Nam3l3ss but not harmless. - CyberWire Daily

Summary9 min read

CyberWire Daily – Episode: "Nam3l3ss but not Harmless"
Release Date: December 3, 2024
Host: Dave Buettner
Produced by: N2K Networks

Introduction

In this episode of CyberWire Daily, host Dave Buettner delves into a range of critical cybersecurity issues impacting organizations worldwide. Covering significant data breaches, evolving cyber threats, regulatory developments, and insightful interviews with industry leaders, this summary encapsulates the episode's key discussions, insights, and conclusions.

Major Data Breach Exposed

Nameless Group Leaks Data from Move It Hack

A substantial data breach has come to light, affecting over 760,000 employees across major organizations such as Bank of America, Coca-Cola, Nokia, and Morgan Stanley. The breach, orchestrated by the CLOP Ransomware Group, exploited a zero-day vulnerability in Progress Software's Move It file transfer tool, impacting nearly 2,800 organizations and 100 million individuals.

Dave Buettner highlights:
"The breach underscores growing risks tied to large-scale cyber extortion campaigns."
(Timestamp: 00:02)

Key Details:

Data Exposed: Names, emails, phone numbers, job titles, and managerial details.
Attack Vector: Zero-day vulnerability in Progress Software’s Move It tool.
Analysis: Atlas Privacy linked the breach to CLOP, noting the data's high value for social engineering attacks.
Impact: Bank of America reported over 288,000 affected employees, making it the most impacted organization.

This incident emphasizes the increasing sophistication of cyber extortion tactics and the vulnerability of widely used software tools.

UK's Escalating Cyber Threats

Richard Horn Warns of Underestimated Cyber Risks

Richard Horn, the new head of the UK's National Cyber Security Centre (NCSC) under GCHQ, issued a stern warning about the UK's cyber defenses lagging behind the evolving threats.

Horn states:
"There's a widening gap between the increasing sophistication of cyber threats and the UK's defenses, particularly around critical national infrastructure."
(Timestamp: Not provided in summary)

Key Points:

Incident Management: Over the past year, NCSC handled 430 incidents, with 89 deemed nationally significant.
Primary Threats: Ransomware remains the most immediate threat, with state-linked actors targeting industrial control systems.
Vulnerabilities: Two major vulnerabilities exploited by state-backed hackers linked to Iran and ransomware groups pose significant risks to UK infrastructure.
Cyber Essentials Scheme: Horn criticized low adoption, with only 31,000 organizations certified out of 5 million eligible.
Call to Action: Urgent improvements in resilience are needed to counteract rising risks from state and non-state actors, notably Russia and China.

Horn's insights reveal the critical need for enhanced cybersecurity measures and broader adoption of certification schemes to protect national infrastructure.

Regulatory Developments: CFPB Targets Data Brokers

Consumer Financial Protection Bureau (CFPB) Proposes New Rules

The CFPB has introduced a rule aimed at preventing data brokers from selling Americans' personal and financial information, including Social Security numbers and phone numbers, under the Fair Credit Reporting Act (FCRA).

Rohit Chopra, CFPB Director, remarks:
"This rule would address the widespread evasion of federal privacy laws and hold data brokers to the same standards as credit bureaus and background check companies."
(Timestamp: Not provided in summary)

Key Aspects:

Objective: Close loopholes allowing data brokers to bypass FCRA regulations.
Impact: Restricts brokers from selling sensitive identifying information, thereby reinforcing FCRA protections.
Public Engagement: The proposal is open for public comment until March 2025, amid uncertainties regarding potential regulatory rollbacks.
Significance: Marks heightened scrutiny of data brokers and anticipates substantial regulatory changes affecting how personal data is managed and sold.

This regulatory move aligns with President Biden's executive order to limit private data sales, signaling a robust approach to enhancing consumer data privacy.

Ransomware Attack on N Global Corporation

N Global Faces Operational Disruption After Ransomware Incident

N Global Corporation, a U.S. government and energy sector contractor, has experienced a ransomware attack that encrypted some of its data files, leading to operational restrictions.

