Tenable acquires Vulcan Cyber, Chinese and Iranian hackers are using U.S. AI, US Navy bans use of DeepSeek - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines - Detailed Summary Hosted by CISO Series | Release Date: January 30, 2025

1. Tenable Acquires Vulcan Cyber

Timestamp: [00:07]

In a significant move within the cybersecurity industry, Tenable, a Nasdaq-listed company valued at $5.3 billion, announced its acquisition of Israeli cybersecurity firm Vulcan Cyber for approximately $150 million. This deal, expected to close in the first quarter of 2025, aims to bolster Tenable's security exposure management platform by integrating Vulcan Cyber's advanced capabilities.

Sarah Lane reports, “The acquisition aims to enhance Tenable's security exposure management platform by integrating Vulcan Cyber's capabilities, unifying security visibility and risk mitigation.” Vulcan Cyber, established in 2018, has successfully raised $55 million in funding and employs around 100 professionals. The integration is expected to streamline security operations, although the exact number of employees remaining post-acquisition remains undisclosed.

2. Chinese and Iranian Hackers Leveraging U.S. AI

Timestamp: [00:07]

The podcast highlights a concerning trend where hackers associated with China, Iran, Russia, and North Korea are increasingly utilizing artificial intelligence (AI) to enhance their cyber attacks. According to U.S. officials and Google Security Research, these adversarial groups are employing AI tools like Google's Gemini Chatbot for malicious purposes.

Sarah Lane explains, “These groups reportedly utilize AI for tasks like writing malicious code, identifying vulnerabilities, and researching targets rather than developing advanced hacking techniques.” This strategic use of AI allows cybercriminals to automate and scale their operations, making attacks more efficient and harder to detect.

3. US Navy Bans Use of DeepSeek AI Amidst AI Arms Race Concerns

Timestamp: [00:07]

Amidst growing global apprehension over China's advancements in AI, particularly with their Deep Seek AI, the U.S. Navy has issued a directive prohibiting the use of DeepSeek AI by its members. This ban is rooted in both security and ethical considerations, reflecting the intense competition between the U.S. and China in the AI domain.

Sarah Lane notes, “The US Navy has warned its members to avoid using China's Deep Seek AI due to security and ethical concerns, instructing them not to use it for work or personal tasks.” Deep Seek's latest AI model, R1, has been a focal point of international scrutiny, causing significant fluctuations in tech markets and impacting AI chip manufacturers like Nvidia and Broadcom.

4. Cyber Attack Disrupts South African Weather Service

Timestamp: [00:07]

South Africa faced a severe cyber attack targeting the South African Weather Service (SAWS), disrupting critical services across aviation, marine, and agriculture sectors. This incident marks the second attempted attack within two days, forcing SAWS to disseminate weather updates via social media platforms temporarily.

Sarah Lane reports, “The breach has also impacted regional allies like Mozambique and Zambia, with efforts underway to restore the systems.” Although no ransomware group has claimed responsibility, South Africa has been experiencing a surge in cyber attacks targeting public institutions, including the Defense Department, pension organizations, and national labs.

5. FBI and International Law Enforcement Crackdown on Cybercrime Platforms

Timestamp: [00:07]

In a coordinated effort with agencies from Australia, France, Germany, and other nations, the FBI successfully seized multiple cybercrime-linked platforms, including Cracked.io, Nold.io, Cell4, SElIX, and Stark RDP. These platforms were notorious for facilitating password theft, software piracy, and credential stuffing attacks.

Sarah Lane states, “These sites have been criticized in the past for enabling password theft, software piracy, and credential stuffing attacks, but now redirect to FBI-controlled servers, effectively shutting them down.” This operation signifies a major step in dismantling global cybercriminal networks and curtailing the availability of hacking tools and stolen credentials.

6. North Korea's Lazarus Group Executes Large-Scale Supply Chain Attack

Timestamp: [00:07]

The Lazarus Group, a notorious cyber espionage organization linked to North Korea, launched a sophisticated supply chain attack named "Phantom Circuit." This campaign compromised hundreds of victims by embedding backdoors in cloned open-source software, targeting cryptocurrency developers and tech professionals.

Sarah Lane elaborates, “The campaign began in late 2024 and targeted cryptocurrency developers and tech professionals by distributing malware-laced repositories on platforms like GitLab.” The stolen data included credentials, authentication tokens, and system information, with attackers employing obfuscation techniques and VPNs to mask their activities. Security Scorecard's latest report underscores the severity of this attack, highlighting the ongoing threats posed by state-sponsored cyber groups.

7. Critical Vulnerability in Microsoft's Multi-Factor Authentication (MFA) Addressed

Timestamp: [00:07]

Oasis Security identified a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) system, which allowed attackers to bypass MFA and gain unauthorized access to Office 365 accounts, including Outlook, OneDrive, and Azure. The flaw exploited system creation and Time-Based One-Time Password (TOTP) code tolerance, enabling brute force attacks on MFA codes within approximately 70 minutes.

