Sean Kelly (0:00)

From the CISO series, it's Cybersecurity Headlines these are the CyberSecurity headlines for January 2, 2025. I'm Sean Kelly. U.S. soldier arrested for alleged leak of Trump and Harris call logs in an update to a story we covered in late November, authorities have arrested a 20 year old US army soldier, Cameron John Wagenius, for allegedly selling confidential phone records in online forums last November. Cross Krebs on security connected Wigenius to online alias Kyber Phantom, who claimed to have hacked 15 telecom firms. In November, Kyber Phantom posted what they claimed were AT&T call logs for President Elect Trump and Vice President Harris. It's not yet clear if the data was genuine, but AT and T did suffer a major theft of customer data as part of the Snowflake account breaches last year. In his latest report, Krebs spoke with Wegenius Mother, who confirmed his connection to the Snowflake hacker. Iranian and Russian Entities sanctioned for election Interference On Tuesday, the U.S. office of Foreign Asset Control, or OFAC, leveled sanctions against Iran's Cognitive Design Production center and Moscow's center for Geopolitical Expertise. OFAC alleged these entities attempted to stoke sociopolitical tensions and influence the US electorate during the 2024 US election. Back in August, Meta said it blocked WhatsApp accounts used by Iranian threat actor Charming Kitten to target individual in several countries, including the U.S. the Treasury Department said the Kremlin has developed a vast ecosystem of Russian proxy websites, fake online Personas and front organizations that give the appearance of being independent news sources. Rhode Island's Health benefits data leaked following up on a story we brought to you two weeks ago on cybersecurity headlines. Cybercriminals have now leaked stolen data from Rhode Island's health benefits system onto the dark web. The RI Bridges system was designed by consulting firm Deloitte and supports state programs like Medicaid, child care assistance, long term care and health source RI Insurance. Deloitte is investigating and has been in contact with the responsible threat actor Braincipher. However, it remains unclear exactly what data was leaked. Governor Daniel McKee said that the state is informing affected individuals with instructions on how to access free credit monitoring. Rhode Islanders are urged to protect their financial information by freezing and monitoring their credit, enabling multi factor authentication and avoiding phishing scams. New Details about hijacked Chrome Extensions in another update to a story we brought to you on Monday, new details have emerged about a phishing campaign targeting Chrome browser extension developers. Although initial reports focused on an extension from security firm Cyberhaven, subsequent investigations revealed the campaign affected at least 35 extensions collectively used by Rough, roughly 2.6 million people. The attack leverages a phishing email appearing to come from Google and claiming the dev's extension is in violation of Chrome Web Store policies. Victims are then directed to an attacker hosted OAuth application where they are asked to grant permission to manage their Chrome extensions. The attackers then inject data stealing code into the extension and publish it as a new version. The malicious extensions aim to steal user Facebook credentials and have the ability to bypass multi factor authentication and capture mechanisms. While recent reports indicate the campaign started around December 5, bleeping computer identified that related command and control subdomains existed as far back as March of this year and now we'd like to thank Today's episode sponsor ThreatLocker do zero day exploits and supply chain attacks keep you up at night? Worry no more. You can harden your security with Threat Locker. Threat Locker helps you take a proactive default deny approach to cybersecurity and provides a full audit of every action allowed or blocked for risk management and compliance. Onboarding and operation are fully supported by their US based support team. To learn more about how ThreatLocker can keep your organization running efficiently and protected from ransomware, visit threatlocker.com that's T H R E A T L O c k e r.com Harley Davidson allegedly Targeted by Cybercriminals According to a recent report, a threat actor dubbed 888 claimed in a post on an underground forum that it hacked systems of Harley Davidson stole over 66,000 customer records. Harley Davidson has yet to issue any statement addressing or confirming the incident. 888's posts state that compromised information includes personal details such as names, addresses, emails and other vehicle related preferences. The threat actor posted a data sample presumably exfiltrated from the company's systems or from a third party vendor. New Double clickjacking exploit bypasses protections on major websites Threat hunters have identified a new vulnerability that allows for account takeovers in almost all major websites. Clickjacking is an attack that tricks users into clicking on seemingly innocuous webpage elements, leading to the deployment of malware or exfiltration of sensitive data. Security researcher Paulo Siobello explained that double clickjacking takes advantage of a double click sequence that enables attackers to seamlessly swap out benign UI elements for sensitive ones in the blink of an eye. Unfortunately, this new attack bypasses all known clickjacking protections and therefore browser vendors will now need to adopt new standards to defend against it. NATO plans to build satellite links as Backups to undersea cables 95% of global data traffic is carried through undersea fiber optic cables. Because roughly 100 undersea cables get severed each year, NATO is working to improve resilience of this critical infrastructure. NATO's Project Heist will enlist engineers to develop smart systems to quickly locate cable breaks and develop protocols to automatically reroute affected to satellites. While satellites are the primary backups for undersea cables, their bandwidth is far behind physical connections. Work is underway to upgrade satellites from radio transmissions to lasers, increasing the speed by about 40 times to 200 gigabits per second. While Starlink satellites have already adopted laser technology, other tech companies like Amazon continue to develop their own versions. Coincidentally, this week Finnish authorities seized a Russian ship after it allegedly damaged several submarine cables in the Baltic Sea. Air Fryer Espionage raises data security concerns While risks related to smart device hijacking are nothing new, since November, privacy concern related to use of air fryers has been gaining momentum on tech forums. Modern smart air fryers leverage AI, increasing their ability to collect and potentially expose personal information. The UK's Information Commissioner's Office recently released findings that certain air fryer models sold in the UK and the US possess the ability to eavesdrop on users through their mobile apps apps. In response, the ICO plans to introduce new guidelines for manufacturers of AI powered gadgets. In the meantime, users should keep connected device software up to date, secure home WI FI networks with strong passwords and monitor permissions granted to related applications. And that does it for today's cybersecurity headlines. But don't forget to join us this Friday, January 3rd for our week in Review show, where we'll be running down the top cyber news stories of the week with expert insights from our guest Quincy Castro CISO at. Just head over to cisoseries.com and click on Events to register to join us live. And while you're with us, don't forget to drop your own hot takes into our livestream chat. Thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. It.