Details from Dave Buettner:
"N Global, whose clients include the Departments of Defense and Energy, is investigating the attack but has not determined its financial impact."
(Timestamp: Not provided in summary)

Impact:

Date Disclosed: November 25.
Response: The company has reported the breach in an SEC filing and is actively investigating the incident.
Current Status: Full restoration of IT systems remains uncertain, highlighting the prolonged impact ransomware can have on critical contractors.

This case underscores the vulnerability of contractors tied to sensitive government and energy sectors, emphasizing the need for robust cybersecurity defenses.

Emerging Threats: Smoked Ham Windows Back Door

UNC 2465 Deploys Smoked Ham Back Door

Cyber researchers at Track Labs have identified a renewed threat from UNC 2465, a cybercriminal group with ties to the defunct Darkside Ransomware. The group is actively deploying the Smoked Ham Windows back door, which facilitates initial access and persistence within targeted networks.

Dave Buettner explains:
"The back door allows for reconnaissance lateral network movement using tools like Mimikatz and credential harvesting."
(Timestamp: Not provided in summary)

Key Features:

Delivery Methods: Trojanized installers disguised as legitimate tools, phishing emails, malicious ads, and cloud services (e.g., Google Drive, Dropbox).
Capabilities: Credential theft, keylogging, browser injections, and maintaining persistence across systems.
Evasion Techniques: Uses steganography and obfuscated scripts to avoid detection.
Threat Level: Despite the disruption of some ransomware groups, UNC 2465 remains a significant threat by adapting its tactics and maintaining ransomware partnerships.

The deployment of Smoked Ham highlights the ongoing evolution of cyber threats and the necessity for continuous vigilance and advanced security measures.

National Security Concerns: Reliance on Chinese LiDAR Technology

Foundation for Defense of Democracy Raises Red Flags

The Foundation for Defense of Democracy’s think tank has issued a report warning against the over-reliance on Chinese-made LiDAR technology, citing significant national economic and cybersecurity risks.

Report Highlights:
- LiDAR Usage: Critical for 3D mapping, autonomous navigation, infrastructure monitoring, and military applications like enemy detection.
- Risks: Potential for espionage and sabotage by Beijing through integration into U.S. critical infrastructure such as public safety, transportation, and utilities.
- Supply Chain Vulnerabilities: China’s control over LiDAR systems and rare earth elements could be exploited to disrupt supply chains and exert strategic pressure.

Recommendations:

Reduce Dependency: Limit reliance on untrusted vendors.
Enhance Standards: Implement rigorous cybersecurity standards for LiDAR systems.
Boost Domestic Production: Increase domestic LiDAR manufacturing to secure vital systems.
Legislative Action: Consider bans on purchasing Chinese LiDAR to mitigate these vulnerabilities.

This report underscores the strategic importance of securing technology supply chains to protect national security interests.

Advanced Malware Campaigns: Smokeloader Targets Taiwan

Smokeloader Malware Campaign Detected by Fortagard Labs

Researchers at Fortagard Labs have uncovered a sophisticated Smokeloader malware campaign targeting companies in Taiwan across sectors like manufacturing, healthcare, and IT.

Key Insights from Dave Buettner:
"The malware was delivered via phishing emails, exploiting vulnerabilities in Microsoft Office, and used cloud services like Google Drive to host payloads."
(Timestamp: Not provided in summary)

Campaign Characteristics:

Modular Design: Acts both as a downloader and a direct attacker, fetching plugins from command and control servers.
Advanced Evasion: Utilizes steganography and obfuscated scripts to avoid detection.
Functionalities: Credential theft, keylogging, browser injections, and system persistence.
Delivery Channels: Phishing emails, malicious advertising campaigns, and exploitation of cloud services.

Fortagard's Advice:
Organizations should remain vigilant and strengthen defenses against such advanced malware operations to mitigate the persistent threats posed by adaptable malware like Smokeloader.

NIST's Updated Password Guidelines

Wall Street Journal Examines NIST's New Recommendations

The National Institute of Standards and Technology (NIST) has proposed updated password guidelines aimed at enhancing security and usability, with finalization expected in 2025.