Sarah Lane notes, “Oasis reported the issue to Microsoft, which implemented a stricter rate limit, permanently fixing the vulnerability by October of 2024.” This incident emphasizes the importance of robust MFA implementations and the necessity for enhanced alerting mechanisms to monitor failed second-factor attempts, thereby strengthening overall security postures.

8. Georgia Tech Researchers Discover SLAP and FLOP Vulnerabilities in Apple Devices

Timestamp: [00:07]

Security researchers from the Georgia Institute of Technology uncovered two significant vulnerabilities, named SLAP (Slap) and FLOP (Flop), affecting Apple devices equipped with A15 and M2 chips or later. These flaws exploit speculative execution to access data from open web tabs, specifically targeting browsers like Safari and Chrome.

Sarah Lane explains, “SLAP affects Safari and FLOP impacts both Safari and Chrome.” While there is no evidence of these vulnerabilities being exploited in the wild, Apple has been proactively working on patches since mid-2024. The company assures users that there is no immediate risk until the patches are released and advises caution regarding the websites they visit.

Concluding Insights

The episode of "Cyber Security Headlines" by CISO Series presents a comprehensive overview of the latest developments in the cybersecurity landscape. From high-profile acquisitions and state-sponsored cyber threats to critical vulnerabilities and international law enforcement efforts, the podcast underscores the dynamic and multifaceted nature of information security today.

Sarah Lane concludes with a reminder, “Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines,” encouraging listeners to stay informed and vigilant in the ever-evolving realm of cybersecurity.

Key Takeaways:

Industry Consolidation: Tenable's acquisition of Vulcan Cyber signifies strategic growth to enhance security management capabilities.
AI in Cyber Threats: The utilization of AI by nation-state hackers represents a significant shift in the automation and sophistication of cyber attacks.
Global AI Arms Race: The U.S. Navy's ban on DeepSeek AI highlights the geopolitical tensions surrounding AI advancements.
Cyber Resilience: The attack on South African Weather Service emphasizes the critical need for robust defense mechanisms for public institutions.
Law Enforcement Successes: International cooperation in shutting down cybercrime platforms marks progress in combating digital threats.
State-Sponsored Attacks: The Lazarus Group's supply chain attack illustrates the persistent threats posed by state-affiliated cyber actors.
Vulnerability Management: Addressing flaws in MFA systems and device vulnerabilities remains paramount for safeguarding digital infrastructures.

