Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire network, powered by N2K. And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than.
Oren Koren (0:39)
Ever with AI tools.
Dave Bittner (0:40)
It's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI.
Oren Koren (1:19)
Learn more@Zscaler.com Security.
Dave Bittner (1:36)
President Biden issues a comprehensive cybersecurity executive Order Updates on Silk Typhoon's US treasury breach A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI secure boot mechanism. California based cannabis brand Stizzy suffers a data breach. North Korea's Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Corin, Verity's co founder and CPO, sharing insights about the state of healthcare, cybersecurity and Shiver Me Timbers. Meta's AI trains on a treasure chest of pirated books. It's Thursday, January 16th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. Great to have you with us. As expected, President Joe Biden, just days before leaving office, issued a comprehensive Cybersecurity Executive Order to bolster the US Government's digital defenses. The directive mandates stronger network monitoring, secure software development, and stricter protections for cloud and IoT systems. It emphasizes using AI for cybersecurity with programs to safeguard critical infrastructure and analyze threats. Agencies must adopt digital identity tools, secure open source software, and prepare for post quantum cryptography. Key measures include requiring software vendors to prove secure practices, empowering the Cybersecurity and Infrastructure Security Agency to conduct threat hunting and reducing reliance on dominant IT providers. The order also introduces consumer IoT labeling and prioritizes research on AI security. The directive seeks to address vulnerabilities exposed by incidents like the SolarWinds hack. However, its future depends on the incoming administration, which has yet to define its cybersecurity approach or appoint key officials. The order aims to set a strong foundation for continued improvements. Bloomberg has an update on the Chinese state sponsored hackers identified as Silk Typhoon who breached the US Treasury Department, compromising 419 computers and accessing sensitive, unclassified data. The attackers targeted staff involved in sanctions, international affairs and intelligence, stealing usernames, passwords and over 3,000 files, including policy documents, sanctions material and law enforcement sensitive data. They also accessed information on investigations by the Committee on Foreign investment in the U.S. the breach occurred between September and November and exploited contractor Beyond Trust's systems. Investigators found no evidence of malware or long term infiltration into classified systems. Treasury reported the attack to CISA and sought FBI assistance. Congress was informed of the breach, with officials conducting a damage assessment and considering alternatives to Beyond Trust. China denied involvement, calling the allegations groundless. Treasury employees will brief the Senate Banking Committee While Beyond Trust's systems remain offline, the US Commerce Department and FBI are investigating Buycel's Technology, a telecom hardware firm founded in China by former Huawei executives, over potential national security risks, Reuters reports. Bicelles, established in 2014, supplies equipment for mobile networks across all US states. The probes focus on the company's Chinese origins, vulnerabilities in its base stations and potential risks of remote access or espionage. The Pentagon recently listed Bicelles as linked to Chinese military, while CISA flagged security flaws in its products. FBI concerns date back to 2019, including warnings to customers near sensitive US sites. Despite claims of independence from its Chinese parent, critics allege Bicells is managed from China, with most equipment sourced from Chinese suppliers. BuyCells denies security risks and say they cooperate with investigators, but scrutiny reflects ongoing fears about Chinese telecom firms compromising US infrastructure. Federal agencies and customers remain wary. A critical vulnerability has been found in the UEFI secure boot mechanism impacting most UEFI based systems discovered by eset. The flaw allows attackers to bypass secure boot protections and deploy malicious bootkits like bootkitty and Black Lotus, even on systems with secure boot enabled. The issue lies in a UEFI application signed by Microsoft, which improperly uses a custom loader instead of secure UEFI functions. Affected software includes recovery tools from vendors like Howyar, Greenware and Radix. Exploitation grants attackers persistent undetected access during boot by replacing legitimate bootloaders. Microsoft revoked vulnerable binaries in its January 2025 Patch Tuesday update Users are advised to update systems, ensure secure boot databases are current, and audit UEFI configurations. Though no real world attacks have been observed, this vulnerability highlights concerns over third party UEFI security practices and Microsoft's code signing process. California based cannabis brand Stizzy is notifying 380,000 individuals of a data breach stemming from a vendor's cyber attack. Between October 10 and November 10 of last year, attackers accessed systems at the vendor, stealing personal information tied to four Stizzy locations in San Francisco, Alamido and Modesto. Compromised data includes government ID details, medical cannabis cards, transaction histories and more. Stizzy suspects ransomware as the Everest Ransomware Group claimed responsibility leaking some stolen records. Stizzy is offering affected individuals 12 months of free credit monitoring. North Korean hackers, specifically the Lazarus Group, are targeting the software supply chain in a campaign dubbed Operation 99, according to Security Scorecard. The campaign lures Web3 and cryptocurrency developers via fake LinkedIn profiles offering freelance projects. Victims are directed to clone malicious GitLab repositories, which connect to attackers command and control servers, deploying custom malware tailored to each victim's platform, be it Windows, macOS or Linux. The malware steals files, credentials, clipboard data and key logs, maintaining persistence through advanced encoding and modular frameworks. Lazarus goal is to compromise developer workflows, steal intellectual property and access cryptocurrency wallets. The campaign is part of North Korea's broader strategy to fund its regime, reportedly stealing $1.34 billion in cryptocurrency in 2023 and 660 million in 2024. The operation exemplifies the growing sophistication of North Korean cyber tactics to exploit, trust and disrupt critical supply chains. The Federal Trade Commission has identified major security failures at web hosting giant GoDaddy, attributing multiple data breaches from 2019 through 2022 to inadequate cybersecurity practices. A proposed FTC settlement requires GoDaddy to overhaul its security measures, including implementing robust information security programs, real time event analysis and mandatory multi factor authentication for employees and third parties. The breaches exposed sensitive data, including customer credentials, credit card numbers and websites affecting millions of small businesses and their customers. The FTC alleges that GoDaddy failed to manage assets, update software, monitor security events and segment shared hosting environments, leaving customers vulnerable to malware, data theft and website compromises. The proposed order prohibits misleading security claims and mandates annual security testing Although no financial penalty is included, non compliance could result in significant fines. A critical vulnerability has been identified in Veeam Backup for Microsoft Azure, affecting versions up to 7.1.0.22. This high severity flaw enables unauthenticated attackers to exploit a server side request forgery weakness, allowing unauthorized network enumeration and potential follow up attacks. Veeam discovered the issue during internal testing and released a patch to address it. Users are urged to update their systems immediately to mitigate risks. Hackers known as the Belsen Group have leaked sensitive user Data from over 15,000 Fortinet firewalls on the Dark Web. The data, reviewed by security researcher Kevin Beaumont, appears authentic, including usernames, passwords, some in plain text, SSH keys, digital certificates and firewall rules. The leak stems from a 2022 zero day vulnerability affecting Fortaos. Fortaproxy and Forta. Switch Manager organizations are urged to check patch histories, update credentials and assess exposure. Many impacted devices remain in use, often maintained remotely. The leaked data, dating back to October 2022 highlights ongoing risks from unpatched systems. Fortinet has also recently warned of another zero day vulnerability potentially under attack. Coming up after the break, my conversation with Oren Coren, Verity's co founder, speaking about healthcare cybersecurity and shiver me timbers, Meta's AI trains on a Train Treasure chest of Pirated books Stay with us.