This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Jerich Beason, CISO, WM
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
SEC says X account breach did not lead to further breaches
According to Reuters, the U.S. Securities and Exchange Commission stated on Friday that said there was “no evidence to suggest the breach of its X account earlier this week also involved a breach of the agency’s systems, devices, data, or other social media accounts.” CISA, the FBI, and the SEC’s own Inspector General continue to investigate the breach, which a representative from X (formerly Twitter), has said resulted from “an unidentified individual obtaining control of a phone number.”
(Reuters)
End-of-life Cisco routers targeted by Chinese espionage group
According to SecurityScorecard a group named Volt Typhoon, identified as a Chinese government espionage unit, is exploiting Cisco RV320/325 devices, which were discontinued by Cisco in 2019, with service and support intended to be terminated on January 31, 2025. The hackers are exploiting two vulnerabilities, CVE-2019-1653 and CVE-2019-1652, which are also listed on CISA’s Known Exploited Vulnerabilities list for 2019. SecurityScorecard says 30% of the RV320/325 devices may have been compromised, a statement based on its observation of frequent connections between the devices and known Volt Typhoon infrastructure.
OpenAI publishes election guidance
The AI giant announced some steps it’s taking to prevent people using its models to spread election misinformation. This includes controls in custom GPTs that prevent them from acting as real people or institutions and don’t deter people from the democratic process. ChatGPT will also direct uses to election resource links directly when asked and have access to real-time election information with supporting links. For DALL-E image generation, OpenAI will implement digital cryptographic credentials from the Coalition for Content Provenance and Authenticity to images. This will come “early this year.” The company also said it will keep monitoring how people use its tools and make adjustments as needed in the election season.
(OpenAI)
Have I Been Pwned adds “statistically significant” data leak
Troy Hunt and his leak alert site Have I Been Pwned have seen a lot of leaks, so when he describes one as “statistically significant” you should take notice. The site recently added the Naz.API dataset, which includes 104 gigabytes of data, including 70.8 million unique email addresses with associated plaintext passwords. In sampling, Hunt found that over a third of listed emails were net new to Have I Been Pwned, something very rare in leak datasets. This dataset appeared on hacker forums four months ago, seemingly coming from “stealer logs” on compromised machines, mixed with much older data from previous leaks.
Thanks to today’s episode sponsor, Savvy Security
Learn more at savvy.security/headlines.
JPMorgan Chase at Davos: hacking attempts increasing
Speaking to the World Economic Forum in Davos, the head of JPMorgan Chase’s asset and wealth management division, Mary Callahan Erdoes, stated how her organization had seen “sizable increase in attempts by hackers each day to infiltrate its systems over the last year.” As the largest US bank by assets, JPMorgan Chase “now invests $15 billion a year and employs 62,000 technologists to, in part, help fortify its defense against cyber crimes,” she said, adding “We have more engineers than Google or Amazon. Why? Because we have to.”
(CNN)
Cyberattack on Ukraine’s largest telecom provider comes at a heavy cost
Following up on a story we brought you in mid-December, it is estimated that the cost of a major cyberattack on Ukraine’s largest telecom operator, Kyivstar, will cost its parent company, Netherlands-based Veon, almost $100 million, this according to a statement the company released Monday. Veon is focusing on “an impact on its consolidated revenue results for 2024 associated with the revenue loss arising from the customer loyalty measures.” According to The Record, the financial impact is not due to the cost of repair and restoration, but in large part is due to subscribers immediately switching to SIM based connectivity through local operators — Vodafone and Lifecell. The attack itself is believed to have been the work of the Russian Sandworm operation.
(The Record and Veon)
Russian state hackers COLDRIVER deploy malware in European espionage campaign
According to research from Google’s Threat Analysis Group, the COLDRIVER gang, is increasing its attempts to deploy backdoors on the devices belonging to target organizations in NATO countries and Ukraine. The hackers appear to be an elite branch of the Russian government’s Federal Security Service known as Center 18. The group is using social engineering as an attack vector, pretending to be experts in the targets’ industries. They seek to befriend individuals and then send encrypted PDFs that cannot be opened thus prompting a request from the victim for a decryptor, which carries the backdoor malware.