Key Recommendations:
- Eliminate Outdated Practices: Phasing out frequent password changes and overly complex requirements.
- Emphasize Length and Simplicity: Minimum of eight characters, ideally 15+, supporting special characters including emojis.
- Promote Modern Tools: Encourage the use of password managers and passkeys (biometric-based authentication).
- Implement Block Lists: Prevent the use of compromised or common passwords to enhance security.
NIST's Rationale:
"Strict password rules often backfire, leading users to create predictable patterns."
(Timestamp: Not provided in summary)

The new guidelines aim to balance user convenience with robust security measures, reshaping password practices across government and industry sectors.

South Korea's Crackdown on DDoS Device Manufacturing

Arrests Made Over Satellite Receivers with DDoS Capabilities

South Korean authorities arrested the CEO and five employees of a company involved in manufacturing over 240,000 satellite receivers embedded with DDoS attack functionalities.

Details from Dave Buettner:
"These devices, sold at the request of a purchasing company starting in 2018, enabled illegal attacks targeting external systems, allegedly to counter Arrival's actions."
(Timestamp: Not provided in summary)

Criminal Activity:

Device Deployment: 98,000 devices shipped with pre-installed DDoS modules; others were updated later.
Legal Actions: Authorities seized assets totaling approximately $4.35 million and charged the suspects under Korea's Information Protection Act.
Investigative Insights: The scheme was uncovered through Interpol intelligence linking a Korean manufacturer and a foreign broadcaster.

Ongoing Efforts:
Korean police are seeking international cooperation to apprehend the operators of the purchasing company, who remain at large.

This crackdown highlights international cooperation in combating the manufacturing and distribution of cyberattack tools.

Threat Vector Segment: Palo Alto Networks Interview

Behind the Scenes with Palo Alto Networks' CIO and CISO

In the Threat Vector segment, host David Moulton interviews Mira and Niall, leaders from Palo Alto Networks, discussing their strategies to balance innovation with security amidst evolving cyber threats.

Mira’s Perspective:
"It's not an option to say no to a security control that we need. I just need to figure out how I'm going to get that."
(Timestamp: 18:41)
Niall’s Approach:
"What's the business value? What's the set of priorities? How much resources is going to require."
(Timestamp: 19:47)

Key Discussion Points:

Incident Response: Leveraging Unit 42 for threat intelligence and proactive defense.
Risk Prioritization: Aligning cybersecurity initiatives with business objectives and resource availability.
AI Integration: Utilizing AI for productivity without compromising security integrity.
Team Alignment: Ensuring cohesive strategy execution across different project phases.

The interview provides valuable insights into effective cybersecurity leadership and the integration of advanced technologies to maintain robust defenses.

ChatGPT's Vulnerabilities: The Voldemort Moment

ChatGPT Struggles with Specific Names, Leading to AI Hallucinations

A curious issue has emerged where ChatGPT becomes unresponsive or produces incorrect information when prompted with certain names, such as David Meyer, Jonathan Zatrain, and Jonathan Turley.

Dave Buettner muses:
"It's been shown how an attacker could interrupt a session using a visual prompt injection of one of the names rendered in a barely legible font embedded in an image."
(Timestamp: Not provided in summary)

Incident Examples:

Jonathan Turley: ChatGPT falsely claimed involvement in a non-existent sexual harassment scandal, erroneously citing a fabricated Washington Post article.
Jonathan Zittrain: His inclusion triggers ChatGPT's "unable to produce a response" feature, possibly linked to his work on AI regulation.
David Mayer: Initially blocked but later unblocked for unclear reasons.

Security Implications:

Vulnerabilities: Hard-coded filters can lead to erroneous responses and potential exploitation through prompt injections.
Potential Exploits: Attackers could use specific names to disrupt chat sessions or manipulate data processing.

Speculative Solutions:
Proposing that ChatGPT could "whisper" restricted names, akin to the invisibility of Voldemort, to mitigate these issues.

This phenomenon raises concerns about AI reliability and the robustness of content moderation mechanisms within conversational agents.

Conclusion

This episode of CyberWire Daily presents a comprehensive overview of significant cybersecurity challenges and developments. From large-scale data breaches and sophisticated malware campaigns to regulatory changes and AI vulnerabilities, the discussions provide valuable insights for industry leaders and cybersecurity professionals aiming to navigate the complex threat landscape effectively.

