Cyber Security Headlines: Week in Review – January 24, 2025

Hosted by CISO Series

1. TikTok’s Wild Return: Navigating Regulatory Uncertainty

Summary: The podcast opens with a discussion on the tumultuous week surrounding TikTok’s status in the United States. Initially shut down following a Supreme Court ruling upholding the constitutionality of a law targeting the app, TikTok was swiftly reinstated by President Trump on his inauguration day, albeit under a precarious 90-day reprieve. During this period, TikTok must secure a buyer and potentially accept a 50% ownership stake from the US government or an American company. The specifics remain unclear, leaving the platform's future in a state of limbo.

Key Discussion Points:

• User Exodus: The closure led to an exodus of users, termed "TikTok refugees," migrating to similar Chinese-based platforms like RedNote and Lemon8. These alternatives may carry the same data security concerns, raising new cybersecurity risks.
• Generational Impact: Sean Marion highlights the challenge of educating younger users about the risks, noting, “I have to say this was a really good week.” (00:40)
• Government Ownership Concerns: The possibility of US government or American company ownership raises fears of surveillance, mirroring concerns users had about Chinese ownership.

Notable Quotes:

• Sean Marion (03:11): “There’s got to be a better way to approach this where they can still use the platform safely.”
• Rich Stroffolino (04:37): “It’s kind of unfair to be like this app is not good. But even though we can’t tell you.”

Conclusion: Both hosts expressed hope for a more secure and user-friendly solution, emphasizing the need for balanced regulatory approaches that protect users without driving them to less secure platforms.

2. Kristi Noem’s Vision for CISA: Streamlining Cybersecurity Efforts

Summary: The conversation shifts to Kristi Noem’s testimony before the Homeland Security and Governmental Affairs Committee, where she pledged to narrow CISA’s (Cybersecurity and Infrastructure Security Agency) focus. Noem aims to exclude the department from combating disinformation and misinformation, advocating for a leaner, more agile CISA concentrated solely on protecting critical infrastructure.

Key Discussion Points:

• Evolution of CISA: Sean Marion acknowledges that CISA, established in 2018, is still evolving and should continuously improve. He remarked, “I think going through this will make them stronger.” (07:36)
• Impact on Community Outreach: Concerns were raised about the potential reduction in CISA’s local outreach and resources for educational institutions, which play a crucial role in raising the cybersecurity baseline.

Notable Quotes:

• Sean Marion (06:31): “But I think going through this will make them stronger.”
• Rich Stroffolino (08:22): “People are seeing very tangible good of raising that cybersecurity poverty line.”

Conclusion: Both hosts view the restructuring of CISA as an opportunity for the agency to refine its mission and enhance its capabilities, despite acknowledging the challenges posed by its politicized mandate.

3. Data Theft Risks from Failed Startups’ Residual Domains

Summary: Dylan Airey of Truffle Security uncovered a vulnerability where malicious actors purchase defunct domains of failed startups to access employee cloud accounts. By leveraging the "sign in with Google" feature, attackers gained unauthorized entry into platforms like ChatGPT, Slack, Notion, Zoom, and even HR systems containing sensitive data such as Social Security numbers.

Key Discussion Points:

• Legacy Vulnerabilities: Sean Marion emphasizes the importance of basic security practices, stating, “They take the path of least resistance, even back like the old movies.” (10:33)
• Domain Management: The necessity of diligent domain name management and timely deactivation of unused accounts was highlighted as a critical, albeit often overlooked, security measure.

Notable Quotes:

• Sean Marion (11:47): “We have all these startups out there trying to tell us what tech we need to solve these problems... but the simple things we just need to get really good at.”
• Rich Stroffolino (12:08): “It has a lot of big implications.”

Conclusion: The discussion underscores the significance of maintaining robust domain management practices to prevent unauthorized access, highlighting that security often hinges on managing the unglamorous yet essential aspects of IT infrastructure.

4. Impersonation Attacks Targeting Ukraine’s CERT UA

Summary: The episode delves into the vulnerabilities exploited against Ukraine’s CERT UA, where threat actors impersonated the team via the remote desktop tool AnyDesk. These attackers sent connection requests under the guise of conducting security audits, successfully infiltrating the network and compromising sensitive systems.

