Transcript
Steve Prentiss (0:00)
From the CISO series, it's Cybersecurity Headlines.
Unknown (0:07)
These are the cybersecurity headlines for Friday, January 24, 2025. I'm Steve Prentiss. TSA Cyber Chief David Pecoski ousted by new Administration Pekocki had been appointed during President Donald Trump's first term and led the way in issuing cybersecurity directives governing the air, pipeline and rail industries, end quote. His five year tenure was extended in 2022 by former President Joe Biden, and he was instrumental in the Biden administration's effort to, quote, address cybersecurity failures following the ransomware attack on colonial pipeline in 2021, end quote. No mention has yet been made as to the reason for the ouster or who will replace him. CISOs gain boardroom traction in influence but still lack soft skills, says Splunk. These facts are mentioned in a report by research company Splunk, now a subsidiary of Cisco. It is based on responses from 500 CISOs or equivalent, as well as 100 board members globally and is presented as part of ITS CISO Report 2025. This report says that 82% of security leaders now report directly to the CEO, up from 47% in 2023. A further 83% said they participate in board meetings somewhat often or most of the time, with many executives reporting, quote, excellent or very good working relationships with the CISO in areas like setting and aligning on strategic cybersecurity goals and communicating progress against milestones, end quote. Some of the areas where skills gaps are perceived to exist are in business acumen, emotional intelligence and communication. As expected, the two camps also remain distanced with regards to a belief that enough money is or is not being spent on cybersecurity efforts. Cisco fixes vulnerability in Meeting Management the company's warning focuses on a new privilege escalation vulnerability in the Cisco Meeting Management tool that could allow a remote attacker to gain administrator privileges on exposed instances. The vulnerability, which has a CVE number and also has a CVSS score of 9.9, was disclosed by Cisco on Wednesday. The company has since released a fix as Cisco meeting management version 3.9.1. The company also says there are no workarounds to address this vulnerability and therefore urges customers to update to this new version. Thanks to today's episode's sponsor, Vanta do you know the status of your compliance controls right right now? Like right now, CISOs know that real time visibility is critical for security, but when it comes to GRC programs they rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get secur questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that is v a n t a dot com headlines ChatGPT's API could have been used in DDoS attacks described as an example of bad programming A now fixed vulnerability discovered by German researcher Benjamin Flush allows an attacker to send unlimited connection requests through ChatGPT's API. He said the bug occurs when the API is processing HTTP post requests to the back end server and is due to the fact that the manufacturer OpenAI did not have a limit on the number of URLs that can be included in a single request, end quote. That error allowed an attacker to CRAM Thousands of URLs within a single request, something that could overload traffic to a targeted website. The vulnerability was assigned a CVSS score of 8.6 because it is a network based low complexity flaw that does not require elevated privileges or user interaction to exploit. ChatGPT goes dark temporarily in further ChatGPT news, the service went down temporarily yesterday, with users worldwide finding the generative AI tool unresponsive and providing a bad gateway message. Its developer OpenAI reported elevated error rates on its status page, but despite its recovery, no explanation for the outage has yet been provided. Subaru security flaws expose tracking system for millions of cars Sam Curry, a researcher with a long history of discovering vulnerabilities in automotive brands, has now revealed vulnerabilities in the web portal belonging to Subaru that allowed him to unlock a car, his mother's car car, actually start its ignition and reassign control of those features to a different phone or computer. He also discovered that the portal was able to track the physical movements of a Subaru down to a single parking space in front of any building, with data stretching back a full year. This was occurring within a Subaru feature called Starlink, intended for use by employees at Subaru of America. Subaru stated that the individuals authorized to use the technology receive proper training and are required to sign appropriate privacy security and NDA agreements as needed, and that the systems have security monitoring solutions in place which are continually evolving to meet modern cyber threats. A link to Curry's blog is available in the show Notes to this episode. Magic Backdoor Targets Enterprise Juniper Routers A new campaign discovered by Black Lotus Labs and named JMagic focuses in on Juniper brand routers at the edge of high value networks. According to Nate Nelson, writing in Dark Reading, such routers typically lack endpoint detection and response protection, are in front of a firewall, and don't run monitoring software, making the attacks harder to detect. In this instance, exposed enterprise routers are tapped with a variant of a 25 year old backdoor named CD00R, which stays dormant until it receives an activation phrase, also known as a magic packet, end quote. At this point, it grants access to a reverse shell from which its attackers can steal data, manipulate configurations and spread to more devices. As usual, we've got a busy Friday of live streams today. It starts at 1pm Eastern with Super Cyber Friday, where the topic will be hacking Platformization, an hour of critical thinking of how stitching together data, tools and processes is necessary for the success of your security program. Then at 3:30pm Eastern, we have our Week in Review show. Sean Marion, VP and CSO at Xcel Energy, will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoseries.com I'm Steve Prentiss, reporting for the CISO series.