Stay informed and protected by following the latest updates and expert analyses presented in each episode.

For more detailed discussions and expert insights, listen to the full episode on your preferred podcast platform or visit The CyberWire.

Loading summary

Transcript15 lines

[00:02]
Dave Buettner
You're listening to the CyberWire network powered by N2K. Now a word about our sponsor, the Johns Hopkins University Information Security Institute. The JHU ISI is home to world class interdisciplinary experts dedicated to developing technologies to protect the world's vast online systems and infrastructure and working closely with US Government research agencies and industry partners. The Institute offers dual degree and joint programs in computer science and health informatics and has been designated as a Center of Academic Excellence in Cyber Research. Learn more at isi.jhu.edu More than 760,000 see their personal data exposed on the Breach Forum's Cybercrime Forum the new head of the UK's NCSE warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau looks to prevent data brokers from selling Americans personal and financial information. A US Government and energy sector contractor discloses a ransomware attack. The smoked ham Windows back door is being actively deployed. A new report warns of over reliance on Chinese made LiDAR technology. Smoke loader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built in DDoS attack capabilities on our Threat Vector segment, we preview this week's episode where host David Moulton goes behind the scenes with Palo Alto Network CIO And CISO and ChatGPT has a Voldemort moment. It's Tuesday, December 3rd, 2024. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us here today. It is great to have you with us. More than 760,000 employees across major organizations had their personal data exposed after a threat actor, Nameless posted it on the Breach Forum's Cybercrime Forum. The data tied to the 2023 Move it hack orchestrated by the Klopp Ransomware Group includes names, emails, phone numbers, job titles and manager details. Affected organizations include bank of America, Coke, Nokia, jll, Xerox, Morgan Stanley and Bridgewater. The Move it breach exploited a zero day vulnerability in Progress Software's file transfer tool impacting nearly 2,800 organizations and 100 million individuals. Atlas Privacy, who analyzed the data, linked the breach to CLOP and noted the information's value for social engineering. Bank of America tops the list with over 288,000 affected employees. Nameless, who recently leaked Amazon employee data, appears to have filtered and repackaged terabytes of stolen data for easier dissemination. The breach underscores growing risks tied to large scale cyber extortion campaigns. The UK is underestimating growing cyber threats, warns Richard Horn, the new head of the National Cybersecurity center, part of GCHQ. Speaking at the launch of NCSC's annual review, Horn highlights a widening gap between the increasing sophistication of cyber threats and the UK's defences, particularly around critical national infrastructure. Over the past year NCSC has handled 430 incidents, 89 of which were nationally significant. Ransomware remains the most immediate threat, with state linked actors now targeting industrial control systems. Two major vulnerabilities exploited by state backed hackers were identified linking Iran and ransomware groups to UK infrastructure risks. Horn criticized the lack of adoption of the government backed Cyber Essentials scheme, with only 31,000 organizations certified out of 5 million eligible. He called for urgent improvements in resilience, emphasizing rising risks from state and non state actors, especially Russia and China. The Consumer Financial Protection Bureau has proposed a rule to prevent data brokers from selling Americans personal and financial information such as Social Security numbers and phone numbers under the Fair Credit Reporting Act. This proposal, following President Biden's executive order to limit private data sales, aims to close loopholes that allow data brokers to evade FCRA regulations. CFPB Director Rohit Chopra stated the rule would address the widespread evasion of federal privacy laws and hold data brokers to the same standards as credit bureaus and background check companies. It would restrict brokers from selling sensitive identifying information, reinforcing FCRA protections. The move highlights growing scrutiny of data brokers for profiting from personal data sales and poses significant regulatory changes. The proposal will be open for public comment until March 2025amidst uncertainty over its future under potential regulatory rollbacks. N Global Corporation, a contractor for the U.S. government and energy sector, has restricted its operations following a ransomware attack that encrypted some of its data files. The Texas based company disclosed the breach in an SEC filing, noting it became aware of the incident on November 25. N Global, whose clients include the Departments of Defense and Energy, is investigating the attack but has not determined its financial impact. Full restoration of IT systems remains uncertain. Cyber researchers at Track Labs have analyzed a renewed threat from UNC 2465, a cyber criminal group once affiliated