Telecom security bill, Google's quantum chip, Chinese cyber firm sanctions - Cybersecurity Headlines

Summary

Cyber Security Headlines - December 11, 2024

Hosted by Sean Kelly, CISO Series

On December 11, 2024, the CISO Series hosted an episode of Cyber Security Headlines where Sean Kelly delved into the most pressing stories in the world of information security. This comprehensive summary captures the key discussions, insights, and conclusions from the episode, structured into clear sections for easy navigation.

1. U.S. Introduces Telecom Security Bill

Timestamp: [00:00]

Overview: Senator Ron Wyden unveiled the Secure American Communications Act, a pivotal draft bill aimed at fortifying U.S. communication networks against increasing cyber threats, notably those attributed to Chinese government hackers.

Key Provisions:

Binding Cybersecurity Rules: The bill mandates the Federal Communications Commission (FCC) to establish enforceable cybersecurity standards for telecom carriers.
Annual Security Testing: Telecom companies must conduct yearly assessments to identify and address security vulnerabilities.
Documentation and Corrective Measures: Findings from these tests must be meticulously documented, along with the steps taken to remediate identified issues.
Independent Compliance Audits: Telecoms are required to engage third-party firms for annual compliance audits.
Executive Accountability: CEOs and Chief Information Security Officers (CISOs) of telecom companies must formally attest to their compliance with the new regulations.

Quote: Sean Kelly remarked, "The Secure American Communications Act represents a significant step towards safeguarding our critical communication infrastructures from sophisticated cyber threats." ([00:00])

2. Google Unveils Its Most Powerful Quantum Chip: Willow

Timestamp: [04:30]

Overview: Google announced Willow, its latest quantum computing chip, heralded as the most powerful in the company's lineup. Willow achieved a groundbreaking computation in under five minutes—a task estimated to take one of today's fastest supercomputers ten septillion years (1 followed by 25 zeros) to complete.

Technical Insights:

Qubit Advancements: Unlike classical bits, which are strictly 0 or 1, qubits in quantum computers can exist in multiple states simultaneously, enhancing computational capabilities.
Error Reduction: A significant challenge with quantum computing is the high error rate of qubits. Google's mission with Willow was to minimize these errors, making quantum computations more reliable.

Quote: Hartmut Navin, Google's Quantum AI founder, stated, "With Willow, we've made substantial strides in reducing qubit error rates, bringing us closer to realizing the true potential of quantum computing." ([04:30])

Skepticism Acknowledged: Despite the advancements, Kelly noted, "Quantum computers, while powerful, still face challenges that cast doubt on whether they can meet the lofty expectations set for them." ([05:10])

3. U.S. Imposes Sanctions on Chinese Cybersecurity Firm Sichuan Silence

Timestamp: [08:15]

Overview: The Department of Justice (DOJ) officially indicted Sichuan Silence, a Chinese cybersecurity company, along with an employee, Guan Tianfeng, for orchestrating a large-scale hacking campaign targeting over 81,000 Sophos XG firewalls globally.

Details of the Attack:

Zero-Day Exploit: Guan discovered a previously unknown SQL injection vulnerability in Sophos XG firewalls, which he exploited to breach systems.
Impact: Approximately 25% of the compromised firewalls were associated with U.S. government and critical infrastructure entities.
Malicious Activities: The attackers stole data and attempted to deploy the Ragnarok ransomware variant on victim systems.

Government Response: The U.S. State Department has offered a $10 million reward for information leading to the identification of Sichuan Silence or Guan, accessible through the Rewards for Justice program.

Quote: Sean Kelly emphasized, "This indictment underscores the persistent threat posed by state-sponsored cyber actors targeting critical infrastructure." ([08:15])

4. Patched File Transfer Products Remain Vulnerable

Timestamp: [12:40]

Overview: Security researchers at Huntress have identified active exploitation of vulnerabilities in several file transfer products developed by Clio. Despite recent patches, systems remain at risk.

Vulnerabilities Identified:

Affected Products: Clio’s Lexicom VL Transfer and Harmony products were found to have exploitable flaws.
Exploitation Severity: Even patched systems can be compromised, posing significant security risks.

