This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David’s travel blog, DavidCrossTravels.com
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
German Air Force under fire for non-encrypted Ukraine discussions overheard by Russia
Some embarrassment and outrage in Germany after Russian media published a conversation amongst German air force senior officials about the possibility of deploying Taurus long-range missiles in Ukraine and training pilots and operators there. Rather than being a sophisticated hack on the part of Russian intelligence, it was instead reported separately by German news agencies Der Spiegel and DPA that the recordings, which have been deemed as authentic, came from using “a non-encrypted WebEx connection,” in which meeting invitations had been sent to cellphones.
HP offers printer subscription that they get to monitor
This new service offers families and small businesses a printer for a small monthly fee, ranging from $6.99 to $35.99 depending on the printer chosen, along with ink deliveries and 24/7 tech support. But the terms of service also require that subscribers keep the printer connected to the internet. HP says this is so it can monitor ink cartridge status and the number of pages printed. However, it also allows HP to “remotely monitor the type of documents printed, and the devices and software used to print.” The policy also says that HP may “transfer information about you to advertising partners so that they can recognize your devices, perform targeted advertising, and, potentially, “combine information about you with information from other companies.”
(Wired)
Cloudflare announces LLM security solution
The company’s new Firewall for AI aims to provide a layer between potential threat actors and an LLM, serving to identify potential attacks or malicious prompts before they go out. The new firewall deploys in front of any LLM on Cloudflare’s existing Workers AI solution. The idea being this could block prompt injection threats at scale without human intervention.
Fake online meetings used to spread malware
The fake meeting scam strikes once again. Researchers from Zcaler’s ThreatLabz found a threat actor that is utilizing fake Skype, Google Meet, and Zoom meetings to distribute malware targeting both Android and Windows users. By creating convincingly similar websites hosted on shared Web platforms—such as “join-skype[.]info” for Skype, “online-cloudmeeting[.]pro” for Google Meet, and “us06webzoomus[.]pro” for Zoom—the attackers aim to spread commodity malware that can steal sensitive data. The malware delivered includes the Android-targeted SpyNote RAT and the Windows-focused NjRAT and DCRat, capable of logging keystrokes, stealing files, and gathering confidential information.
Thanks to today’s episode sponsor, Conveyor
Former Google engineer indicted for stealing AI secrets for Chinese companies
38-year-old Chinese national Linwei Ding was charged on Tuesday by a federal jury in San Francisco with four counts of theft of trade secrets. According to the indictment, quoted by Reuters, “Ding stole detailed information about the hardware infrastructure and software platform that lets Google’s supercomputing data centers train large AI models through machine learning.” Ding allegedly began his thefts in 2022 while being approached to become chief technology officer for an early-stage Chinese tech company. By May 2023, the indictment says, he had uploaded more than 500 confidential files. He faces up to 10 years in prison and a $250,000 fine on each criminal count.
(Reuters)
Online fraud hits record losses
The FBI’s latest Internet Crime Report (IC3) for 2023 is out and th e numbers are grim. A reported $12.5 billion dollars was lost to online fraud last year- up 22% from the year before. To put that into perspective, $12.5 billion could cover a Netflix subscription for about 67 million years. The report highlights over 880,000 complaints received, with investment fraud accounting for the highest loss at $4.57 billion, showing a 38% increase from the previous year. The report also notes a rise in complaints related to ransomware, business email compromise scams, and cryptocurrency investment fraud.
Change Healthcare attack causing cash flow issues
When we talk about fallout from a cyberattack, it generally involves dealing with IT infrastructure outages or assessing data loss. But the recent Change Healthcare attack that we just referenced resulted in major cash flow issues for hospital and pharmacy networks. Analysts speaking to The Record estimate this amounts to about $100 million a day in “deferred revenue.” The attack continues to impact insurance filings at a large number of healthcare organizations. This makes dealing with the crisis more of a business continuity challenge than a typical cyberattack.
US Treasury issues first spyware sanctions
The government announced sanctions against Tal Dilian, the founder of the spyware company Intellexa, as well as another Intellexa business leader, Sara Aleksandra Fayssal Hamou. The Treasury justified the sanction, saying that Intellexa developed spyware that targeted Americans, including government officials and journalists. The sanctions also impacted the Intellexa Consortium, a group of companies that resell Intellexa spyware in different countries, which includes the developer of Predator spyware, Cytrox Holdings ZRT. The sanctions prohibit US business dealings with the listed companies and individuals.