with the now defunct Darkside Ransomware. The group is actively deploying the Smoked Ham Windows back door, which facilitates initial access and persistence in targeted networks. UNC 2465 uses trojanized installers disguised as legitimate tools and spreads malware through phishing, emails, malicious ads and cloud services like Google Drive and Dropbox. The back door allows for reconnaissance lateral network movement using tools like Mimikatz and credential harvesting despite the disruption of some ransomware groups, UNC 2465 remains a significant threat, adapting its tactics and ransomware partnerships to continue operations. The nonprofit foundation for Defense of Democracy's think tank warns that U.S. reliance on Chinese made lidar technology poses a significant national economic and cybersecurity risk. LiDAR, critical for creating 3D maps and models, supports autonomous navigation infrastructure monitoring and military applications like enemy detection. However, Chinese LiDAR systems integration into US critical infrastructure such as public safety, transportation, and utilities could expose users to espionage and sabotage by Beijing. The report highlights the risk of Chinese intelligence exploiting LiDAR systems, similar to previous cases involving Huawei's communication technology. Additionally, China could disrupt lidar supply chains, as it has with rare earth elements to exert strategic pressure. The report recommends reducing reliance on untrusted vendors, implementing rigorous cybersecurity standards, and boosting domestic LIDAR production to secure vital systems. Legislative action, like a proposed ban on purchasing Chinese lidar, underscores growing concerns over these vulnerabilities. Researchers at Fortagard Labs uncovered a smoke loader malware campaign targeting companies in Taiwan across manufacturing, healthcare, IT, and other sectors. Known for its modular design and advanced evasion techniques, Smokeloader acted both as a downloader and a direct attacker by fetching plugins from its command and control servers. The malware was delivered via phishing emails, exploiting vulnerabilities in Microsoft Office. The malware's plug ins were used for credential theft, key logging, browser injections, and persistence across systems. IT leveraged sophisticated techniques including steganography and obfuscated scripts to avoid detection. Attackers exploited cloud services like Google Drive to host payloads and used malicious advertising campaigns to spread infections. This campaign highlights smoke loaders adaptability and the persistent threat it poses. Fortaguard advises organizations to remain vigilant and strengthen defenses against such advanced malware operations. The Wall street journal looks at NIST's proposed updated password guidelines aimed at improving security and usability. The draft, settled for finalization in 2025, advises organizations to eliminate outdated practices like frequent password changes and overly complex requirements. Instead, NIST emphasizes longer passwords, recommending a minimum of eight characters, ideally 15 or more, with support for special characters like emojis. The guidelines also promote tools such as password managers and passkeys, which use biometrics to authenticate without passwords. Research shows that strict password rules often backfire, leading users to create predictable patterns. NIST also recommends block lists to prevent the use of compromised or common passwords. While passkeys offer strong security against phishing, vulnerabilities remain if devices aren't properly secured. These new standards aim to balance user friendliness with robust protections, reshaping password practices across government and industry. South Korean police arrested a CEO and five employees for manufacturing over 240,000 satellite receivers with built in or update enabled DDoS attack capabilities. Between 2019 and 2024, 98,000 devices shipped with pre installed DDoS modules, while others were updated later. These devices, sold at the request of a purchasing company starting in 2018, enabled illegal attacks targeting external systems allegedly to counter Arrival's actions. Users of the receivers were unknowingly involved in these attacks, potentially experiencing degraded device performance. The scheme was uncovered after intelligence from Interpol revealed the involvement of a Korean manufacturer and a foreign broadcaster. Authorities seized the company's assets, totaling about $4.35 million and charged the suspects under Korea's Information Protection Act. While the purchasing company's operators remain at large, Korean police are seeking international cooperation to apprehend them. Coming up after the break on our Threat Vector segment, Dave Moulton Go behind the scenes with Palo Alto Network's CIO and CISO and ChatGPT has a Voldemort moment. Stay with us.
[13:05]
Unknown Sponsor Voice
And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBefore, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeFor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35 vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBe4 for sponsoring our show.
[14:38]
Dave Buettner
