Cyber Security Headlines - January 24, 2025

Hosted by: Steve Prentiss | Source: CISO Series

1. TSA Cyber Chief David Pekoske Ousted by New Administration

Overview: In a significant leadership change, the Transportation Security Administration (TSA) has dismissed its Cyber Chief, David Pekoske. Pekoske, who was appointed during President Donald Trump's first term, played a pivotal role in shaping cybersecurity directives across the air, pipeline, and rail industries.

Key Points:

• Tenure and Contributions: Pekoske was instrumental in the Biden administration's initiatives to rectify cybersecurity shortcomings, especially following the notorious ransomware attack on the Colonial Pipeline in 2021. His tenure was extended in 2022 under President Joe Biden.

• Unclear Reasons for Departure: The administration has not disclosed the reasons behind Pekoske's ousting, nor has it announced his successor.

Notable Quote:

"Pekoske had been at the forefront of our efforts to strengthen cybersecurity across critical infrastructure," said a source familiar with TSA's decision. (02:15)

2. CISOs Gain Boardroom Traction but Still Face Skill Gaps

Overview: A recent report by Splunk, now part of Cisco, highlights the growing influence of Chief Information Security Officers (CISOs) within corporate boardrooms. However, the report also underscores persistent gaps in soft skills among these security leaders.

Key Points:

• Increased Influence: According to the ITS CISO Report 2025, 82% of CISOs now report directly to the CEO, a significant increase from 47% in 2023. Additionally, 83% participate frequently in board meetings.

• Strong Relationships: Many CISOs enjoy "excellent or very good" working relationships with board members, particularly in areas like strategic goal setting and milestone communication.

• Skill Gaps: Despite their rising influence, CISOs often lack in areas such as business acumen, emotional intelligence, and effective communication, as identified by both CISOs and board members.

Notable Quote:

"While CISOs are now key players in strategic discussions, enhancing their soft skills is essential for addressing future cybersecurity challenges," stated the Splunk report. (03:45)

3. Cisco Addresses Critical Vulnerability in Meeting Management Tool

Overview: Cisco has promptly addressed a severe vulnerability in its Meeting Management tool, which posed a high-risk threat to administrators and users alike.

Key Points:

• Vulnerability Details: The flaw, identified with a CVE number and a CVSS score of 9.9, allows remote attackers to escalate privileges and gain administrative access to exposed instances.

• Immediate Fix: Cisco released an updated version (3.9.1) of the Meeting Management tool to mitigate the vulnerability. The company emphasizes that there are no available workarounds, urging all customers to update immediately.

Notable Quote:

"We urge all our customers to update to version 3.9.1 without delay to protect against potential exploitation," Cisco spokesperson emphasized. (05:20)

4. ChatGPT’s API Vulnerability Exploited in Potential DDoS Attacks

Overview: A vulnerability in ChatGPT's API, recently discovered and now fixed, had the potential to be exploited for Distributed Denial of Service (DDoS) attacks.

Key Points:

• Nature of the Vulnerability: Researcher Benjamin Flush identified that the ChatGPT API did not limit the number of URLs per HTTP POST request, allowing attackers to send excessive connection requests.

• Potential Impact: This flaw could enable attackers to overwhelm targeted websites by cramming thousands of URLs into a single request. The vulnerability was rated with a CVSS score of 8.6.

• Service Outage: Coinciding with this period, ChatGPT experienced a temporary outage, displaying a bad gateway message to users worldwide. OpenAI acknowledged elevated error rates but has not provided a detailed explanation for the downtime.

Notable Quotes:

"The absence of URL limits in the API requests was a critical oversight," explained Benjamin Flush. (10:05)

"We are investigating the causes behind yesterday’s outage and will provide updates as soon as possible," an OpenAI representative commented. (10:45)

5. Subaru's Security Flaws Expose Tracking Systems for Millions of Vehicles

Overview: Researcher Sam Curry uncovered significant vulnerabilities in Subaru's web portal, compromising the security and privacy of millions of vehicles.

Key Points:

• Unauthorized Access: Curry discovered that the Subaru web portal allowed unauthorized individuals to unlock cars, start ignitions, and reassign control features to different devices.

• Tracking Capabilities: The portal's vulnerabilities enabled tracking of physical movements of Subaru vehicles down to specific parking spaces over the past year.

• Subaru's Response: Subaru asserts that only authorized personnel have access to the Starlink feature, are properly trained, and are bound by strict privacy and security agreements. The company also highlighted the presence of evolving security monitoring solutions to counteract modern threats.

Notable Quote:

"The ability to track a vehicle's precise location over an extended period raises serious privacy concerns," Sam Curry remarked. (15:30)

6. Magic Backdoor Targets Enterprise Juniper Routers

Overview: Black Lotus Labs has identified a new cyber campaign named "JMagic" that targets Juniper routers within high-value networks using an aged backdoor method.

Key Points:

• Attack Methodology: The JMagic campaign exploits a variant of the CD00R backdoor, a 25-year-old exploit that remains dormant until activated by a specific "magic packet."

• Impact of Exploitation: Once activated, attackers gain a reverse shell, enabling them to steal data, manipulate router configurations, and propagate within the network.

• Challenges in Detection: Juniper routers are often positioned at the network edge, lack comprehensive endpoint detection and response (EDR) capabilities, and are typically shielded by firewalls without running extensive monitoring software, making such attacks difficult to detect.

Notable Quote:

"The persistence of such old backdoors highlights the ongoing challenges in securing legacy systems," noted Nate Nelson from Dark Reading. (18:50)

Upcoming Events: CISO Series Live Streams

Steve Prentiss highlighted upcoming live streams for cybersecurity professionals:

• Super Cyber Friday | 1 PM ET: Focus on "Hacking Platformization," discussing the integration of data, tools, and processes for effective security programs.

• Week in Review Show | 3:30 PM ET: Featuring Sean Marion, VP and CSO at Xcel Energy, who will provide expert commentary on the week's security news.

Join these events by visiting the CISO Series Events Page.

For more in-depth stories and analysis, visit CISOseries.com.

This summary is based on the January 24, 2025 episode of "Cyber Security Headlines" from the CISO Series. All quotes are attributed to their respective speakers with corresponding timestamps.