For listeners seeking in-depth analysis and updates on cybersecurity trends and threats, "Cyber Security Headlines" serves as a vital resource for staying ahead in the field.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Thursday, January 30, 2025. I'm Sarah Lane. In today's cybersecurity news, Tenable, a Nasdaq listed cybersecurity company valued at $5.3 billion, is acquiring Israeli cybersecurity firm Vulcan Cyber for approximately $150 million, with the deal expected to close in Q1 of this year. The acquisition aims to enhance Tenable security exposure management platform by integrating Vulcan Cyber's capabilities, unifying security visibility and risk mitigation. Vulcan Cyber was founded in 2018, has raised $55 million and employs around 100 people, though it's unclear how many will remain post acquisition. Hackers linked to China, Iran, Russia and North Korea are using AI, including Google's Gemini Chatbot, to enhance cyber attacks. That's according to US Officials and Google Security Research. These groups reportedly utilize AI for tasks like writing malicious code, identifying vulnerabilities and researching targets rather than developing advanced hacking techniques. Meanwhile, China's Deep Seq AI has raised global concern about the progress in China in the AI arms race, adding uncertainty to the technology's impact on security and warfare. The US Navy has warned its members to avoid using China's Deep Seq AI due to security and ethical concerns, instructing them not to use it for work or personal tasks. Deep Sea's newly released AI model R1 has drawn global attention for its capabilities, sparking concerns over China's AI advancements and impacting tech markets with AI chip makers like Nvidia and Broadcom losing quite a bit in market value over a very short period of time. 800 billion the warning comes amid growing US and China AI competition. A cyber attack has taken the South African Weather Service, or saws, offline, disrupting critical services for aviation, marine and agriculture while forcing saws to share weather updates via social media. The breach, which is the second attempted attack in two days, has also impacted regional allies like Mozambique and Zambia, with efforts underway to restore the systems. While no ransomware group has claimed responsibility, South Africa has faced a wave of cyber attacks in recent years, targeting public institutions including its Defense Department, pension organization and national lab service. Huge thanks to our sponsor today. Conveyor Ever wish you had a teammate that could handle the most annoying parts of customer security reviews? You know, chasing down SMEs for answers, updating systems, coordinating across teams, all the grunt work nobody wants to do, plus having to finish the dang questionnaire itself. Well, good news that teammate exists. Conveyor just launched sue, the first AI agent for customer trust. Sue really is the dream teammate. She never misses a deadline. She answers every customer request from sales. She completes every questionnaire and knocks out all the coordination in between. Sue handles it all so you don't have to learn more at www.conveyor.com the FBI and international law enforcement have seized multiple cybercrime linked platforms including Cracked IO, Nold, IO Cell 4, which is S E L L I x and Stark RDP in a major crackdown on digital marketplaces 4 for stolen credentials and hacking tools. These sites have been criticized in the past for enabling password theft, software privacy and credential stuffing attacks, but now redirect to FBI controlled servers, effectively shutting them down. The operation involving agencies from Australia, France, Germany and other countries marks another step in global efforts to dismantle cybercriminal networks. North Korea's Lazarus Group carried out a large scale supply chain attack dubbed Phantom Circuit, compromising hundreds of victims by embedding backdoors in cloned open source software. This is according to Security Scorecards latest report. The campaign began in late 2024 and targeted cryptocurrency developers and tech professionals by distributing malware laced repositories on platforms like GitLab. Stolen data included credentials, authentication tokens and system information with the attackers using obfuscation techniques and VPNs. Oasis Security discovered a critical vulnerability in Microsoft's Multi Factor Authentication, or MFA, allowing attackers to bypass it and gain unauthorized access to Office 365 accounts including Outlook, OneDrive and Azure. The flaw exploited system creation and TOTP code tolerance, enabling attackers to brute force MFA codes undetected within 70 minutes. Oasis reported the issue to Microsoft, which implemented a stricter rate limit, permanently fixing the vulnerability by October of 2024. The research highlights the importance of strong MFA implementations and improved alerting mechanisms for failed second factor attempts. Security researchers from the Georgia Institute of Technology or Georgia Tech have discovered two vulnerabilities, SLAP or Slap and FLOP or Flop affecting all phones, iPads and Macs with a 15 and M2 chips or later. These flaws exploit speculative execution to access data from open web tabs, with SLAP affecting Safari and Flop impacting both Safari and Chrome. There isn't evidence of exploitation in the wild, but Apple's been working on fixes since mid 2024, stating there is no immediate risk to users until a patch is released. The best precaution is to be cautious of the websites that you visit. Security has a lot of problems asset inventory, patching, automation, config management and device administration. All perennial challenges, but how many of them are related to security specifically? That is what we dig into on our latest episode of Defense In Depth. Look for the hardest problems in security. Aren't security problems wherever you get your podcast?
[07:20]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
[07:28]
B
I'm Sarah Lane reporting for the CISO series. Thanks for listening and we'll talk to you next time.

Cyber Security Headlines - Detailed Summary Hosted by CISO Series | Release Date: January 30, 2025

1. Tenable Acquires Vulcan Cyber

Timestamp: [00:07]

2. Chinese and Iranian Hackers Leveraging U.S. AI

Timestamp: [00:07]

3. US Navy Bans Use of DeepSeek AI Amidst AI Arms Race Concerns

Timestamp: [00:07]

4. Cyber Attack Disrupts South African Weather Service

Timestamp: [00:07]

5. FBI and International Law Enforcement Crackdown on Cybercrime Platforms

Timestamp: [00:07]

6. North Korea's Lazarus Group Executes Large-Scale Supply Chain Attack

Timestamp: [00:07]

7. Critical Vulnerability in Microsoft's Multi-Factor Authentication (MFA) Addressed

Timestamp: [00:07]

8. Georgia Tech Researchers Discover SLAP and FLOP Vulnerabilities in Apple Devices

Timestamp: [00:07]

Concluding Insights

Key Takeaways:

Industry Consolidation: Tenable's acquisition of Vulcan Cyber signifies strategic growth to enhance security management capabilities.
AI in Cyber Threats: The utilization of AI by nation-state hackers represents a significant shift in the automation and sophistication of cyber attacks.
Global AI Arms Race: The U.S. Navy's ban on DeepSeek AI highlights the geopolitical tensions surrounding AI advancements.
Cyber Resilience: The attack on South African Weather Service emphasizes the critical need for robust defense mechanisms for public institutions.
Law Enforcement Successes: International cooperation in shutting down cybercrime platforms marks progress in combating digital threats.
State-Sponsored Attacks: The Lazarus Group's supply chain attack illustrates the persistent threats posed by state-affiliated cyber actors.
Vulnerability Management: Addressing flaws in MFA systems and device vulnerabilities remains paramount for safeguarding digital infrastructures.

For listeners seeking in-depth analysis and updates on cybersecurity trends and threats, "Cyber Security Headlines" serves as a vital resource for staying ahead in the field.