Week in Review: Hackers pump stocks, Microsoft stops screenshots, AI encrypts cybersecurity - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines: Week in Review Summary
Hosted by CISO Series
Episode: Week in Review: Hackers Pump Stocks, Microsoft Stops Screenshots, AI Encrypts Cybersecurity
Release Date: May 16, 2025

Introduction

In this episode of Cyber Security Headlines, the CISO Series team delves into the most pressing cybersecurity stories of the week. With returning guest Nick Espinosa, host of the nationally syndicated Deep Dive radio show, the discussion spans from sophisticated hacker tactics in financial markets to groundbreaking advancements in AI-driven encryption. The episode promises expert insights, lively debates, and a deep dive into each headline.

1. Hackers Hijack Financial Accounts to Conduct Billions in Trades

Overview:
The episode kicks off with a concerning trend reported by Japan's Financial Services Agency (FSA), highlighting a surge in unauthorized access and trading activities. Hackers have manipulated nearly $2 billion through over 5,000 breached accounts, employing sophisticated pump-and-dump schemes to inflate stock prices before cashing in their profits.

Key Points & Discussion:

Mechanism of Exploitation:
Hackers access victims' accounts using stolen login credentials, sell stocks and securities to manipulate prices, and then sell their own holdings at the inflated values.
Nick Espinosa's Insights:
Nick draws parallels to historical market manipulation tactics, emphasizing the innovation behind using legitimate accounts for such schemes.

"This uses real actual investment accounts, stolen, obviously, but it inflates the stock prices... it's super hard to catch."
— Nick Espinosa [03:23]
Implications for Wall Street:
The discussion touches on the potential responses from financial institutions and the heightened need for robust security measures to prevent such sophisticated attacks.

2. AI-Encrypted Messages: Invisible to Cybersecurity Systems

Overview:
Researchers at the University of Oslo have unveiled Embedder LLM, an AI system capable of embedding encrypted messages within AI-generated text. This method renders the messages invisible to current cybersecurity tools, posing significant challenges for threat detection.

Key Points & Discussion:

Technical Breakdown:
Embedder LLM utilizes both symmetric and public key encryption to hide data in natural-sounding chatbot responses, making the messages pass unnoticed through standard messaging platforms.
Nick Espinosa's Analysis:
Highlighting the stealth and potential misuse of such technology, Nick warns about its implications for command and control (C2) operations in cyber threats.

"It's like steganography with a rocket launcher... the threat vectors here are damn near untraceable."
— Nick Espinosa [06:23]
Security Community's Response:
While recognizing the proof-of-concept nature of Embedder LLM, the conversation underscores the urgent need for evolving threat detection mechanisms to counteract such advancements.

3. Microsoft Teams to Block Screen Capture During Meetings

Overview:
Microsoft announced a new feature for Teams, set to roll out in July, that prevents users from taking screenshots during meetings. Attempts to capture screens will result in the meeting window turning black, and unsupported platforms may restrict users to audio-only participation.

Key Points & Discussion:

Feature Details:
The prevent screen capture feature will be available across Teams' desktop and mobile applications, aiming to enhance privacy and comply with regulations like HIPAA.
Nick Espinosa's Perspective:
Surprisingly supportive, Nick argues that even imperfect security measures are beneficial.

"I actually love this now. It promotes a culture of confidentiality and caution, especially when dealing with sensitive data."
— Nick Espinosa [10:10]
Challenges & Limitations:
The discussion acknowledges potential workarounds, such as video card captures, but maintains that the feature serves as a significant deterrent against casual data leaks.

4. New Intel CPU Flaws Leak Sensitive Data from Privileged Memory

Overview:
Researchers at ETH Zurich have discovered a branch privilege injection flaw affecting all modern Intel CPUs. This vulnerability allows attackers to access sensitive data from privileged memory regions, including operating system kernels and cryptographic keys.

Key Points & Discussion:

Nature of the Flaw:
The flaw exploits speculative execution processes within Intel CPUs, enabling data leakage from protected memory areas.
Nick Espinosa's Commentary:
Expressing concern over the broader implications, Nick compares the vulnerability to past significant flaws like Spectre and Meltdown.

