to healthcare facilities, military bases, religious sites, labor union gatherings and other sensitive locations. The FTC says mobilewalla collected info by bidding to show people personalized ads on their mobile devices and then retaining tracking info identifying them. Mobilewalla's subsidiary Ventel, collected location data from otherwise ordinary mobile apps, then sold data to other businesses and government agencies and including the IRS, DEA and FBI. The companies must comply with the FDC's ban by never selling, disclosing or using sensitive location data in any product or service, and must establish a sensitive data location program. Misconfigured WAFs heighten security risks According to a report From Zafran, nearly 40% of Fortune 100 companies leveraging their content delivery network providers for web application firewall services may be exposing backend servers refers to attacks. WAFs act as intermediaries between users and web applications, inspecting traffic for an array of threats and blocking malicious activity. In total, Zafran found 2028 domains belonging to 135 companies, exposing at least one supposedly WAF protected server. This means attackers could access the servers over the Internet to launch attacks like denial of service and ransomware. The researchers explained that the issues stem from organizations not following best practices, including adequately validating web requests to back end origin servers, filtering IP addresses, and establishing encrypted TLS connections between the CDN provider and their servers. While some responsibility does lie with customers, the researchers said, quote, CDN providers who offer WAF services share some responsibility as well for failing to offer customers proper risk avoidance measures and for not building their networks and services to circumvent many misconfigurations in the first place. Cyber unsafe employees increasingly put their orgs at risk A new study from CyberArk surveyed more than 14,000 employees across a variety of industries and shows that 80% of respondents access workplace applications from personal devices that lack key security controls. Additionally, the study found that privileged access often extends beyond IT admins. One third of respondents are able to alter sensitive data without controls, and roughly 30% can approve large financial transactions on their own. Nearly half of respondents admitted to reusing the same login credentials for multiple work applications, while 36% used the same credentials for both work and personal applications. Finally, about 65% admitted to bypassing cybersecurity policies for personal ease. All these practices heighten the risk of organizations falling victims to leaks and other data breaches. And that does it for today's cybersecurity headlines. But don't forget to register for our great slate of live stream events happening this Friday, December 6, starting at 1pm Eastern, 10am Pacific with Super Cyber Friday, we'll be talking about hacking the AI supply chain. An hour of critical thinking about what's new and familiar about securing the foundations of your AI applications. Then later on Friday at 3:30pm Eastern, 12:30 Pacific, we'll be running down the top cyber news stories of the week. During our Week in Review show, we'll be getting expert insights from our guest, Edward Fry, Head of Security at Luminary Cloud. While you're with us, don't forget to drop your own hot takes and questions into our lively chat. Just head on over to csoseries.com and click on Events to Register. Thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly, Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.