And now a message from Black Cloak. What's the easiest way for threat actors to bypass your company's cyber defenses targeting your executives at home? According to the latest Poneman research study, over 42% of CISOs have reported cyberattacks on their executives in their personal lives and this becomes your problem because executives are easy targets at home for account takeover, credential theft and reputational harm. Close the at home security gap with Black Cloak's Digital Executive Protection Platform Award winning 247365 protection for executives and their families. Learn more at BlackCloakIO in this week's Threat Vector segment, we preview this week's episode where host David Moulton goes behind the scenes with Palo Alto Network's CIO and ciso. Here's David Moulton.
[15:43]
David Moulton
Here's a quick preview of this week's Threat Vector. Tune into the full show on Thursday and don't forget to subscribe so you never miss a single episode. Let's get into it.
[15:54]
Mira
AI is real. It's absolutely real because we are seeing value already. Through that we are seeing meaningful business impact which we can quantify the outcomes that we are able to get.
[16:09]
David Moulton
Welcome to Threat Vector, the Palo Alto Networks podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. I'm your host David Moulton, Director of thought leadership for unit 42. Today I'm thrilled to introduce two exceptional leaders from Palo Alto Networks who are at the forefront of driving both technology and security strategies for our company. Mira is an experienced technology executive with a passion for business outcomes. She's worked at top companies like Citrix, McAfee and Cisco, where she championed digital transformation and diversity initiatives. Nile brings over 25 years of cybersecurity experience before joining Palo Alto Networks. Together, Mira and Niall will discuss their unique partnership and how they balance innovation with security to drive growth. We'll explore their approach to incident response, how they leverage AI for productivity and the importance of trust in cybersecurity. Now, with all the constant new threats, how do you ensure that the team here at Palo Alto Network stays ahead of the curve in terms of both security technologies and skills?
[17:22]
Niall
First of all, it kind of partnering closely with Enterprise 2. It's partnering with Wendy Whitmore in unit 42. I think Mira, you've got a unit 42 mug over there that I saw earlier on.
[17:32]
David Moulton
Yeah, those of you who can't see us on the on the podcast, she's got her don't panic mug going unit of 42.
[17:38]
Niall
Mary showed me earlier on today so I think it's cool. So yeah, so we work closely with Basie on unit 42. Generally they see like for most Palo Alto networks generally get to see things before the vast Majority of our organizations out there, certainly Wendy and the Unit 42 team, they get called into multiple different incidents. If we see something externally that's interesting, we'll generally ping them and say, oh, by the way, for such and such a threat actor, can you tell me who they are, what's their motivation, what's their IOCs and what partner with that back and forth? So I think the great thing about working in Palo is one is we've got them, we've got a really good team, basically, we've got a really good platform. Both Mir and I can leverage Unit 42 for threat intel itself when we need them in some of those incidents.
[18:24]
David Moulton
Mir, I'm sure there's times when you and Niall will have disagreements on how to prioritize risk. Walk us through that process of discussing the risk and figuring out where to take a risk and where to back off and how do you mitigate those sorts of things?
[18:42]
Mira
So, David, when you talk about, you know, I mean, I call it the business outcomes and security sometimes is a healthy friction that you need to talk through. It's to me always, it's the way we need to resolve it is in the how, not the what. I always tell my team it's not an option to say no to a security control that we need. I want to go fast so I can't cut down on my break. I just need to figure out how I'm going to get that break, the strength I need. And that may be the place that we get into the friction. So I always tell my team, ask for the what. Don't get hung up on the house. We have smart people around. When you put them together, they'll figure out the how. It's rather a matter of figuring out the how to gather, not compromising on the what of the security.
[19:34]
David Moulton
Niall, when you're thinking about those risk conversations, how do you coach your team to go in and not necessarily be prescriptive of you have to use this control, but we have to get to this outcome.
[19:48]
Niall