"This vulnerability is technically significant and erodes trust in the hardware we use everywhere."
— Nick Espinosa [14:35]
Impact on Industries:
While the immediate risk to average users is low, the flaw poses substantial threats to cloud services, enterprise infrastructures, and government systems, where sensitive data is paramount.

5. European Vulnerability Database Goes Live

Overview:
The European Union Agency for Cybersecurity (ANISA) has launched the European Vulnerability Database (EUVD), paralleling the U.S. National Vulnerability Database (NVD). EUVD aims to catalog disclosed vulnerabilities, providing CVE identifiers and real-time updates from various sources.

Key Points & Discussion:

Purpose & Functionality:
EUVD serves as a centralized repository for vulnerabilities, enhancing Europe's cybersecurity posture by offering standardized information and dashboards for critical threats.
Nick Espinosa's Concerns:
Highlighting potential fragmentation, Nick voices apprehension about multiple vulnerability databases undermining the effectiveness of standardized systems like CVE.

"Introducing another database could muddy the waters and complicate vulnerability management."
— Nick Espinosa [18:26]
Call for Consolidation:
He advocates for increased investment in MITRE's CVE system to ensure global consistency and prevent the dilution of vulnerability reporting standards.

6. Coinbase Faces $20 Million Ransom Demand After Staff Bribery

Overview:
Coinbase reports that hackers bribed overseas support agents to access and steal customer Personally Identifiable Information (PII). Demanding a $20 million ransom, Coinbase has refused to comply, estimating internal resolution costs could reach up to $400 million.

Key Points & Discussion:

Breach Details:
While no passwords, private keys, or funds were directly compromised, the theft of PII poses significant risks to customer security and trust.
Nick Espinosa's Analysis:
Emphasizing the human element in cybersecurity, Nick criticizes the vulnerabilities inherent in outsourced support teams.

"Outsourced support means weaker oversight and less security training, making them prime targets for bribery and exploitation."
— Nick Espinosa [23:26]
Impact on Crypto Industry:
The breach tarnishes Coinbase's reputation as a trusted, regulated platform, potentially undermining confidence in the broader cryptocurrency ecosystem.

"This is a black eye not just for Coinbase, but for cryptocurrency in general."
— Nick Espinosa [25:27]

Conclusion

The episode concludes with a reflection on Meta's controversial AI training practices in Europe and a nod to the dynamic nature of cybersecurity threats. Nick Espinosa reinforces the importance of continuous vigilance and adaptability in the face of evolving cyber threats.

Notable Quotes:

"We are drinking the Kool Aid in a way that most users don't want to do this. And even if it's not foolproof, it does promote a culture of confidentiality."
— Nick Espinosa [10:10]
"This proof of concept is just going to really change the game and how we're approaching threat detection. It's absolutely insane."
— Nick Espinosa [06:23]
"The true cost of a data breach lies in the money spent on recovery, legal services, trust repair."
— Nick Espinosa [25:27]

Final Thoughts:
Listeners are encouraged to stay informed and proactive in their cybersecurity practices, leveraging insights from experts like Nick Espinosa to navigate the complex digital landscape.

Connect with Nick Espinosa:

Show: Deep Dive Cybersecurity Show (Nationally Syndicated)
YouTube: Nick Espinoza
Social Media: @Nick_A_ESP or @NickEspinosa
LinkedIn: Nick Espinosa

For More Information:
Visit CISOseries.com for full stories and additional resources.

Thank you for tuning into this week's episode of Cyber Security Headlines. Stay safe and informed!