Recommended Actions:

Firewall Deployment: Huntress advises moving any Internet-exposed Clio systems behind robust firewalls until new patches are released.
Clio’s Response: The company has confirmed the vulnerabilities and provided immediate mitigation steps while developing a more comprehensive patch.

Quote: A Huntress representative advised, "Until a new patch is available, securing your Clio systems behind a firewall is imperative to protect against ongoing threats." ([12:40])

5. High-Severity Vulnerability in WPForms Plugin

Timestamp: [16:00]

Overview: A critical authentication vulnerability has been discovered in the WPForms WordPress plugin, which is utilized by over 6 million websites for creating interactive forms supporting Stripe, PayPal, and Square integrations.

Vulnerability Details:

Risk of Exploitation: Subscriber-level users can exploit this flaw to issue arbitrary Stripe refunds or cancel subscriptions, leading to potential financial losses and trust erosion among customers.
Patch Status: Although a patch was released on November 18th (version 1.9.2), approximately 3 million sites remain vulnerable, operating on older plugin versions.

Recommendation: Site owners are urged to update to the latest plugin version immediately to mitigate the risk.

Quote: Sean Kelly highlighted, "With millions of websites at risk, it's crucial for WPForms users to prioritize updating their plugins to safeguard their business and customer trust." ([16:00])

6. December 2024 Patch Tuesday: Microsoft and Adobe Address Critical Flaws

Timestamp: [19:20]

Microsoft’s Security Updates:

Total Vulnerabilities Addressed: 71 flaws, with 57 allowing for remote code execution or privilege escalation.
Most Severe Issue: A 9.8 severity bug in the LDAP (Lightweight Directory Access Protocol); however, Microsoft notes its exploitation is challenging.
Active Exploit Alert: A moderate flaw in the common log file system driver is being actively exploited, enabling attackers to gain system privileges on Windows devices.

Adobe’s Security Patches:

Vulnerabilities Addressed: Over 160 vulnerabilities across 16 products.
Critical Concerns:
- Adobe Animate: More than a dozen critical issues allowing arbitrary code execution.
- Adobe Connect: 22 vulnerabilities, including critical and high-severity flaws facilitating arbitrary code execution and privilege escalation.
- Adobe Experience Manager: 90 vulnerabilities, with only one rated as critical.
Current Exploits: Adobe reports no known active exploits in the wild for these vulnerabilities.

Avanti’s Vulnerability Warning:

Issue Identified: A maximum severity authentication bypass vulnerability in Avanti's cloud services appliances.
Recommendation: Admins should upgrade vulnerable appliances immediately. Additional patches were released for other products, including desktop and server management solutions.

Quote: Sean Kelly noted, "Patch Tuesday remains a critical reminder for organizations to stay vigilant and promptly address security vulnerabilities to protect their infrastructure." ([19:20])

7. AWS Misconfigurations Exploited in Massive Data Breach

Timestamp: [22:50]

Overview: Cybersecurity researchers Noam Rotem and Ran Lokar discovered a significant cyber operation exploiting vulnerabilities in public websites hosted on Amazon Web Services (AWS). The operation, linked to hacking groups Nemesis and Shiny Hunters, leveraged tools like Show to scan AWS public IP ranges for application vulnerabilities and misconfigurations.

Attack Methodology:

Data Exfiltration: After identifying vulnerable endpoints, attackers accessed sensitive data, including credentials for platforms like GitHub, Twilio, and cryptocurrency exchanges.
Monetization: Verified credentials were marketed on Telegram, fetching hundreds of euros per breach.

Preventative Measures:

Avoid Hard-Coded Credentials: Ensure credentials are not embedded directly within code.
Regular Rotation of Keys and Secrets: Frequently update and rotate access keys.
Web Application Firewalls (WAF): Deploy WAFs to shield applications from common attacks.
Canary Tokens: Use canary tokens as tripwires to detect unauthorized access to sensitive information.

