Transcript
KJ Burke (0:00)
This episode of Cybersecurity Today is brought to you by CDW Canada. Tech Talks if you're passionate about technology and innovation, this is the podcast for you. Join my friend and host KJ Burke as he and industry experts dive into the latest trends, insights and strategies shaping the tech landscape in Canada. Microsoft unveils new cybersecurity features at its Ignite conference A survey highlights the security risks in generative AI use for software development and CrowdStrike reveals liminal panda, a new Chinese cyber threat to telecoms. This is Cybersecurity Today. I'm your host Jim Love. Let's get into it. Microsoft is introducing a series of cybersecurity updates at its Ignite Conference in Chicago, aiming to strengthen Windows security and improve device recovery capabilities. These enhancements are designed to reduce risks and prevent outages like the CrowdStrike incident in July. Under the new Windows Resiliency Initiative, Microsoft is creating a recovery environment to help bricked Windows devices recover faster. Security vendors will now need to conduct more thorough compatibility testing to detect bugs before releasing updates. And additionally, Microsoft is developing tools for antivirus and security products to operate within user mode, reducing reliance on kernel access, the most sensitive layer of the Windows system. Pavan Devaluri, Microsoft's corporate president for Windows and devices, emphasized that while some of the features stem from lessons Learned after the CrowdStrike outage, much of this work began with the development of Windows 11. Windows also announced broader security measures, including rolling out security exposure management to monitor cyber threats, adding controls to Copilot to prevent data leaks, and improving security password deployment in its Edge browser. The company is further extending its bug Bounty program with Zero Day Quest, an in person event offering $4 million in rewards for identifying vulnerabilities in its cloud and AI product. A new survey by Legit Security underscores the tension between innovation and risk as generative AI reshapes software development. Conducted by Regina Corso Consulting, the survey gathered insights from over 400 security professionals and software developers across industries in North America, including small startups and multinational organizations. As generative AI transforms software development and becomes increasingly embedded in the development lifecycle, there are some real security concerns among developers and security teams, according to Liev Caspi, the co founder and CTO of Legit Security. He added, our research found that teams are challenged with balancing the innovations of Gen AI and the risks it introduces by exposing their applications and their software supply chain to new vulnerabilities. The survey reveals that a whopping 96% of the respondents reported their organizations used Gen I tools in their development, and 79% say most or all of their teams rely on them. Despite its efficiency, 98% of respondents despite its efficiency, 98% of respondents believe security teams need better visibility and control over how Gen AI is used. Concerns include the risk of malicious or unknown code introduced through AI powered code assistance, with 84% of security professionals identifying this as a significant issue. A relatively small number of developers, only 8% think that AI will reduce their problem solving ability, although 98% predict a greater reliance on AI in the coming years. Legit Security highlights the need for organizations to improve oversight and foster collaboration between development and security teams to safely integrate Gen AI into their processes, Caspi notes. While Gen AI is undoubtedly the future of software development, organizations must be mindful of its new risks and ensure that they have the appropriate visibility into and the control over its use. There's a link to the report in the show notes. Registration is required. CrowdStrike has identified a China linked cyber adversary, Liminal Panda, which has been targeting the telecommunications sector for a number of years but somehow flying under the radar and is now only fully appreciated for the threat it may present. Adam Myers, senior vice president of Counter Adversary Operations, unveiled the group during a testimony before the U.S. senate Judiciary Subcommittee on Privacy, Technology and the Law. Active since at least 2020, Liminal Panda uses custom tools to exploit telecom networks, including protocols like the Global System for Mobile Communications, to steal subscriber data and enable command and control. The group also leverages compromised telecom servers to infiltrate other providers across regions, demonstrating advanced knowledge of industry interconnectivity. According to Myers, their activities align closely with intelligence collection objectives, posing a significant risk to telecoms globally. CrowdStrike's research indicates Liminal Panda targets infrastructure linked to China's Belt and Road Initiative, a way to connect with the European and North American telecom providers. Liminal Panda employs tools and infrastructure often associated with other China based groups. Notable tactics include use of proxy tools like Fast Traverse Proxy and backdoors like Tiny Shell alongside sophisticated malware tailored to telecom systems. CrowdStrike recommends measures such as implementing Advanced Endpoint Detection and Response or EDR solutions, securing secure shell authentication with robust methods, and closely monitoring network access logs to counter threats from Liminal Panda and similar actors. These proactive steps are critical for protecting telecom infrastructure and sensitive subscriber data. And finally, a new report from the Environmental Protection Agency's Office of Inspector General reveals significant cybersecurity vulnerabilities in the United States drinking water systems. The findings highlight weaknesses that could jeopardize the safety of water supplies for over 100 million Americans. The report assessed 1062 drinking water systems and found that nearly 30%, or 308 systems, have notable cybersecurity shortcomings. Among them, 97 systems serving 26.6 million people were classified as having critical or high risk issues. Additionally, 211 systems were found with medium or low risk vulnerabilities, including exposed digital portals potentially exploitable by attackers. Assistant Inspector General Adam Seifeld emphasized the risks, stating that even low risk vulnerabilities could be exploited to disrupt physical infrastructure or operations. Alarmingly, the study only included systems serving populations of 50,000 or more, leaving smaller systems unassessed. And the report also criticized the EPA for lacking its own incident reporting system and relying on the Department of Homeland Security to identify cybersecurity issues. The EPA has acknowledged the findings and agrees that robust cybersecurity measures are essential to protect public health. However, efforts to improve security have been hampered by legal challenges, including a lawsuit that blocked new cybersecurity evaluations last year. While the EPA is working to establish a Water Sector Cybersecurity Task Force, its current progress remains unclear. The report underscores the urgency of securing critical infrastructure against cyber threats, especially as outdated systems become increasingly exposed to modern IT risks. And those of us in Canada may not want to be smug about this. It's very likely that our systems are in at least as bad a state or worse. And that's our show for today. Thanks to our sponsor CDW and KJ Burks, CDW Canada Tech Talks Check it out if you get the chance. You can find it like us on Spotify, Apple or wherever you get your podcasts. You can reach me at editorial@technewsday CA. I'm your host Jim Love. Thanks for listening.