Loading summary

Transcript47 lines

[00:00]
Host
From the CISO series, it's cybersecurity headlines. Hackers hijack financial accounts to conduct billions in trades. AI encrypted messages are invisible to cybersecurity systems. And Microsoft Teams to block screen capture during meetings. These are some of the stories that my colleagues and I have selected from this past week's cybersecurity headlines. And now we're looking forward to some insight, some opinion, and most certainly some expertise from our returning guest, Nick Espinosa, host of the nationally syndicated Deep Dive radio show. You know, Nick, this is your third appearance on the show, so of course we have to throw up the three timer star award. That's right. It's at the very top. How do I point at it? I don't know how pointing works. There we go. We're pointing at the stars. Nick, thank you so much for gracing us with your third presence. I gotta ask, how was your week in cybersecurity?
[00:54]
Nick Espinosa
Oh, how long do you got? So we learned a whole lot of things. AI is a new surveillance tool. You know, new different types of coping mechanisms to figure out behavioral control for disinformation. It's been absolutely nuts. Not to mention meta, which is the most punchable company in the history of companies, is rearing their ugly head in Europe. So, yeah, it's been a. It's been a fun week.
[01:19]
Host
It is the popped collar and frosted tips of giant technology companies.
[01:24]
Nick Espinosa
Yeah, yeah. If we're going 90s, it's the low rider that nobody should be using.
[01:29]
Host
All right, before we jump into the news, I have to spend a second and thank our sponsor for today, Vanta a new way to GRC. Remember to join us on YouTube live. Do so go to cisoseries.com hit that old events dropdown and look for the cybersecurity headlines Week in review image. It will be very apparent to you. You will find the show and then you can watch watch it, subscribe to our channel and have all sorts of fun. We'll try and address all your comments in the chat. I already see CCL getting lively in there. If anyone else is there, make sure you say hi and be friendly and help make the show just that much better. And we always appreciate everybody that can get involved there. We've got about 20 minutes. We'll get started. Just a quick reminder that these opinions are those of Nick Espinosa and not necessarily those of his friends, his employer, his staff, affiliates, and or clergy for that matter. Fair enough. So with that out of the way, let's jump into the news. Here. First up, hackers hijack financial accounts to conduct billions in trades. Japan's Financial Services Agency, or fsa, is warning of a sharp increase in the number of cases of unauthorized access and unauthorized trading through online trading services in the first three months of 2025, with almost $2 billion in funds moved by hackers from 5,000 breached accounts, which is a lot of money. The FSA said hackers gain access to a victim's account through stolen login information and use them to sell stocks and other securities. They then use the breached accounts to raise the price of smaller stocks that they themselves have purchased. Then once the stock price increases, they sell off their stock and earn a profit on that inflated value. Nick, certainly an interesting twist here. Not unprecedented, certainly, in terms of stock market manipulation. We've seen this on a much, maybe smaller scale, but a great way to literally make money rather than just stealing it. I'm curious, does this type of creativity impress you? Is this more normal than it appears? What are your thoughts on this?
[03:23]
Nick Espinosa
Well, I mean, so first things first. What I think we have here is a Compton, Long beach situation, right? Thinking about it here, and Lord knows I'm not a fan of cybercrime, but I do love me and appreciate some innovation when I see it. And here we are. So think about the two key elements that we've got going on with this, right? We've got the cyber intrusion, AKA credential theft and unauthorized access to the account account. And then on top of it, we've got market manipulation, AKA pump and dump. Not just for cryptocurrency anymore. And so these are things that are absolutely nuts. And I've been thinking about this one for a little bit here for the past week or so. But unlike traditional pump and dump scams, where essentially they're just manipulating retail investors through misinformation, this one uses real actual investment accounts, stolen, obviously, but it inflates the stock prices like you said. And then it's doing it, but it's doing it through legitimate trades. So it's super hard to catch. And it's always retroactive. And a lot of this crime is, but this one is very much. So think about the logistics of the security here. You're bypassing the need to convince outsiders to buy stock, right? So no more pig butchering scam. You're just doing it yourself. You're avoiding detection because these manipulated trades look legit, right? I mean, they're coming from legit accounts. And then it amplifies financial gain by sinking these cyber capabilities with the financial Market vulnerabilities. I mean, is Wall street taking notes here?
[04:47]
Host