Quote: Sean Kelly emphasized, "The exploitation of AWS misconfigurations highlights the ongoing need for robust cloud security practices and vigilant monitoring to prevent large-scale data breaches." ([22:50])

8. Crypto Miner CP30 Pleads Guilty in Multimillion-Dollar Scheme

Timestamp: [26:30]

Overview: Charles O. Parks III, known online as CP3O, aged 45, has pleaded guilty to wire fraud charges in Brooklyn, New York. Over eight months in 2021, Parks orchestrated a scheme involving the creation of fake cloud accounts under fictitious identities and company names.

Scheme Details:

Cryptocurrency Mining: Parks utilized these fraudulent accounts to mine Ethereum, Litecoin, and Monero without addressing payment and usage inquiries from cloud providers.
Financial Impact: Defrauded two prominent cloud providers of over $3.5 million. Personally, Parks amassed approximately $970,000, which he lavishly spent on luxury items, including a Mercedes Benz, expensive jewelry, and first-class travel accommodations.

Quote: Sean Kelly remarked, "Parks' scheme underscores the importance of thorough verification processes in cloud account management to prevent financial fraud." ([26:30])

Sponsor Message

ThreatLocker: Securing Your Organization

The episode was sponsored by ThreatLocker, a cybersecurity solution that combats zero-day exploits and supply chain attacks. ThreatLocker employs a proactive default-deny approach, providing comprehensive audits of all permitted and blocked actions to enhance risk management and compliance. Their US-based support team ensures seamless onboarding and operation.

Quote: Sean Kelly encouraged listeners, "Protect your organization from ransomware and other cyber threats with ThreatLocker. Visit threatlocker.com to learn more." ([28:50])

Conclusion

Today's episode of Cyber Security Headlines provided a thorough examination of the latest developments in the cybersecurity landscape, from legislative efforts and cutting-edge technological advancements to significant breaches and legal actions against cybercriminals. Sean Kelly adeptly highlighted the critical importance of proactive security measures, timely software updates, and robust cloud security practices to safeguard against evolving threats.

For listeners seeking more in-depth coverage of these stories, additional details are available at CISOseries.com.

This summary aims to provide a comprehensive overview for those who haven't listened to the episode, capturing all essential points and insights discussed by Sean Kelly.

