Cyber Security Headlines: Week in Review
Hosted by CISO Series
Release Date: March 21, 2025

Introduction

In this episode of Cyber Security Headlines, hosted by Rich from the CISO Series, the discussion centers around the most pressing cybersecurity events of the week. Rich is joined by returning guest Christina Shannon, CIO at KIK Consumer Products, marking her third appearance on the show. Together, they delve into significant stories such as Google's acquisition of Wiz, legislative efforts to bolster water utility cybersecurity, the resurgence of Hellcat's JIRA attacks, a major data breach involving Spy X, and notable supply chain attacks targeting GitHub and auto dealerships.

1. Google Acquires Wiz for $32 Billion

The episode kicks off with the headline-grabbing news of Google's acquisition of the cybersecurity firm Wiz for a staggering $32 billion. According to Rich, this move is Google's largest acquisition to date and is strategically aimed at strengthening its position in the competitive cloud market amid rapid advancements in artificial intelligence.

Key Discussion Points:

• Market Positioning: Christina Shannon highlights that while AWS and Microsoft Azure are traditionally seen as the dominant cloud providers, Google's acquisition of Wiz is a significant step towards increasing its market share. She remarks, “This will Wiz is a great product. So I think adding that to their cloud platform, as long as it's integrated well, could give them a big boost in terms of customers.” (00:41)

• Competitive Landscape: Rich adds that the acquisition makes sense in the broader context of the public cloud race, emphasizing that Google is not necessarily overstepping in a market dominated by major players.

Conclusion: The acquisition is viewed as a strategic enhancement for Google's cloud services, potentially leveling the playing field against AWS and Azure by bolstering its cybersecurity offerings.

2. Senate Bill for Improved Cybersecurity in Water Utilities

The conversation shifts to legislative efforts aimed at improving cybersecurity within water utilities. The Senate is reintroducing the Cybersecurity for Rural Water Systems Act, initially stalled during the 118th Congress.

Key Discussion Points:

• Legislative Importance: Christina expresses cautious optimism about the bill’s prospects, stating, “I look at this as like a public safety hazard, right? This right in the same category as critical infrastructure.” (06:25)

• Current Challenges: Only 20% of U.S. water and wastewater systems currently have basic cyber protections, underscoring the fragility and neglect of this critical infrastructure.

• Government Role: Christina advocates for foundational cybersecurity measures, comparing them to workplace safety regulations, and emphasizes the need for public-private partnerships and state-level initiatives if federal legislation stalls.

Conclusion: Strengthening cybersecurity in water utilities is deemed essential for public safety, with the bill offering a crucial framework to address existing vulnerabilities.

3. Hellcat's JIRA Campaign Strikes Again

A significant cyber attack targeting JIRA servers worldwide by the threat group Hellcat is the next major story discussed. The attack on ASCOM, a global telecommunications provider, involved compromising the IT infrastructure and technical ticketing systems.

Key Discussion Points:

• Vulnerability of JIRA: Christina emphasizes the sensitivity of JIRA as a repository of valuable data, including project details and source code. She advises, “Start with multi-factor authentication... ensure that you have least privileged controls applied.” (10:15)

• Organizational Challenges: The conversation touches on the often siloed nature of development and security teams, which can hinder comprehensive security measures for tools like JIRA.

Conclusion: Organizations using JIRA must implement robust security protocols, including multi-factor authentication and strict access controls, to safeguard against such targeted attacks.

4. Spy X Suffers a Data Breach

The episode covers a recent data breach involving Spy X, a company offering consumer-grade spyware marketed for parental control over children’s devices. The breach exposed records of nearly 2 million individuals, including thousands of Apple users.

Key Discussion Points:

• Corporate Use Risks: Christina discusses the potential dangers of deploying such spyware within corporate environments, highlighting the necessity for clear acceptable use policies and stringent data privacy measures. She states, “If Companies want to do that, you got to look at what's my acceptable use policy and probably update that.” (14:14)

• Transparency and Governance: Emphasizes the importance of transparency with users regarding data usage and securing platforms against breaches.

Conclusion: The Spy X breach underscores the critical need for companies to govern the use of monitoring software carefully and ensure robust data protection mechanisms are in place.

5. GitHub Action Supply Chain Attack

A supply chain attack targeting over 23,000 GitHub repositories via compromised personal access tokens has raised alarms about the security of open-source projects. Attackers injected malicious code into workflow logs, posing significant risks to CICD pipelines.

Key Discussion Points:

• Securing CICD Pipelines: Christina recommends utilizing key vaults for managing secrets, implementing automated rotation, and conducting vulnerability scans before committing code. She advises, “Use a key vault... do automated rotation... and scanning your code for vulnerabilities.” (16:53)

• Defense in Depth: Emphasizes the importance of multi-layered security approaches, including multi-factor authentication and robust IAM controls, to protect against such threats.

Conclusion: Strengthening CICD security through comprehensive secret management and proactive vulnerability scanning is essential to mitigate supply chain risks in open-source environments.

6. Supply Chain Hack Targets Over 100 Auto Dealerships

The final major story involves a supply chain attack that compromised over 100 auto dealership websites through malicious code injected via the LES automotive video service. This attack deployed a remote access Trojan via PowerShell, emphasizing the evolving threat landscape.

Key Discussion Points:

• User Awareness Training: Christina highlights the necessity of evolving security awareness programs to address new threats like click fix scams. She suggests, “Start thinking about this before I just click it or before I copy and paste malicious code.” (19:12)

• Resilience and Response: Discusses the importance of building organizational resilience to quickly respond and recover from such attacks.

Conclusion: Continuous adaptation of security training and robust incident response strategies are crucial in combating sophisticated supply chain attacks.

Community Engagement and Wrap-Up

Throughout the episode, Rich acknowledges active participation from listeners via the show's live chat, highlighting contributions from regulars like Stuart Sandstrom, David Spark, and Kevin Ferrell. He commends Christina Shannon for her insightful contributions and encourages listeners to connect with her on LinkedIn.

Notable Quotes:

• Christina Shannon on the importance of water utility cybersecurity: “This right in the same category as critical infrastructure.” (06:25)
• On securing JIRA environments: “Start with multi-factor authentication... ensure that you have least privileged controls applied.” (10:15)
• Discussing evolving threat landscapes: “This is one of those times where that you always hear the term it's an evolving threat landscape.” (19:12)

Conclusion

The episode concludes with a reminder of upcoming events and episodes, including the next Super Cyber Friday discussion on fragmented IAM. Rich extends gratitude to Christina Shannon for her valuable insights and encourages listeners to stay engaged through the CISO Series’ various platforms.

For more detailed discussions and daily updates on cybersecurity, visit cisoseries.com and join their live events to stay informed and connected with cybersecurity professionals.