Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire Network.
Perry Carpenter (0:04)
Powered by n2k.
Mason Amadeus (0:09)
This episode is brought to you by Dutch Bros. Big smiles, rocking tunes and epic drinks. Dutch Bros. Is all about you. Choose from a variety of customizable handcrafted beverages like our Rebel Energy drinks, coffees, teas and more. Download the Dutch Bros app for a free medium drink plus find your nearest shop, order ahead and start earning rewards. Offer valid for new app users only. Free medium drink Reward upon registration. 14 day expiration terms apply. See Dutchbros.com.
Dave Bittner (0:42)
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off a cyber attack in Rhode Island Target who applied for government assistance programs U.S. senators propose a $3 billion budget item to rip and replace Chinese telecom equipment. The CLOP Ransomware gang confirms exploiting vulnerabilities in Clio's managed file transfer platforms. A major Southern California health care provider suffers a ransomware attack A leading US Auto parts provider discloses a cyber attack on its Canadian Business Unit. SRP Federal Credit Union notifies over 240,000 individuals of a cyber attack A sophisticated phishing campaign targets YouTube creators. Researchers identify a high severity vulnerability in Mulvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new Fake Files podcast and jailbreaking your license plate. Foreign December 16, 2024 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. A cyber attack on Rhode Island's RI Bridges system has potentially exposed sensitive personal information of hundreds of thousands of people who applied for government assistance programs since 2016, including SNAP, Medicaid, and other social services. Hackers, part of an international cybercrime group threatened to release the data unless paid, though this was classified as extortion rather than ransomware. Highly sensitive details like Social Security and bank account numbers may have been stolen. The breach was confirmed on December 10 after hackers provided evidence to Deloitte, the system's vendor. Malicious code was found, prompting officials to shut down the system to mitigate further risk. State officials, along with Deloitte and law enforcement are investigating. Impacted individuals will receive free credit monitoring and access to support. Benefits for December were distributed, but new applications must be filed on paper. For now. Open enrollment for health insurance continues, with enrollment unaffected. So far, the $3 billion added to the 2025 National Defense Authorization act for removing Chinese made telecom equipment is being framed as a critical step in preventing breaches like the SALT Typhoon cyber espionage campaign. Salt Typhoon, linked to Chinese government hackers, has highlighted vulnerabilities in US Networks, especially those relying on Huawei and ZTE equipment. The FCC previously identified a $3 billion funding gap in its rip and replace program, which aims to remove such technology from 126 carriers systems without full funding. Rural carriers remain exposed, lacking resources to upgrade or replace compromised equipment. SALT Typhoon's success against major operators underscores the risks for smaller networks with fewer defenses. Senators from both parties stressed the urgency of securing networks. While some criticized expanding FCC regulations, others highlighted the need for swift action to eliminate known vulnerabilities. The SALT Typhoon attacks serve as a stark Securing telecom infrastructure is a matter of national security. The Clop ransomware gang has confirmed to Bleeping Computer their involvement in exploiting vulnerabilities in Clio's managed file transfer platforms, including Harmony, vltrader and Lexacom. The attacks utilized a zero day vulnerability that Clio initially patched in October. However, cybersecurity firm Huntress discovered last week that the patch was incomplete, allowing attackers to bypass it, upload backdoors and steal data. While Cleo did not publicly disclose prior exploits, Bleeping Computer reports. Klopp admitted responsibility linking the attacks to their previous methods, including similar exploits in the move, IT breaches A ransomware attack on PIH Health, a Southern California healthcare provider serving over 3 million residents, has disrupted IT systems, impacting hospitals, urgent care centers, pharmacies and more. Cybercriminals claim to have stolen 17 million patient records and threaten to publish 2 terabytes of sensitive data unless a deal is made. PIH Health confirmed it's working with forensic specialists and law enforcement, but has not acknowledged the hackers claims publicly. The attack has forced PIH to rely on downtime procedures, delaying test results, surgeries and prescription refills. Online services, including appointment scheduling are unavailable. The breach could become one of the largest healthcare data breaches this year if the hackers claims are verified. Cybersecurity experts warn that such attacks will persist without stronger federal intervention, including measures like pre authorized traffic filtering and comprehensive national privacy laws. PIH also faced a phishing breach in 2020, leading to lawsuits. Meanwhile, ConnectOnCall.com, a Freesia subsidiary offering communications tools for healthcare providers, experienced a data breach affecting 914,000 individuals. The breach, lasting from February 16 through May 12 of this year, exposed