Don't give them any ideas. Stop.
[04:48]
Nick Espinosa
I mean, Lord knows. Here's the. Here's the new way. Walmart's gonna. Or Wall Street. Walmart. Walmart's gonna. Wall Street's gonna react. And so I think right here, we're probably gonna see some trading firm give us a whirl in the United States, given our regulations or lack thereof. So we'll see.
[05:03]
Host
Yeah, it's one of those instances where, yeah, you're. You're not just trying to, you know, grab all the money. You're trying to use the platform as intended, just in a strategic way. That is, that is, as T.J. williams pointed out, crafty, but illegal. Let's not mince words here. Creative, yes, but still on the wrong side of just about every conceivable.
[05:26]
Nick Espinosa
And now, you know, we're in trouble. So here we are.
[05:29]
Host
All right, next up here, scientists use AI to encrypt secret messages that are invisible to cybersecurity systems. Researchers from the University of Oslo have developed Embedder LLM, a system that hides encrypted messages in AI generated text messages, making them invisible to current cybersecurity tools. The technique embeds data into natural sounding chatbot responses and can be sent through any messaging platform. It supports, excuse me, both symmetric and public key encryption and is supposedly resistant to quantum decryption as well. Nick, obviously this is still a proof of concept and one that has not yet been peer reviewed, but certainly intriguing as a digital form of invisible ink that seems to have a wide variety of use cases. Right. Some of them not terror inducing, especially with kind of the idea, like the quantum resistance stuff. We'll see when quantum computers actually exist. But I'm curious, what's your take on this?
[06:23]
Nick Espinosa
I mean, leave it to the home of giants to innovate on this one, right? You know the reference, right? And I do love me some steganography, but this is like steganography with a rocket launcher and a letter from the new pope. Chicago, by the way, not bad. All right, so think about it this way. The output looks like any other chatbot response or casual message. Right? So this is like super hard to detect for current threat detection systems because it just looks natural. Right. And traditional detection is tuned to flag abnormal patterns known as stenographic stenography. Like methods. But. And I always, for the record, always screw that up. I say stenography when I meant steganography. It's a thing I always do. I don't know anyway, but let's talk about the threat vectors here, because this is damn near untraceable cnc, right? Command and control, the jerks of the cyber world could seriously issue instructions to compromise devices via what looks like a simple chatbot output. And on top of it, the security tools aren't going to flag this. It blends into normal communication. So it's genius. Like, if you're really thinking about it, espionage and information exfiltration, I think is going to get turned up to 1111 on this. Leaked data basically could be embedded in AI generated emails, chat messages, all this kind of stuff embedded in plain sight. I mean, you know how many Russians were on the Norwegian team? That's really what I want to know because I think this proof of concept is, is just going to really change the game and how we're approaching threat detection. It's absolutely insane.
[07:54]
Host
The good news here, right, is that this is a proof of concept developed by researchers, not something that we accidentally discovered after it already did a bunch of harm. Not to say that a similar system couldn't already exist, because threat actors, as we've just discussed, love the creativity.
[08:08]
Nick Espinosa
Right?
[08:08]
Host
But like, that is the encouraging sign, right? It's like they're looking into this problem because it can be so damning, just like rampant and out of control.
[08:17]
Nick Espinosa
Right, Right. But how many intel teams are looking at that saying, we're picking up what you're putting down and trying to reverse engineer the heck out of this thing? Right. I mean, if they've got a proof of concept that actually works. Here we go. Right? So it's absolutely nuts. Now that said a lot of command and control, if we're identifying those bad IP addresses, it's going to. Hopefully the firewalls can shut it down or at least block it. But nevertheless, traditional threat detection just goes right out the window with stuff like this. So here we go.
[08:46]
Host
Shout out to TJ Williams for the original version of this. Font size 0 in white.
[08:51]
Nick Espinosa
I've signed many contracts with that, I'm sure.
[08:55]
Host
