Week in Review: More telecoms breached, Chase blocks Zelle, more DeepSeek bans - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines: Week in Review Summary

Released on February 21, 2025

The latest episode of Cyber Security Headlines by the CISO Series offers a comprehensive overview of the week's most impactful stories in information security. Hosted by Rich Stroffelino and featuring insights from returning guest TC Nijikowski, the episode delves into significant breaches, policy changes, compliance issues, and evolving threats shaping the cybersecurity landscape. Below is a detailed summary of the key discussions and expert analyses presented in the episode.

1. Telecoms Breached via Cisco Routers

Overview:
The episode opens with alarming news from Recorded Futures about ongoing breaches targeting telecommunications providers worldwide. The Chinese-backed Salt Typhoon Group has exploited unpatched Cisco iOS XE network devices, affecting telecoms in the US, South Africa, Italy, and Thailand. This incident is distinct from a previous exploit involving different vulnerabilities and threat actors.

Expert Insight:
TC Nijikowski emphasizes the gravity of the situation, highlighting the multifaceted nature of the threat:

“This is something that we're not ready for in terms of really pulling together all these threads, crafting a whole of society response and facing this adversary. I think this is an example of essentially gray zone or hybrid warfare...”
(04:52)

He underscores the challenge of addressing widespread espionage and the limitations of traditional patching measures in mitigating such sophisticated, state-sponsored attacks.

2. Chase Blocks Zelle Payments on Social Media

Overview:
JPMorgan Chase has announced that starting March 23, it will delay, decline, or block Zelle payments to contacts on social media platforms. This decision comes in response to a surge in online scams leveraging Zelle's rapid, unsecured transfer capabilities. Bitdefender supports the move, advocating for Zelle's use strictly among trusted individuals.

Expert Insight:
TC Nijikowski critiques the decision, questioning its timing and effectiveness:

“The big banks wanted to have a product compete with Venmo and PayPal, and they just didn't build in consumer protection... this seems like a pretty broad control just disallowing anything from social media, period.”
(07:07)

He points out the inherent lack of purchase protection in Zelle, making it a prime target for scams, and discusses the broader implications of weakened consumer protections in digital payment systems.

3. Military Healthcare Outfit Settles Compliance Case

Overview:
HealthNet Federal Services (HNFS), alongside its parent company Centene Corporation, has agreed to pay over $11 million to resolve claims of falsely certifying compliance with information security requirements in a Department of Defense contract from a decade ago. Neither company admitted wrongdoing.

Expert Insight:
TC Nijikowski reflects on the persistent challenges of vulnerability and patch management:

“These are still challenges that a lot of organizations have, and maybe we're always going to have them... How do we maintain honesty and integrity within this large supply chain without the expense of validating their claims?”
(11:19)

He questions whether the settlement amount serves as a sufficient deterrent and emphasizes the difficulty organizations face in ensuring compliance across complex supply chains.

4. South Korea, Taiwan, and Australia Ban Deepseek App

Overview:
South Korea’s Personal Information Protection Commission has removed the Deepseek app from major app stores following security and privacy concerns. Taiwan and Australia have extended bans on Deepseek for government devices. Existing users can continue using the app or access it via the web.

Expert Insight:
TC Nijikowski contextualizes the ban within geopolitical tensions:

“In South Korea, their president was impeached recently, and there are concerns about Chinese interference... This is happening within the context of what's affecting that nation and their relationships with other countries.”
(14:51)

He highlights how domestic politics and international relations, particularly involving China, influence cybersecurity decisions and app restrictions.

5. Palo Alto Firewalls Under Attack Through Chained Flaws

Overview:
Palo Alto Networks is currently facing active attacks exploiting chained vulnerabilities in their firewalls. A recent patch for a critical privilege escalation flaw in Pan OS is being targeted alongside older vulnerabilities, potentially granting attackers root access to affected systems.

Expert Insight:
TC Nijikowski discusses the implications for organizations managing legacy infrastructure:

“The challenges when you have your front door, your firewalls, your VPNs being legacy software... it's easier to keep things updated and patched from the cloud-native perspective.”
(19:19)

He advocates for transitioning to cloud-native solutions to enhance patch management and reduce the risk associated with maintaining on-premises legacy systems.