Yeah, good question. I think for the most part, like, I'm very execution driven when I look at this. It's generally like, what's the set of priorities we have like a what's the business value? What's the set of priorities against those? And then for those set of priorities, which of those require a significant amount of resources? So there's no point in saying, hey, there's a large project we want to do and we want it all done in Q1, like, that's not going to work from There many of them are multi kind of year and multithreaded projects. So for each of those it's really like at what phase are we in that project? Are we in the inception mode? Are we in the documentation, Are we in the sign off mode? Which part of the phases are we at? And then kind of working closely on the team to align in relation to what do we do, what do we build, what do we get across the road in Q1, what do we get across the road in Q2, what do we do get across the road in Q3? That's critically important. Firmly believe once the plan is locked and loaded, it's locked and loaded. After that, then it's execution, execution, execution. And with that I think it's critically important to understand probably two things. One is like there's normal projects in the normal course of the business that you need to insert and then two, what will happen is naturally over time kind of going back to incidents and issues. Every company will have an incident or an issue and then with that they'll say, oh by the way, we have 32 controls that worked and we have two controls that didn't work. Basically we need to implement those. So I think for the most part it's that healthy conversation of what's the business value, what's the prioritization, how much resources is going to require. And then if a team can get generally aligned on that after that, then I find it's a pretty smooth process from there.
[21:30]
David Moulton
Thanks for listening to this segment of the Threat Vector Podcast. If you want to hear the whole conversation, you can find the show in your podcast player. Just search for Threat Vector by Palo Alto Networks. Each week I interview leaders from across our industry and from Palo Alto Networks to get their insights on cybersecurity, the threat landscape and the constant changes we face. See you there.
[21:58]
Dave Buettner
Be sure to check out the complete Threat Vector podcast right here on the N2K CyberWire network or wherever you get your favorite podcasts. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, the curious case of ChatGPT's meltdown moments. It seems that this AI wunderkind has its limits, and certain names are enough to send it into a digital tailspin. What do David Meyer, Jonathan Zatrain and Jonathan Turley have in common? Well, aside from being accomplished individuals with impressive credentials, they've all managed to trigger ChatGPT's I'm unable to produce a response feature. It turns out that these names are connected to some rather awkward AI hallucinations. For example, ChatGPT falsely claimed that Jonathan Turley had been involved in a non existent sexual harassment scandal. The chatbot even cited a Washington Post article as evidence, which it turned out was also made up by the AI itself. Jonathan Zittrain's name is also on the list of banned names, but there's no obvious reason why. He recently wrote an article in the Atlantic called We need to Control AI Agents now, which might have something to do with it, but it's unclear. What's more, his work has been cited in a New York Times copyright lawsuit against OpenAI and Microsoft. But entering the names of other authors whose work is also cited in the suit doesn't cause chatgpt to break. And then there's David Mayer, who was initially blocked by ChatGPT before being unblocked for reasons that are still unclear. Some speculate it might be connected to David Mayer de Rothschild, a member of the wealthy and influential Rothschild family, but there's no evidence to support this theory. Ars Technica points out that these hard coded filters can cause problems for ChatGPT users. It's been shown how an attacker could interrupt a session using a visual prompt injection of one of the names rendered in a barely legible font embedded in an image. Moreover, someone could exploit the blocks by adding one of the names to a website, thereby potentially preventing ChatGPT from processing data it contains. Though not everyone might see that as a bad thing, I can't help wondering if OpenAI could simply have ChatGPT whisper the names that cannot be named. You know, like Voldemort. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com this holiday season, only malware in the building returns with a festive Christmas Carol inspired twist in this special episode. Selena Larson, Proofpoint Intelligence analyst and host of Discarded Rick Howard and yours truly embark on a ghostly journey through the most pressing cybersecurity threats of the season. In this festive adventure, we dive into key cybersecurity risks like two factor authentication pitfalls, social engineering scams, and the frightening return of consumer targeted attacks. From the echoes of past cyber attacks to the threats hidden behind holiday merriment, we're here to bring you practical wisdom with a dash of holiday spirit that's only malware in the building. Check it out. That is the CyberWire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwiren2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpie is our publisher, and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the service services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business. The hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBER10 to get 10% off any LegalZoom business information product, excluding subscriptions and renewals, that expires at the end of this year. Get everything you need from setup to success@legalzoom.com and use promo code CYBER10. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm, LZ Legal Services llc.