All right, next up here, Microsoft Teams will soon block screen capture during meetings. Microsoft has announced it will introduce a new prevent screen capture feature in teams starting in July, which will block users from taking screenshots of sensitive information during meetings. When a screenshot is attempted, the meeting window will turn black. Users joining from unsupported platforms will be restricted to audio only mode to protect content. The feature will be available on teams, desktop apps for Windows and Mac, as well as mobile apps on iOS and Android. Though the motivation behind this product Certainly legitimate, given the need for privacy and stringent regulations. You know, thinking about, like talking about HIPAA and the bevy of regulations that need this kind of privacy seems a little clumsy and imp, you know, a la Clippy or something like that. Especially given that, as Microsoft themselves say, screenshots can still be taken in other ways. I'm thinking of a Microsoft feature, I may have heard of it, called Recall, which is a series of endless screenshots that your system is taking. And nothing makes people say I love teams video chat more than having your screen go dark and being audio only, especially for the sad Linux user in your life. Am I wrong in thinking that this is perhaps a flawed idea here, Nick? Or what are your thoughts on it?
[10:10]
Nick Espinosa
Oh man. I mean, think about it this way. This could mean we just stop using teams altogether and go back to Zoom. And we do need to keep our Chinese overlords happy here. So Microsoft, good on you for that one. But seriously though, I actually love this now. The reason why I do is, okay, one, the FedRamp side of the Microsoft house, the GovCloud side, has had this forever because of data loss prevention and all of that. So the compliance nerd in me absolutely loves this. And on top of that dlp, we're talking about dlp, access control, monitoring of information disclosure. Oh my, that's the trifecta of fun for compliance right on top of it. The psychology nerd in me absolutely loves this too, right? I mean, this really does signal to the users that security is being actively enforced. We're drinking the Kool Aid in a way that most users don't want to do this. And even if it's not foolproof, you know, Microsoft recall the ever loving data breach ongoing from Microsoft feature coming soon to you. These are things that I think reduce that impulse for data leak, right? Like, oh, that's interesting, I'm going to screen snippet or oh, that's interesting, I'm going to do something like that where no, you don't have the ability to do it. I mean, whipping out your phone, taking a picture, you can't do everything, right? But it does promote a culture of confidentiality and I think, and caution, especially when you're dealing with sensitive data. Plus you can turn this thing off and on, right? So if you're dealing with sensitive data, you know, here we go, right? So yeah, I mean, I can see what you're saying about, you know, the screen going dark, but I don't think we're going to end up with some kind of stigma you know, like this, you know, for this thing like, you know, being the only Android in an iPhone group chat, you know, that kind of thing. You know, I don't think this is a scarlet letter in a meeting. It just, I just think it's good security.
[11:51]
Host
Yeah. And the CCL points out, in our chat, he points out like, oh, like you could use a video card capture to, you know, if you really wanted to be clever and stuff like that. But Nick, I think that's a really important point though is like something that isn't perfect can still be better than not having it at all. Is it a, is it a also a play to further lock you in on teams? I'm sure it is, but probably for good reason. Like you said on, you know, on the Fedramp side of stuff, they need that, like this is, this is table stakes for stuff that, that they're going to need and it's a great way to figure out who the admin is on your team's call when someone has to turn it off.
[12:23]
Nick Espinosa
Indeed. Right. And how many companies are in Microsoft that aren't going to spend the absolute Ferrari money to go to FedRamp when they don't need it because they're not working with federal but have a huge amount of intellectual property they want to protect. So I think it's a good thing overarchingly and if you really hate it, turn it off. Just like you can Microsoft recall coming near you. Coming soon to you Lord.
[12:47]
Host
Also coming soon to you right now is a word from our sponsor for today, which is Vantom. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's V A N T A dot com headlines. All right, next up here in the saga of style of flaws that never end, new Intel CPU flaws leak sensitive data from privileged memory. According to researchers at ETH Zurich, a new branch privilege injection flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software. Things like operating system kernels, along with critical data, talking passwords, cryptographic keys and memory of other processes. Otherwise known as the whole kit and caboodle. Nick, this flaw belongs to specialized hardware components that try to guess the outcome of branch instructions. Speculative execution we're talking about here. Bleeping computer writes. The risk is low for regular users and attacks have multiple strong prerequisites to open up realistic exploitation scenarios. That being said, applying the latest updates is recommended. I love that addendum. So, in other words, don't worry, but also certainly worry. I'm curious, what are your thoughts?
[14:36]
Nick Espinosa