6. Russian Hackers Exploit Signal's Link Devices Feature

Overview:
State-backed Russian attackers are hijacking Signal accounts by deceiving Ukrainian military personnel into scanning malicious QR codes. This exploit allows attackers to intercept messages in real-time without fully compromising the victim's device. Google researchers have identified multiple threat groups utilizing this technique, which undermines Signal’s reputation for secure communications.

Expert Insight:
TC Nijikowski analyzes the evolving threat landscape and the balance between convenience and security:

“These are novel techniques... how do we know that it's really this user adding this other device to their account and how can we be sure of that?”
(22:56)

He stresses the importance of adapting security measures to counteract dynamic adversaries who continuously develop new attack vectors.

Closing Remarks and Community Engagement

The episode concludes with acknowledgments to listeners and community members, emphasizing the importance of shared insights and continued vigilance in the cybersecurity field. TC Nijikowski shares personal reflections on the Zelle story and highlights the ongoing challenges in consumer education regarding digital payment protections.

Final Thoughts from TC Nijikowski:

“The Zell story... was something that our day care provider was the only one that asked for it. I didn't know the difference myself until I drilled down and looked at it.”
(26:16)

He underscores the necessity of educating consumers to navigate the complexities of modern digital financial tools safely.

Connect with TC Nijikowski:
For those interested in further insights from TC Nijikowski, he is available on LinkedIn and active in Slack communities such as Forward, Cloudsec, and Mac Admins.

Stay Updated:
To keep abreast of daily cybersecurity news, visit CISOseries.com for more detailed stories and future episodes.

This episode of Cyber Security Headlines provides a nuanced examination of current cybersecurity threats and organizational responses, enriched by expert commentary that underscores the complexities of today's digital security environment.

