This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron, Chief Business Security Officer, ADP
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Cyberattack hits Irish water utility
This particular infrastructure attack hit a very small water utility in north western Ireland, that by its ow admission did not have the level of cybersecurity protection that the national waters utilities would have. According to the local news outlet, Westen People, the hackers targeted a Eurotronics water pumping system, and announced the hack by writing over the user interface. The attackers said they targeted the system due to it being made in Israel.
(Security Week and Western People)
Former Uber CISO advocates for CISO protections
In the keynote address at Black Hat Europe, former Uber CISO Joe Sullivan shared details about the 2016 data breach overseen under his watch at the company. Outside of the details of that incident, Sullivan said he now gets approached by potential first time CISOs asking if they should take on the risk. He recommends CISO applicants talk with a company’s general counsel and CEO to understand breach disclosures, and create a personal incident response plan to consider how they would personally survive a damaging breach.
UK ransomware report isn’t pretty
The UK parliament’s Joint Committee on the National Security Strategy issued a report on the state of ransomware in the country. It found that the government’s failure to tackle the problem carries a “high risk” the country could face a “catastrophic ransomware attack at any moment.” The report further criticized the UK’s Home Office for deprioritizing ransomware policy over other issues like illegal migration. It further calls on the Home Office to lose responsibility for ransomware, instad handed over to the Cabinet Office and National Cyber Security Centre, with direct oversight by the Deputy Prime Minister. The report also called for increased funding to the NCSC to better assist public entities experiencing ransomware attacks.
Apple breaks Beeper
Last week the multi-platform messaging app Beeper made news by offering a Beeper Mini Android app that interoperates with Apple’s iMessage without the need for a relay server. Other apps offering iMessage service on Android effectively use Mac hardware to route messages, opening up potential privacy issues. By December 8th, users reported this feature stopped working. In a statement Apple took credit for this, saying “We took steps to protect our users by blocking techniques that exploit fake credentials in order to gain access to iMessage.” As of this morning, Beeper Mini reintroduced the feature, although now it requires an Apple ID rather than a linked phone number to use. Beeper also made the app free given what one could assume will be continued instability.
Thanks to today’s episode sponsor, Barricade Cyber Solutions
KraftHeinz possibly suffers ransomware attack
According to Cybernews, the world’s fifth largest food and beverage company, KraftHeinz, has appeared on the leak site of the Snatch gang, in an entry that appears to have first been posted in August and has now been updated. The posting does not show file samples or any other type of proof of a successful attack, and there has not been any confirmation from KraftHeinz as of this recording.
Russian spies seen exploiting JetBrains TeamCity vulnerability
Following up on a story we brought you in mid-October, intelligence services in the US. UK and Poland have announced that Russia’s Foreign Intelligence service SVR has been seen exploiting a vulnerability in JetBrains, and is warning organizations across the world due to the large number of compromised devices, despite the release of a patch. In September, Microsoft had first warned about North Korea’s use of the vulnerability, tracked as CVE-2023-42793, which affects a product called TeamCity, used for testing software code before release. According to The Record, SVR is using the vulnerability to “exfiltrate files that provide insight into a victim’s operating system” and use several techniques to “disable or outright kill endpoint detection and response (EDR) and antivirus (AV) software.”
Train bricking accusations lead to lawsuit against ethical hackers
A Polish ethical hacking group, Dragon Sector, is being sued by Newag, a manufacturer of trains after alleging that the manufacturer had installed software into the trains to make them unusable if GPS detected that the trains were parked at a repair shop not owned by Newag. Newag has not only denied these accusations but has threatened to sue Dragon Sector for hacking the IT systems of Poland’s trains, claiming that the Dragon Sector report had been commissioned by one of Newag’s competitors. Ultimately, Dragon Sector got the trains running again after discovering an undocumented unlock code. The full story is available at ArsTechnica.