It's like a monkey with a machine gun at Intel. All right, so think about it this way. Thank you, Intel. The risk may be low to Joe Schmo, you and I, but the vulnerability itself, I think is actually pretty technically significant. So think about the whole spectre and meltdown mess that we went through, right? Flaws like that actually erode trust in the hardware that we use literally everywhere. And in this case, I think it's going to harm public confidence if the public actually pays attention to this stuff, right? It's not just the nerds of the world. So consider it this way. Even though this exploitation is difficult, this level of theoretical access is devastating to things like cloud service environments, shared enterprise infrastructure, sensitive government or military systems. They're the ones buying the, you know, special software, special hardware. So everybody's using intel processors in general, and we're just assuming it's only going to stay, you know, with their unique, you know, set of modern processors. And sorry, amd, much love here, but we all know Intel's market share, right? You know, and I mean, that's what it is. So even then longitudinally, what happens, right? Everybody gets the memo. And now organizations like cloud infrastructure, military, etc. Have a choice to make. Do they simply accept the low risk and keep the CPUs on patch? Because we all know when intel patches processors, they slow down. Or do I just calculate the performance hit that I'm going to take, right? And then I patch it in the name of security, which means I'm going to have to buy even more flawed CPUs from Intel and infrastructure to fill the gap that I'm going to create. So I mean, you know, hello Rock, meet hard place here, right? And I, and I think this is going to be a perpetual thing. We always are going to have hardware vulnerabilities, you know, spectrum meltdown. We're over 20 years, you know, of a vulnerability until somebody figured it out, right? So I think we're Just looking at it, probably another one of these and I kind of hope it's not going to spread to the processors that we're buying like the i9s of the world. But I mean we're going to see, right?
[16:35]
Host
Yeah, I would love to see that business case study. Right. Because you know, we always talk about, you know, CISOs, they're managing risk. Right. You're never going to eliminate entirely, but you're trying to manage it. And yeah, having that very real like business process of this will have a productivity hit. Like our processors will be able to do less if we choose to mitigate this or we can choose to accept something that's fairly niche. But if I'm AWS or Azure or whoever, I'm also know I have, I also have a giant target on my back at all times for very sophisticated threat actors. So I would love to see that business use case of being like, you know, is it worth, you know, you know, Microsoft already canceled a bunch of data centers, but I have to fire one more up for all the patch CPU loss performance that they'll have to deal with here.
[17:18]
Nick Espinosa
Right. And in 50 years when we're all lined up in front of the data center begging for water, we'll blame intel for part of it.
[17:24]
Host
Yes, yes. If we only had 5% more, we would get a little bit more water.
[17:29]
Nick Espinosa
Here we are.
[17:30]
Host
All right, next up here. European Vulnerability Database is online. The European Union Agency for Cybersecurity ANISA has now released a full version of a database first announced in last last June, which just like the US Government's National Vulnerability Database will identify disclosed vulnerabilities. It does what it says on the TIN with unfortunate acronym of EUVD. The database will carry standard CVE assigned IDs and EUVD identifiers as well as having dashboards for critical and actively exploited vulnerabilities and near real time updates. At least that's what they're boasting from open source databases, vendor guidelines and national advisories. Nick, it is of course normal for different economic regions, areas of the world to maintain their own systems for cybersecurity. I'm curious though, do you see this parallel project being a help or a hindrance given the kind of dubious state of the NVD right now?
[18:26]
Nick Espinosa
Right, right. And real quick, I mean before we dive into this, I mean, is it me or does EUVD sound like something I'd go see a doctor in Amsterdam for after I can track something in the red light district?
[18:36]
Host
I'm just saying, I mean, at least we have Penicillin.
[18:39]
Nick Espinosa
Yeah, yeah, there you, There you go. I. My God. But, okay, I need to go off on a slight tangent on this one because this one actually kind of pisses me off. And the reason why, and you might know where I'm going with this, is simply this. I love me some mitre, right? I love me some, some CVE database which the entire world has consistently looked to for common vulnerabilities that need protecting. I actually did a 20 to 25 minute PowerPoint presentation on my YouTube channel on this one. I think it's that important. And the recent defunding and then the 11th hour reprieve, I'm not getting into that. But, but, but that is, I think, really a shot across the bow because it really underscores the necessity that, that MITRE has basically a single sole funding source, right? And that's the U.S. government. And it can't be that anymore, right? CDE keeps us all on the same page and has