Loading summary

Transcript32 lines

[00:00]
Rich Stroffelino
From the CISO series, it's cybersecurity headlines. More telecoms breached via Cisco routers. Chase blocks Zelle on social media and military healthcare outfit settles compliance case. These are some of the stories that my colleagues and I have selected from this past week's cybersecurity headlines. Like a trip down to the west side market. We've selected the juiciest, the ripest stories, the ones that are just perfect for the show. And now we're ready for some insight, some opinion and some expertise from our returning guest, TC Nijikowski, former CISO over at Thumbtack and head of security at Nextdoor. Tc, gotta ask before we jump into the news, how was your week in cybersecurity?
[00:43]
TC Nijikowski
I think it's been a tough couple of weeks. There's been a lot of layoffs in the private sector impacting security companies, people in security roles and then also in the in the federal government. A lot of people who are mission focused, you know, no fault of their own, you know, trying to figure out what to do next. So I think, you know, a lot of sympathy for everyone impacted. My heart goes out to them. But I think, you know, the rest of us here working, still got our jobs to do, right?
[01:10]
Rich Stroffelino
Exactly. But I really do think that is important context to bring to the news of the week. Like that's the ecosystem all of these stories are kind of living in right now. And yeah, we will see how that plays out in the news. To come. Before we jump in though, to the stories, have to spend a moment and thank our sponsor for today, scrub automation. Stay aware, stay ahead, stay compliant. Remember, you can join us on YouTube live. Do so go to cisoseries.com hit the events dropdown and look for the cybersecurity headlines Week in review image. You can just click on it to join us. You can join people like Michael Vinding, Kevin Farrell, and we're also streaming on LinkedIn and you can join Sean Mann over there joining us in there chatting along. Hope he's enjoying the show here and finding some true friends along the way. Be sure to contribute your comments in the chat. They help make the show better. Let us know what you think about the stories as they're coming. We'll try and get those up on the screen, acknowledge them and we definitely appreciate them. Just a quick reminder, these are TC's opinions, not necessarily those of his friends, family, affiliates, any nonprofits that he works for or anything like that. So, tc, thank you for your expertise in your opinions. We're going to jump right into it. First up, more telecoms breached through Cisco routers. According to recorded futures. Insect Group hackers from China's Salt Typhoon Group continue to target telecoms worldwide and have breached more US telecommunications providers through unpatched Cisco iOS XE network devices. This has already resulted in network breaches at multiple telecommunication providers in the us, South Africa, Italy and Thailand. This is not the same exploit as reported a month ago which involved end of life Cisco routers and a different Chinese threat group, Volt Typhoon. So you got to keep your Typhoons and your Cisco routers straight. Little confusing here tc. One of the problems with ongoing news stories is that people kind of grow deaf to these threats. Especially when the same names are seemingly the same names keep popping up, it keeps happening. There seems to be no earth shattering kaboom about things that sound really bad. I'm curious, what are your thoughts? Should we wait for that earth shattering kaboom to care?
[03:10]
TC Nijikowski
Yeah, this one's really tough. You don't want to lose the forest from the trees. So this has been ongoing, we've been hearing about this for over a year, I think, and the Cybersecurity Review Board, csrb, just prior to the new administration disbanding the group, they were investigating and working on a report. And I think that's something that we need because this is so cross cutting in terms of private sector, public sector spying on presidential candidates, spying on citizens. And it's worldwide, it's no single ISP vendor, not even just a particular country that's impacted. And this is something that, you know, spying, spying on political targets, that's kind of normal. But when you're spying on an entire population of multiple countries and gathering all that data and then you know, using that not just for kind of state level competition, but industrial espionage, it's. I don't know if this is the kind of threat that we're ready for in terms of really pulling together all these threads, crafting a whole of society response and facing, facing this adversary. I think the, I don't think patching, you know, this article in specific was about patching. I don't think patching is going to fix this. They could just exploit some other vulnerabilities or somewhere else along the line. I think this is an example of essentially gray zone or hybrid warfare where it's between peace and open war between countries. You have all these things below the threshold and that's, that's where we are in terms of United States position with China. And again, this is not just the United States impacted. So it's very concerning. And it's the biggest story in cybersecurity probably last year or this year, in my opinion.
[04:53]
Rich Stroffelino
Well, and paired with that, right, because you could always, up until a few years ago, you could always think, okay, they got access to the firehose. But that's almost so much that, you know, okay, they could still just basically use that for more targeted stuff. But we're now in an age when categorizing and sifting through all of that, you know, we're certainly seeing highly competent LLMs publicly coming out of China. We don't know what is in private use there. The tools are there to really exploit that in a way that we haven't seen before either, and just make it all the more imperative again to treat this as a worldwide problem to deal with.
[05:30]
TC Nijikowski