Transcript

Sean Kelly (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, December 11, 2024. I'm Sean Kelly. U.S. senator announces new bill to secure telecom Companies On Tuesday, Senator Ron Wyden announced a new draft bill that aims to secure US Communication networks in response to a recent rash of hacks allegedly carried out by Chinese government hackers. The Secure American Communications act would order the FCC to issue binding cybersecurity rules to telecom carriers. These rules include testing systems annually for security vulnerabilities and documenting findings and corrective measures. Telecoms will also have to contract for independent annual compliance audits, while telecom CEOs and CISOs will need to attest to their compliance with the new rules. Google unveils new Quantum chips On Monday, Google announced its most powerful quantum computing chip to date, dubbed Willow. In under five minutes, Willow performed a computation that would take one of Today's fastest supercomputers ten septillion years written out. That's one with 25 zeroes after it. Unlike classic digital computers that calculate based on whether a bit is 0 or 1 on or off, quantum computers rely on incredibly tiny qubits. Qubits can be on or off, but also somewhere in between. While qubits offer more computational power, they are also more prone to error, giving rise to skepticism that quantum computers will ever live up to their hype. Google's mission with Willow was to reduce qubit error rates, and according to Google's Quantum AI founder Hartmut Navin, its new chip achieves that US Sanctions Chinese cybersecurity firm for firewall hacks On Tuesday, the DOJ unsealed an indictment against Chinese cybersecurity company Sichuan Silence and one employee for involvement in a major hacking campaign. Sichuan Silence employee Guan Tianfeng discovered a zero day SQL injection vulnerability in Sophos XG firewalls. Guan used the exploit to compromise more than 81,000 sophos firewalls worldwide, over a quarter of which belonged to US Government and critical infrastructure organizations. Guan stole data and attempted to infect victim systems with a Ragnarok ransomware variant. The U.S. state Department announced up to a $10 million reward for information about Sichuan Silence, or Guan, through its Rewards for Justice. Patched file transfer products being Exploited Security researchers at Huntress are warning that vulnerabilities in several file transfer products from Clio are under active exploitation. Clio recently patched a vulnerability that affects the company's Lexicom VL transfer and Harmony products. However, the researchers warned that even fully patched systems are still exploitable. Huntress advised customers to move any Internet exposed Clio systems behind a firewall until a new patch is released. Clio confirmed the issue and provided customers with immediate steps to mitigate the issue while they continued to develop a new patch. And now we'd like to thank Today's episode sponsor ThreatLocker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O c k e r.com PluginBug allows Stripe refunds on millions of WordPress sites a high severity authentication vulnerability has been discovered in the WPForms WordPress plugin used in over 6 million websites. WPForms is an easy to use drag and drop form builder for creating contact feedback, subscription and payment forms, and offers support for Stripe, PayPal and Square. The consequences of exploitation could allow subscriber level users to issue arbitrary Stripe refunds or cancel subscriptions. For site owners, this could mean loss of revenue, business disruption and trust issues with their customer base. A patch was released on November 18th for version 1.9.2 of the plugin, but according to WordPress.org stats, roughly 3 million sites remain on older vulnerable plugin versions. And now it's time for you should probably patch that patch Tuesday Edition Yesterday, Microsoft released its December 2024 Patch Tuesday security fixes, which addressed a total of 71 flaws, 57 of which allow for remote code execution or privilege escalation. The most severe is a 9.8 severity bug in LDAP or Lightweight Directory Access Protocol, but Microsoft notes that it's difficult to exploit One moderate flaw in the common log file system driver is under Active exploit and allows attackers to gain system privileges on Windows devices. Meanwhile, Adobe issued its own swath of patches yesterday, addressing more than 160 vulnerabilities across 16 products. More than a dozen of the issues relate to Adobe Animate, and all of those issues are rated critical and can lead to arbitrary code execution. 22 of the vulns affect Adobe Connect, including several rated critical and high, and can also be exploited for arbitrary code execution and privilege escalation. A whopping 90 of the issues were an Adobe Experience Manager. However, only one has a critical severity. Adobe says it's not aware of any in the wild exploits for the vulnerabilities. And finally yesterday, Avanti warned customers about a new maximum severity authentication bypass vulnerability in its cloud services appliance solution. Ivanti is not aware of active exploitation of the flaw, but advises admins to upgrade vulnerable appliances. Avanti also patched other medium high and critical vulnerabilities in desktop and server management, Connect Secure and Policy Secure, Sentry and Patch SDK products. Hackers exploit AWS misconfigurations in massive data breach Independent cybersecurity researchers Noam Rotem and Ran Lokar uncovered a significant cyber operation exploiting vulnerabilities in public websites hosted on Amazon Web Services. Researchers linked the campaign to the Nemesis and Shiny Hunters, hacking groups who used tools like show to scan AWS public IP ranges for application vulnerabilities and misconfigurations. They then scanned exposed endpoints for sensitive data, including credentials for popular platforms like GitHub, Twilio and crypto exchanges. Verified credentials were later marketed on Telegram for hundreds of euros per breach. The researchers and AWS advised customers to avoid use of hard coded credentials, periodically rotate keys and secrets, deploy web application firewalls, and to use canary tokens as tripwires for sensitive info. CP30 pleads guilty to multimillion dollar crypto mining scheme 45 year old Charles O. Parks III, known online as CP3O, pleaded guilty to wire fraud charges in a federal court in Brooklyn, New York. Over a period of eight months in 2021, Parks created Cloud accounts using fake identities and company names. Parks used the accounts to mine Ethereum, Litecoin and Monero while ignoring payment and usage inquiries from the cloud providers. Parks defrauded two well known cloud providers out of over $3.5 million US Parks personally raked in about $970,000 which he used to make lavish purchases including a Mercedes Benz, expensive jewelry and first class hotels and travel. And that does it for today's cybersecurity headlines. Useful alerts are critical in cybersecurity, but getting inundated with useless alerts wastes time, resources and our attention. How do we build out an alerting system that actually works? That's what we dig into on our latest episode of Defense In Depth. Look for how can we fix alert fatigue? Wherever you get your podcasts or head on over to csoseries.com thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly. Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.