This week’s Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Jason Elrod, CISO, Multicare Health System
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
TikTok denies breachtok
Late last week, a hacking group known as “AgainstThe West” claimed on a forum to have breached TikTok and WeChat. It shared screenshots of a database from both companies, purporting to hold 790GB of data including user data, auth tokens, server info and more. TikTok denied the claim, further saying the data in question couldn’t have been scraped from its platform. Security Researcher Troy Hunt confirmed the validity of some data, but didn’t find any non-public data. Researcher Bob Diachenko says the data likely came from the third party Hangzhou Julun Network Technology.
(Bleeping Computer, Bob Dianchenko)
Cloudflare cuts off Kiwi Farms
Following up from last week, Cloudflare reversed course and cut off services to the controversial site. In late August it cut off Kiwi Farms from paid services, but was still providing free DDoS protection services. Cloudflare CEO Matthew Prince said the move was in response to “imminent danger” from the site at a pace law enforcement can’t keep up with. He denied the move came in response to public pressure. Last week, Prince defended providing DDoS protection and caching services to sites with “despicable” content and called cutting off sites a “dangerous precedent.”
(WaPo)
Keybank’s customer data stolen from third-party provider
Threat actors stole Social Security numbers, addresses and account numbers of home mortgage holders at KeyBank. The breach was allegedly caused by KeyBank’s third-party vendor Overby-Seawell, who provides insurance services. The bank publicly apologized to customers on social media over the weekend offering them two years of free Equifax identity protection. While KeyBank is working with Overby-Seawell to identify the root cause, both companies have already been named in a class-action lawsuit as a result of the breach.
Finland to award companies cybersecurity grants
Finland has suffered a number of recent cyberattacks, including a Denial-of-Service (DoS) attack that disabled the Finnish Parliament’s website on August 9, 2022. To help defend against future incidents in its critical sectors, the Finnish government will begin distributing cybersecurity vouchers for cybersecurity improvements to Finnish businesses. Businesses can earn vouchers totaling anywhere from 15,000 to 100,000 euros depending on factors like size and for-profit status. Security experts are encouraged by Finland’s track record of success using government programs to drive positive business change.
Thanks to today’s episode sponsor, Snyk
Code, dependencies, containers, cloud environments… all of it.
And while developers are building securely, Snyk gives security teams a bird’s eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places.
Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity
CISA asks for feedback on reporting rules
Back in March, President Biden signed a new law requiring critical infrastructure owners and operators to report major cyberattacks to CISA within 72 hours and ransomware within 24 hours. CISA Director Jen Easterly said officials will formally begin asking industry leaders for feedback on the regulatory structure for this reporting “in the next couple of days.” The agency will use the feedback to better understand what’s going on in private industry ecosystems to build an effective regulatory apparatus. Easterly emphasizes she wants a “consultative” rule-making process.
China accuses US of cyberattacks and cyberespionage
On Monday, the Chinese National Computer Virus Emergency Response Center (CVERC) published a report, co-authored by the private Chinese cybersecurity firm Qihoo 360, that accuses the US National Security Agency (NSA) of conducting “tens of thousands of malicious attacks on network targets in China in recent years” through the NSA’s Tailored Access Operations (TAO) elite hacker unit. The attacks included a university that focuses on aeronautical and space research. The foreign ministry in Beijing stated, “we ask the US to provide an explanation and urge them to immediately stop this illegal move.”
London’s biggest bus operator hit by cyber “incident”
Newcastle-based transportation group Go-Ahead this week shared a statement with the London Stock Exchange indicating “unauthorized activity” had been discovered on its network. Sky News reported that bus and driver rosters may have been impacted by the attack, which could disrupt operations. Go-Ahead operates multiple services across England and is London’s largest bus company, operating over 2400 buses in the capital and employing more than 7000 staff. The firm also operates several high-capacity railway services in the UK including Great Northern, Thameslink, Gatwick Express and Southern.