I pulled up an old article from 2012 from Wired about that NSA data facility somewhere in the desert. But you know, there was a time where United States citizens were really concerned about our own government doing large scale spying. And the idea being what if they just capture and store all this data now and maybe figure out how to brute force it, decrypt it, or just sift through it later when there's more computing power A decade from now. All those secrets from now are going to be exposed, you know, later when they have the computer power. But in this case, it's a foreign adversary that's doing it, you know, both in terms of state competition and economic espionage. So it's actually happening at someone else. And it starked me the difference between kind of the reaction to the Snowden revelations versus when we have an adversary doing it.
[06:19]
Rich Stroffelino
All right, well, next up here, Chase to block Zelle payments to sellers on social media. JPMorgan Chase says that as of March 23, it will begin delaying, declining or blocking Zelle payments to social media contacts. Zelle is a popular digital payments network that integrates with mobile apps for many US Banks. The ban is due to a significant rise in online scams because it allows for fast transfers between banks with no purchase protection. According to Bitdefender, this move has been made to ensure that Zelle is only used for payments between friends, family and other trusted recipients, not for transactions with strangers met on social media. This sounds like a proactive move, But I'm curious, D.C. do you think that this is maybe a little bit too little, too late? I mean, Zelle is not exactly new. It's been, it's been around for what, almost a decade now?
[07:08]
TC Nijikowski
Yeah. You know, I got to admit, I hadn't dug into this until, you know, we agreed to like do this today, right. So I started digging into the story and doing a little bit more reading because like my, our daycare provider preferred Zelle payments, right. And so we've been using that a little bit. But just going to the Zelle website, you know, just Google Zelle fraud, Zelle scam. Go to the Zelle website and they tell you straight up that there's no purchase protection, there's no fraud protection. If you authorize the payment, you might not be able to get it back. And so I think the concern here is that people are, you know, through social media or whatever, they're, you know, they're given instructions to send something via Zelle. And there are other attacks where they're inadvertently linking what they think is their own Zelle account to the attacker's account. So they think they're transferring money themselves. But basically there's, this is a caveat that Zelle's own website says treat it like cash. We're not going to be able to get it back. You authorized it. And the actual lawsuit from the Consumer Financial Protection Bureau basically comes out and says, you know, essentially the big banks, they wanted to have a product compete with Venmo and the PayPal of the world and they just didn't build in consumer protection. And anyone that's operated like a business to consumer platform, you know that success is on the margin. You're going to have a lot of users that are safe, that avoid scams, that avoid phishing, that kind of, you know, understand the actions they're taking. But on the margin you're going to have people that are confused, you have people that are easily tricked. You're going to have some sort of acceptable rate of fraud. And I think the concern here is that it doesn't have those protections in place and the onus is completely on the consumer. So it makes sense to me that, you know, this seems like a pretty broad control just disallowing anything from social media, period. But I think the other piece here is that kind of to link it to that with the news we just had it where one of my wife's best friends visited us last week. She works at the consumer or she did work at the Consumer Financial Protection Bureau and she lost her job this week as she feared. And a lot of people essentially since last week they've been locked out of the building. They've been told not to do any work. I think just this morning the update there was a hold placed on the firings from one of the unions, the judge has allowed it to go through. And so my concern is in terms of, you know, having that consumer focused protection in place when maybe the platforms aren't, aren't doing what they should be doing or could be doing more. You know, those advocates for the consumers in the case of the cfpb, which in the, in this example, I think they were onto something that sounds like it has legs essentially being shut down right now.
[09:41]
Rich Stroffelino
Yeah, it is definitely something to, yeah. That, that role of who is advocating for especially when these services are, oh, you know, your bank is pitching this to you as, oh, it's the easiest way. It's, you know, it's just like cash. Well, yeah, like you said, in more, unfortunately in more ways than one. So yeah. And not to have that watchdog to advocate for, you know, for the consumer is. Yeah. Not a great situation.
[10:05]
TC Nijikowski
Or I'd even put, you know, there's these social, social interactions we have. Right. So if my daycare provider says, hey, I prefer Zelle to a check, I'm so appreciative for the work that she does. Right. I'm going to. If you want Zelle. Zelle. And so I think there's this aspect where maybe the consumer is ignorant as to the difference between Zelle and a credit card. But you know, the attackers, they control the battlefield. So if the Zelle is the easier way to perpetuate the scam, they will push that victim towards Zelle and the victim. You know, it's a numbers game. Some of them aren't going to know the difference.
[10:36]
Rich Stroffelino
All right, well next up here, military healthcare outfit settles compliance case HealthNet Federal Services or HNFS is an organization that provides healthcare services to military personnel. Along with its parent company Centene Corporation, it will pay just over $11 million to settle claims that HNFS falsely certified compliance with certain infosec requirements in a contract with the Department of Defense a decade ago. Neither organization will be admitting guilt or liability. Centene Corporation is a major player in the healthcare industry, especially with government sponsored healthcare programs. This action was initiated this month, February by the Department of Justice. Unusually fast for a federal lawsuit. Usually you're looking at just under a year those. So tc, what's your take on this?