done that consistently for years. And while we have some other players out there, like some of the ones you just mentioned, nvd, now, the new EUVD thing, you know, I think this could muddy the waters a little bit. So. And if you think about it, we already have the nvd, the osv, the Vuln db. There's a whole bunch of them out there. MITRE has always been mitre. CVE has always been that centralized place that everybody has either copied from or gone to, because that common vulnerability and CWE as well, you know, are so unbelievably important. And now we're going to throw a whole other, you know, database on top of this coming out of Europe. And I think that this is one area in cybersecurity that we simply cannot be fragmented in. You know, we have pretty much standardized on the cve and to create other systems, I think is not necessarily good. What I'd rather see is like the European Union and also Google, who basically runs the osv, and some others start investing in MITRE alongside the US government, which I hope continues the funding and everything else. That way it ensures the continuity of service that the CVE has been for years and years and years. I mean, think of all the ISACs that plug into this. Think about all the people that, that look at this. When I'm looking up, you know, I get a notice from some hardware or software manufacturer, I'm going to cve, they're linking cve. I mean, it's just, you know what it is. I mean, and if they're taking donations as a confirmed Thousandaire myself, I throw them a couple of bucks. I mean, you know, it's that important. Right. And so here we are. I think it's. I'm not a fan of what Europe's doing. I'm glad we're all getting on the same page for vulnerability, but I just, I just want it to be around MITRE cve. They should be investing there.
[21:06]
Host
Yeah, I wish this wasn't. Didn't seem like as much of a spotlight on kind of the, the structural dependencies. Right. That MITRE is under, you know, and that.
[21:16]
Nick Espinosa
Yeah.
[21:17]
Host
I mean, very clearly less than a month ago, we had it, we just had a giant spotlight of, of how that could fall down extraordinarily quickly. Yeah. And like I'm of two minds. I mean, one, like this is a. I don't blame anyone for wanting some regional independence from, from one source. But at the same time, anytime you're introducing ambiguity, latency to what is already a fraught process where, you know, not to be a cliche, but every second counts and stuff like that. Like.
[21:45]
Nick Espinosa
Right.
[21:46]
Host
Like you don't want a lack of clarity when it comes to vulnerabilities like this. So that is, that is the fear there.
[21:53]
Nick Espinosa
Yes, yes. This should be a competitive landscape. This should be a unifying landscape where we all agree on a common vulnerability system, whatever that is. Right. And right now the king we all know is cve. Right, It's MITRE cve. And, and I think that that needs to have its independence worldwide. Maybe that means it's opens up offices around the world to ensure continuity, whatever that is. But I think everybody should be funding that and everybody should consolidate behind that because it keeps everybody. I don't care what language you're in, you know, like, you are, you are. We are all standardized on cp. I think it's so unbelievably important.
[22:28]
Host
All right, well, our last story for today. Coinbase says hackers bribe staff to steal customer data and are demanding $20 million in ransom. Coinbase says attackers bribed overseas support agents to seal sensitive customer PII data, although no passwords, private keys or funds were taken. Coinbase says it refused to pay a $20 million ransom, but did say the breach may cost up to $400 million to resolve internally while it cooperates with law enforcement and enhances security measures. So, Nick, we started this episode with the story of sophisticated hackers using clients accounts to manipulate stocks. And we end the show with good old fashioned bribery. Once again, humans, MVPs for being the easiest targets in a security platform. Coinbase has had its share of Troubles recently, and $400 million seems like an awful lot of money to fix their system. I mean, that's like, I don't know, 3800 Bitcoin or like a Qatari 747 luxury jet. Just off the top of my head, I'm curious, what's your take on this?
[23:26]
Nick Espinosa
Well, and for the record, $400 million gets you a Qatari jet that they've been trying to sell since 2020 because the royal family had already upgraded to something better. So let's, let's just, let's, you know, call a spade a spade here. Right? So let's talk about this one, because how do you get an overseas support agent to play along with you? Money, money, money. That's. That's what we're talking about. This is always an issue. And in general, think about what an outsourced support team is. They should always be on an organization's risk register. Companies that outsource to places like India, Pakistan and other places where the labor is much less expensive to purchase is essentially that risk, because that means labor is also paid a little for their work. If you're getting a support agent for 40 bucks an hour when it's in the United States, $150 an hour, the dude's