← Cybersecurity Headlines
Cybersecurity Headlines
Tornado cash sanctions lifted, Russia Cloudflare outage, Microsoft Trust abused
00:07:59
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Monday, March 24, 2025. I'm Steve Prentiss. U.S. treasury lifts sanctions on Tornado Cash Tornado Cash is a cryptocurrency mixer previously accused of facilitating money laundering for North Korean hackers and other cybercriminals. Initially sanctioned in 2022 for allegedly aiding in laundering over $7 billion, including $455 million stolen by the Lazarus Group, Tornado Cash has been removed from the Specially Designated Nationals list following a November 2024 appellate court ruling. The court determined that the treasury had overstepped its authority as Tornado Cash's immutable smart contracts did not qualify as property under federal law. Despite lifting the sanctions, the treasury says it remains concerned about North Korea's cyber activities and emphasizes the importance of securing the digital asset industry from illicit use Web Service outage in Russia due to reported cloud flare block the outages were observed Thursday across numerous Russian regions affecting platforms including TikTok, Steam, Twitch, Epic Games, Duolingo and major Russian mobile operators. Also impacted were banking and government services and messaging apps such as Telegram and WhatsApp. Industry experts are suggesting the cause of the outage to be the Russian government's blocking of US Based cloudflare. Russian Internet regulator roscomnadzor recommends that local organizations switch to Russian hosting providers instead. Microsoft Trust signing service abused to code Sign malware Researchers at Bleeping Computer and elsewhere are observing more incidences of threat actors using the Microsoft Trusted Signing Service to sign their malware with short lived three day code signing certificates. Code signing certificates make malware appear legitimate, potentially bypassing security filters that block unsigned executables. Extended validation certificates are particularly sought after by threat actors due to the increased trust they confer from cybersecurity programs and their ability to help byPass alerts. In SmartScreen, a cybersecurity researcher and developer with the wonderful name of Squibly Doo told Bleeping Computer that they believe threat actors are switching to Microsoft's service out of convenience, especially given that recent changes to EV certificates are causing confusion for users, something threat actors are taking advantage of. Oracle denies breach Oracle is denying that they have suffered a breach after, quote, a threat actor claimed to be selling 6 million data records allegedly stolen from the company's Oracle Cloud federated SSO login servers. End quote the company says, quote, the published credentials are not for the Oracle cloud and that no Oracle Cloud customers experienced a breach or lost any data, end quote A threat actor released text files containing a sample database, LDAP information, and a list of the companies that they claimed were stolen from Oracle Cloud's SSO platform, and further claiming that they gained access to Oracle cloud servers around 40 days ago and exfiltrated data from the US2 and EM2 cloud regions. Thanks to today's episode's sponsor, ThreatLocker ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com that is thr eat locker.com Doge aid broke treasury policy by emailing unencrypted database, says Court Filing this filing pertains to a lawsuit brought by New York Attorney General letitia James and 18 other state attorneys general in February. The filing contains sworn testimony of David Ambrose, the chief security and privacy officer at the Treasury Department's Bureau of Fiscal Services, who told the court that Doge operative Marco Elez violated Treasury rules by sending the unencrypted database including personally identifiable information, and by not obtaining prior approval for transmission, end quote. The action was declared as, quote, low risk because the database did not include Social Security numbers or more specific identifiers, end quote. But the Treasury's testimony says this was contrary to BFS policies. FCC alleges Chinese telecom companies are making an end run around bans the Federal Communications Commission's newly created Council on National Security will conduct a sweeping investigation of Chinese made equipment in America's telecommunication infrastructure. This is according to an announcement made on Friday. The focus will be on Chinese companies like Huawei and ZTE and others who have been banned from doing business with US Companies but who allegedly continue to exploit loopholes or simply massively underbid other competitors when dealing with smaller U.S. telecommunications providers. U.S. pilot safety messaging system resumes operations after outage this system, run by the Federal Aviation Administration, experienced an outage for several hours on Saturday before resuming operations. The system, named notam notam, an acronym for Notice to Airmen, went down for more than three hours on Saturday and was due to a hardware issue. The FAA confirmed all active NOTAM messages were available until the time of the outage. Officials are claiming an aging air traffic control system paired with underfunding as causes. Infostealers grabbed 2.1 billion credentials last year. A new report from Flashpoint says cybercriminals stole 33% more credentials in 2024 compared to the previous year, and that more than 200 million credentials were already stolen in the first two this year. Ian Gray, vice president of intelligence at Flashpoint, said infostealers have increasingly become the initial access vector for ransomware campaigns by stealing credentials, system information and browser data. Among the reports findings is that the majority of infosteeler infections were running on the Microsoft Windows operating system, and nearly 7 in 10 infostealer infections on Windows devices targeted corporate systems. Remember to check out our brand new podcast Security youy Should Know. This week we're highlighting our episode with DTEX Systems. Our panelists got the details about what they are doing to solve the problem on data loss from insider threats. If you've listened to cybersecurity headlines for any length of time, you know that that's never been more timely. So look for the show wherever you get your podcasts or head on over to CISO Series. I'm Steve Prentiss reporting for the CISO series.
- [07:43]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.