[11:19]
TC Nijikowski
Yeah, it's really interesting that this is something that happened a decade ago when I took a look again at the kind of the initial claims in terms of what were the misstatements or fraudulent statements. And we're going to recognize it. Get ready. It's vulnerability management, patch management, end of life Software, end of life hardware, these things being pointed out by both internal and external auditors. So these are still challenges that a lot of organizations have, and maybe we're always going to have them. But to me, the part that's really interesting about this is as the government, when you have this complex supply chain and there's this asymmetric warfare, so your adversaries, they can choose which vendor to target, which vendor gives them an avenue into your network or to your data. So they're going to be cost effective. They'll pick the weakest link. So I think in this case, what I'm concerned about is the general deterrence. Right. Because you're trusting. A lot of times you don't have the resources. Again, in this case for this healthcare company, it's not that someone else found out they were doing it and reported to the government, it's that their own third party auditors or their own internal auditors were pointing these issues out. So my concern is just how do we make sure that we maintain the honesty and integrity with this large supply chain without needing to have the expense ourselves of actually validating their claims? And is this 11 million, you know, a decade later, enough to generally deter that type of behavior?
[12:43]
Rich Stroffelino
Yeah. And with these conversations, and again, with the length of time, I would almost, I would rather see that. Fine, go do this. Mandatory. You have to reinvest this into some meaningful cybersecurity upgrade. Again, not to. I know that for these kind of lapses, there's sometimes punitive action is the only way to get the industry as a whole right to pay attention and stuff like that. But at the same time, like, if the mission is to be secure, I always have to, I always think, is that actually helping this particular situation, especially after a decade, probably the people that made those decisions maybe aren't in place anymore either.
[13:19]
TC Nijikowski
Absolutely. And they might rely on that vendor. Right. Do they really have an alternative? Do they really want to crush the business through fees?
[13:29]
Rich Stroffelino
Yeah. All right, well, before we move on to our next story, I have to spend a few moments and thank our sponsor for today, Scrut Automation. Scrut Automation allows compliance and risk teams of any size to establish enterprise grade security programs. Their best in class features like process automation, AI and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit Scrut IO to schedule a demo or learn more. That's Scrut IO. All right, next up here, South Korea removes Deepseek from app stores. South Korea's Personal Information Protection Commission announced that the Deepsea app has been pulled from the Apple App Store and Google Play. The move follows several South Korean government agencies banning employees from downloading the chatbot due to security and privacy weaknesses with Deepseek's platform. Taiwan and Australia have also banned Deepseek from all government devices despite the suspension of new downloads. People who already have Deepseek on their phones will be able to continue using it or they can access it through Deepseek's website. The MVP web apps still rolling on here. TC this seems to show a little bit of a double standard here that makes it look like a government or any country is taking proactive steps in name only. I'm curious, do you agree?
[14:51]
TC Nijikowski
Yeah, you know, I think it's so interesting, maybe it's a sign of success for IT and cybersecurity that some of these issues, you can't, I don't think you can really analyze them without looking at the geopolitics domestic politics. So again, just digging into the story, you know, the context in South Korea is that their president, Yoon Suk Yeol was impeached recently for imposing martial law and is currently undergoing trial to be actually removed from office. That's, that's how they're system works. And his defense attorney was raising concerns about alleged Chinese interference in South Korean politics, elections in media and alongside that. And again, I'm not, I'm not a, I'm not an expert in, you know, like Asian politics or South Korea, but the kind of, the thing that's out there is that the leader of the opposition Democratic Party who would gain a lot of power if the current president was impeached or sorry, removed from office, is being accused of being pro China. So essentially there's this domestic politics element of accusing China of interference, that being a politicized issue, having some real challenges to their democracy. And obviously Taiwan and Australia have their own issues in regards to legitimate issues in regards to Chinese interference or strategic challenges. So yeah, again, I think this is something where, you know, everyone, each company should look at deep sea for themselves. You know, maybe with the United States, you know, we've had that kind of conversation around TikTok, but I think it's just so interesting to me how it happens within the context of, you know, what's affecting that, that nation and their relationships with some of these other countries.
[16:37]
Rich Stroffelino
Well, and I think it is interesting to see that. Yes. Removed from app stores. That is a, from a consumer standpoint. Right, that's, that's a speed bump. Right. To being like, I want to Use this thing, I will make it slightly more inconvenient. But I do have to, I do have to wonder when the switching costs for any of these platforms from the chat bot perspective, I know when they're built into other apps, the switching costs much higher is effectively nothing to a lot of these. I do wonder if that plays into it where it's like even a modicum, you know, in terms of like, yeah, if you really want to use Deep Seek, you can, but we're going to make it just way more convenient to use these other options and try and just drive, like, drive user behavior that way. Just from that consumer perspective as well.