probably making 10 bucks an hour, right? So offering them a solid bribe in good old US dollars and baby, we got a stew going, right? I mean, that's what we're talking about here. And so think about what Coinbase or any company is dealing with when they are basically running overseas third party support, right? They have access to sensitive customer data overseas. The support does. There's weaker oversight typically in these, especially for vetting for supply chain due diligence. They oftentimes don't have the same standards. They've got less security training in general. And so is it worth $400 million to Coinbase to keep going like this with a clear supply chain due diligence? No, absolutely not. Right, but, but it will teach us all a lesson, which is essentially the true cost of a data breach lies in the money spent on recovery, legal services, trust repair, which is the big one. And I think system hardening and on and on. And so finally, I just want to say this. I think this damages the crypto industry in general. Not to say that all the pump and dump schemes we talked about earlier and junk that happens in crypto didn't really take a big swing at that reputation. But, but, but let's talk about this, because think about what Coinbase has been in the crypto world. Their reputation has been one of. Yeah, we're a regulated trusted platform. I've got a Coinbase account and in order to hook up, I needed a driver's license. It wasn't some shady third party.
[25:28]
Host
They're the adults in the room. In a very.
[25:30]
Nick Espinosa
Yes, yeah, yes, the adults in the room. That is perfect. That reputation just got heavily damaged as a result of this. Plus, given this economy, you know, at this point, I mean, who's investing in crypto? You should be investing in canned goods and shotguns. I mean that, that's the long term ticket right now. So. So we'll see what happens. But I think this is a black eye, not just a Coinbase, but to cryptocurrency in general, especially when you're looking at those investors that saw a Coinbase as, let's say the chase bank of the cryptocurrency world, where you had standards and practices. So here we go.
[26:02]
Host
And shout out to Michael Vinding in our chat, who also points out making customers whole. I think part of that would go certainly into repairing trust. Right. You lost money, hey, maybe get some of that back. Certainly a big part of it. So thank you, Michael. And giving us a direct quote from Coinbase's email on that, go into the sources. Michael Vinding, thank you so much for that and thanks to everybody that was in our chat today. Maxtronic, TJ Williams, CCL and of course Michael Vinding that we said there. We really appreciate everybody helping make the show a little extra fun. And hey, going to the primary sources, always a big appreciation. Before we get out of here. Nick, was there any story that was a thumbs up or an eye roller for you today?
[26:45]
Nick Espinosa
Oh, so all these stories were great. But I also have to say that one of the other big issues that we had was essentially Meta, like Meta this week. And we didn't cover it, cover it here, but they just in Europe opted in all the Europeans once again to AI training, even though the Europeans opted out and Meta's totally fine with that. And the EU is not a fan. And Meta, once again, the most punchable company in the history of companies, certainly.
[27:11]
Host
The most eye rollable companies for the purposes of this segment. Well, Nick Espinosa, host of the Deep Dive radio show. Fantastic. Bring in the great takes making Carl Weathers Arrested Development references just off the cuff. Truly tremendous. Where can people find you on the cyberspace and on the radio waves if they're so inclined?
[27:31]
Nick Espinosa
Yeah, yeah. So my show is the Deep Dive Deep Dive Cybersecurity Show. It's nationally syndicated so hopefully on an NPR or public radio affiliate near you. You can Find me on YouTube, Nick Espinoza or on any one of the social medias at either Nick A ESP or Nick Espinosa. Come say hi. Come connect to me on LinkedIn. We'll hang out.
[27:50]
Host
We will have links to all relevant items in the show notes so make sure you check those out. And a big thank you also to our sponsor for today, Vanta A New Way to grc. Again, another huge thank you to our audience making the time to be here live. I truly appreciate it. I know it is a non trivial ask on a Friday so you are awesome for being here. And if you've ever thought about it, you too can be awesome as well. Remember to join us next week for another Episode of the Week interview that starts at 3:30pm Eastern. Put it on your calendar, tell your boss you're busy. It's okay. Come on over to YouTube. Just head on over to Cisoceries.com, look for the events page for more information or subscribe to our YouTube channel. In the meantime, you get your daily news fix every single day through Cybersecurity headlines. Give us about six minutes, we'll get you all caught up until the next time we meet. For myself, for our glorious producer Steve Prentiss, for Nick Espinosa, for all of us here in the CISO series family, here's wishing you and yours to have a super sparkly day. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.