sensitive data including patient names, phone numbers, medical record numbers, health conditions and prescription details. Social Security numbers of some individuals were also compromised. The platform was taken offline, immediately investigated by third party cybersecurity experts, and later relaunched with enhanced security. Affected individuals received notifications with credit monitoring offered to those whose Social Security numbers were exposed. LKQ Corporation, a leading US Auto parts provider, disclosed a cyberattack on its Canadian business unit, causing weeks of disruption starting November 13. LKQ, which operates in 24 countries with 45,000 employees, reported the incident in an SEC filing, stating the unit is now near full capacity and the threat has been contained. The company does not expect significant financial impact and plans to seek reimbursement through cybersecurity insurance. No threat actors have claimed responsibility. SRP Federal Credit Union is notifying over 240,000 individuals about a cyber attack that exposed sensitive personal information including names, Social Security numbers, driver's license details and financial data. The breach occurred between September 5th and November 4th of this year and was discovered after the credit union secured its systems and reviewed compromised files. While SRP has no evidence of misuse, it is offering one year of free identity protection services to affected individuals. The ransomware group nitrogen active since September 2024, has claimed responsibility, alleging it stole 650 GB of data and is selling it online. SRP has not confirmed the nature of the attack, but reported the incident to law enforcement and attorneys general in Texas and maine. Founded in 1960, SRP serves over 200,000 members across Georgia and South Carolina with a workforce of 400 employees. CloudSec has uncovered a sophisticated phishing campaign targeting YouTube creators, leveraging fake brand collaboration emails to steal accounts and spread scams. Scammers use specialized tools to scrape email addresses from YouTube channels and send bulk phishing emails via browser automation. These emails, posing as lucrative collaboration offers, include attachments disguised as contracts or promotional materials hosted on platforms like OneDrive. Protected by passwords to appear legitimate, the malicious attachments often contain malware hidden within files. Once downloaded the malware can steal login credentials, financial data, intellectual property, or grant remote access to attackers. Over 200,000 creators have been targeted with attackers using hundreds of SMTP servers to execute the campaign globally. YouTube creators are advised to verify unsolicited collaboration offers, avoid downloading suspicious attachments, and confirm the sender's legitimacy directly with the brand. Security researchers at x41D sec have identified high severity vulnerabilities in Mulvad VPN, including race conditions and temporal safety violations in its signal handler code. These flaws could lead to memory corruption and potential code execution if an attacker triggers a signal at the right moment, though exploitation is complex. Additionally, a DLL sideloading vulnerability in Mullvad's Windows installer could allow attackers to execute malicious code during installation. Mulvad users are urged to update their software to mitigate the risks. The depths of human depravity are truly staggering sometimes Robert Schuss, a 37 year old Texan, has been sentenced to 30 years in prison for his heinous crimes against children. This monster ran a dark web forum where pedophiles could exchange and discuss child sex abuse material, including videos and images of babies and toddlers. He personally abused one child for six years, creating hundreds of instances of CSAM with the boy, and even bribed the child's family with gifts and money. But that's not all. Schuss also secretly recorded two other minors and asked two others to send him naked pictures of themselves. The FBI found over 117,000 CSAM images and 1100 videos on his SE computers and storage drives. This is a man who has no regard for human life or dignity and has spent years preying on the most vulnerable members of society. The US Attorney aptly described Schuss as the embodiment of evil, and it's hard to disagree with that assessment. His crimes are a stark reminder of the importance of holding perpetrators accountable for their actions and the need for law enforcement to remain vigilant in protecting our children from these monsters. In addition to the 30 years in the slammer, Schoos will now face 10 years of supervised release, pay $153,000 in restitution to his victims, and be registered as a sex offender for life. But even this may not be enough to bring justice to those he has harmed. Coming up after the break, my conversation with Perry Carpenter and Mason Amadeus about their new podcast right here on the N2K CyberWire network, the Fake Files Podcast. And we'll talk about digital license plates, because sometimes even your car wants to go incognito we'll be right back. And now a word from our sponsor, Know before it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeFor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35. Vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity, or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why Cloudflare created the first ever Connectivity Cloud. Visit cloudflare.com to protect your business everywhere you do business.