[17:18]
TC Nijikowski
Yeah, I think the element, I think underneath this is that we, you know, we like United States, you know, like a lot of countries, open societies, open democratic societies, free speech, you know, people starting businesses and we want to have open societies. But then you have adversaries that are, you know, strategically engaged in long term, you know, influence espionage operations. And China has that history, you know, within the Asian sphere of, you know, influence misinformation, disinformation campaigns. And so again, I, you know, the. What's the grounding of this concern or is it just a talking point in their domestic politics? I don't know. But I think that the challenge would be what do you do to really protect your society against this when you have a language model that's basically trained on Chinese Communist Party talking points. I mean, that's, that's how it works. And if you go into the, if you look at some of the research and how this responds to some of those talking points, you're going to get a model that's basically been trained by the Chinese Communist Party.
[18:17]
Rich Stroffelino
Well, next story here, Palo Alto firewalls under attack through chained flaws. According to the Register, a flaw patch last week by Palo Alto Networks is now under active attack and when chained with two older vulnerabilities, allows attackers to gain root access to impacted systems. This is in relation to a 6.9 rated privilege escalation vulnerability in its Pan OS that gives access to the management web interface of anyone with an admin account. This could or this would allow actions on the firewall operating system with root privileges. The company patched this issue in November 2024. But a dark web intelligence service vendor, the Searchlight Cybers Asset Node team, found a separate authentication bypass. Palo Alto fixed that problem last week and rated it as its highest urgency patch rating. So tc, this is a typical flaw within a flaw story, but significant because it's Palo Alto and they just Have a giant footprint, kind of globally selected. The story for inclusion in today's show, what about the situation speaks to you?
[19:20]
TC Nijikowski
Yeah, and I'll admit most of the work that I've been doing recently is with cloud native companies so they don't have an on prem footprint. Things like Okta, things like aws, things like running infrastructure in the cloud. The amount of uptime is measured in hours or days. You can send out a software update immediately to all your customers. So the challenges when you have essentially your front door, your firewalls, your VPNs being legacy software that needs to support legacy physical devices and then you are such a target because the threat profile of the organizations that are using the software, this hardware are the type of organizations that are going to have the sensitive data that you want. I think it's a continued challenge for teams to stay on top of these configuration and patching best practices. I know a lot of organizations, they're being tactical in terms of does it make more sense to remove this kind of physical devices and move this stuff to cloud native because it's easier to keep things update and patched from that perspective. And so there's a lot of trade offs they're doing in terms of on prem versus cloud native. We're essentially increasing the security being able to move to a cloud native service.
[20:35]
Rich Stroffelino
Yeah, it's interesting to have that discussion of when a, when a flaw becomes an end of life generating event not necessarily for one piece of hardware but maybe for your on prem deployment as a whole. When does it hit that breaking point for your organization of it's just worth it to be able to deploy this to remove those barriers I guess to patching when the stakes are so high?
[21:00]
TC Nijikowski
Yeah. What's your risk tolerance? What's your risk appetite? And then do you want to spend that money on having the team that keeps these up to date and is responsive when a critical issue comes out, has the ability to go back and do the forensics between when we heard about the vulnerability and when we patched it, did something happen before we even heard about it? Let's go back and look or what makes sense to commit to that infrastructure architecture upgrade now to move to something that's easier to maintain patching and might have more resilience. But I think the challenge again this is the best of breed technology in that space that you're going to use to protect your front door. It's highly targeted and so it's something that's very difficult for organizations to manage.
[21:46]
Rich Stroffelino
Our last story today, Russian Hackers tap into signal conversations. Russian state backed attackers are exploiting signals link devices feature to hijack accounts by tricking targets, often Ukrainian military personnel, into scanning malicious QR codes. Once linked, attackers can intercept messages in real time without fully compromising the victim's device. Google researchers identified multiple threat groups using this technique with some embedding QR codes in phishing pages disguised as military applications or security alerts. Signals rolled out security updates to counter these threats, but urges users to take extra precautions when scanning QR codes. So tc, for me this is a classic, you know, signal for the longest time now has been kind of the consumer standard bearer. Right. For when you want private encrypted, high integrity communications. Right. This is a classic convenience versus or is this a classic convenience versus security? Right. It's super helpful. I have signal linked to my desktop right right now because I like that ability to reply from multiple platforms at once. Is this just what like, is this the risk you have to accept when you're, when you're introducing these kind of convenience features or is there something that signal can do better here?
[22:57]
TC Nijikowski