Key Discussion Points:

• Human Error and Process Gaps: Sean Marion reflects on the human element in security breaches, stating, “We are humans. So I feel for him as well.” (14:40)
• Need for Better Controls: Emphasis was placed on implementing stringent technical controls and secure processes for using remote desktop tools to mitigate such risks.

Notable Quotes:

• Sean Marion (14:40): “There’s got to be a better way to work with them and enable a more secure experience.”
• Rich Stroffolino (16:11): “If we can get better front because of it and we’re willing to talk about it, I feel like that helps everybody.”

Conclusion: The hosts agree that while technical tools like AnyDesk are necessary, their secure and controlled use is paramount. Transparency and continuous improvement in security protocols can help prevent similar incidents.

5. Subaru’s Exposed Security Flaws in Starlink Tracking System

Summary: Sam Curry, a security researcher, exposed critical vulnerabilities in Subaru’s Starlink web portal, which allowed unauthorized individuals to unlock cars, start ignitions, and reassign control features. Additionally, the system could track a vehicle’s exact parking location, raising significant privacy and security concerns.

Key Discussion Points:

• Granular Tracking Risks: Sean Marion expressed frustration over the ability to track cars down to specific parking spaces, questioning the necessity and privacy implications.
• Importance of Bug Bounties: The conversation highlighted the value of involving security researchers through bug bounty programs to identify and rectify such vulnerabilities proactively.

Notable Quotes:

• Sean Marion (18:26): “There should have been a common sense discussion of like how could this be exploited, taken advantage of?”
• Rich Stroffolino (20:26): “Maybe hire someone like Sam Curry to say, like, how is this like.”

Conclusion: The incident underscores the critical need for automotive companies to prioritize cybersecurity in their connected features. Proactive measures, including engaging with security researchers and implementing flexible privacy controls, are essential to safeguard user data and maintain trust.

6. CISOs in the Boardroom: Bridging the Soft Skills Gap

Summary: The final discussion revolves around a Splunk report indicating that while CISOs have gained significant traction in boardrooms—82% now report directly to the CEO—there remains a deficiency in soft skills such as business acumen, emotional intelligence, and effective communication.

Key Discussion Points:

• Evolving Role of CISOs: Sean Marion emphasizes the importance of CISOs developing business and emotional intelligence to effectively communicate risks and secure necessary investments. He shares his personal growth in communicating technical risks in business terms, stating, “I can only do that if I have a degree of business acumen.” (22:11)
• Communication Challenges: The ability to tailor messages to different audiences—from technical teams to the board—was highlighted as a crucial skill for modern CISOs.

Notable Quotes:

• Sean Marion (22:11): “The days of the technical CISO, they're not over. But by and large, especially the bigger companies, that's not the skills that they're really looking for.”
• Rich Stroffolino (23:55): “How do you relate to them, the importance of zero trust, and why we need to make investments there.”

Conclusion: The podcast underscores the necessity for CISOs to cultivate soft skills to bridge the communication gap with executive leadership. Enhancing these skills can lead to more effective advocacy for cybersecurity initiatives and better alignment with organizational goals.

Final Thoughts and Reflections

Summary: In wrapping up, Sean Marion shares his reflections on the discussed stories, particularly the restructuring of CISA and TikTok’s regulatory saga. He underscores the importance of continuous improvement and proactive engagement in cybersecurity practices.

Notable Quotes:

• Sean Marion (25:57): “There is a path there for making it an even sharper tool for the industry which would be a net positive.”

Conclusion: The episode concludes with a mutual agreement on the importance of learning from security incidents and striving for resilient, secure systems. Both hosts express optimism about the industry's ability to adapt and strengthen its defenses in the face of evolving threats.

Connect with Sean Marion

For those interested in further insights, Sean Marion can be reached via LinkedIn, where he shares perspectives on cybersecurity and leadership.

This summary provides a comprehensive overview of the "Cyber Security Headlines" podcast episode released on January 24, 2025, capturing key discussions, insights, and expert opinions shared by the hosts.