Yeah, I think when I really appreciated the Google, I guess mandiant report that went into the technical details and I think the idea being that it's a shifting battlefield, this is a dynamic adversary. So in this case it makes sense for Russia to focus on this information collection capability within the Ukrainian battlefield. And so the idea being that they're going to then invest that time and research, come up with these novel techniques. So looking at some of the screenshots from Google, they're really highly targeted phishing, phishing campaigns where you think you're joining a group or maybe you're looking at some other image, but it turns out you're scanning this for signal and they're using that QR code scanning capability to add another device that isn't you. I think the idea being that these are novel techniques and the reason Google wanted to share it was because it's going to be impacting not just signal but WhatsApp and then it could spread to other types of ecosystems. So the example I think of is that when you're dealing with remote employees and someone buys a new iPhone and you know, Monday morning they're complaining to it that they can't, you know, they can't get their iPhone, their new phone, working with Okta, you know, there's this process that we have to go through where we assume this ownership and intention behind the device is actually them. That's what we're using to authenticate the user. So I think, you know, it's a changing battlefield within cybersecurity. There are new attack techniques that come out and then once they're discovered they can spread to other areas. So this is something to be mindful of in terms of how do we know that I, that it's really this user adding this other device to their account and how can we be sure of that?
[24:34]
Rich Stroffelino
Yeah, the, the IT and security considerations for Ukraine that is talking about the complexity of that when you're using so often off the shelf consumer grade stuff like signal. We had, we covered a story, I think it was last week about there was a scam hitting Ukraine where they were using Windows activation screens. Right. Because they're using like cracked versions of Windows. Right. Because they can't get, you know, they can't afford the licenses. So they're targeting that like, just in terms of like the challenges of trying to secure that kind of ecosystem has got to be. Yeah. Is just completely crazy. So yeah, good on again good on Google for raising visibility to this to kind of raise the stakes for. You're right, all of these other linked secure messaging platforms and seeing that as a, as a novel factor for sure. Before we get out of here, just want to say hi to Cannock watching all the way in Australia we have of course Sean Kelly and Kevin Farrell, Sean Mann in there and then Salem had this, or excuse me, Salim had this really great point going back to the Zell story. Just kind of pointing out that it's harder for older adults to understand the differences between payment methods. I mean I, I think that just in terms of debit and credit cards and the protections you get from those like those are well established, decades old and there's still a misunderstanding of what protections you have, let alone the difference between Zelle, you know, Pay App, you know, Google Pay, Apple Pay, all of these other services, what kind of protections they provide. It has, you know, it's a minefield. So yeah, thanks. Thank you so much for, for pointing that out. Really, really great point. But TC before we get out of here with you, was there any story this week that was a big thumbs up or an eye roller for you? Something that stood out to you and just resonated with you?
[26:16]
TC Nijikowski
Yeah, I think, I think the Zell story. Right. Because honestly it was something that again our day precare provider was the only one that asked for it. Right. And I really, I didn't know the difference myself until I, you know, drilled down and looked at it. I think the other one is just, I want to give a shout out. Sean, man, him and I, we were both idiots in high school and now we both work in safety and security. So it just shows that, you know, human, human growth and maturity is possible.
[26:39]
Rich Stroffelino
But it's, it's a friendship of hope. Yeah, that's great. Yeah. So fantastic. I love the connection. And if you can't be an idiot in high school, when in your life are you allowed to be? That's what it's for, right? And God bless high school teachers. You're doing the Yeoman's work of education. Tc. Unfortunately, our time is just about done here. But where can people find you on the cyberspace if they want to keep up with what's going on with you?
[27:10]
TC Nijikowski
Yeah, I'm on LinkedIn. If you manage to correctly type my last name, I think you'll find me. But that's not otherwise within Slack Forward, Cloudsec and Mac Admins. Those are two of my favorite Slack spaces to hang out in.
[27:24]
Rich Stroffelino
Well, thank you so much, T.C. niedzikowski, for coming back on. It's been too long since you've been here. We can't wait to have you on again. It's been a pleasure talking.
[27:34]
TC Nijikowski
Thank you, Rich.
[27:35]
Rich Stroffelino
Thanks also to our sponsor for today, Scrut Automation. Stay aware, stay ahead, stay compliant. Thanks to our audience today. Really appreciate we can't get every single comment up on the screen, but we deeply appreciate you being here, participating, making the show better and joining us from across the globe. So cool to hear that. Please join us next week. First up, we got a busy day of the CISO series on Fridays we have Super Cyber Friday where our topic of discussion will be Hacking the Modern Audit. An hour of critical thinking about improving quality and reducing cost to this critical process and maybe finding some more 10 year old audit failings that need to get fined. I don't know what we'll get into on that, but you should join us for that and then you can come back for the weekend review show starting at 3:30pm Eastern to register for both of these. To join us, just head to the events page@cisoseries.com, you'll find all the information there. In the meantime, you get your daily news fix every single day through cybersecurity headlines. Give us about six minutes, we'll get you all caught up. Until the next time we meet, I'm Rich Stroffelino. For myself, for all of us here at the CISO series, for our producer Steve Prentice and for tc, here's wishing you and yours to have a super sparkly day cybersecurity headlines are available every weekday.
[28:48]
TC Nijikowski
Head to cisoseries.com for the full full stories behind the headlines.