This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Mike Rosen, CISO, ZwillGen, advisor to NightDragon and Villager at Team8, whose favorite story of the week was Starlink’s ability to detect stealth aircraft. Check it out.
Missed the live show? Watch it on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
LinkedIn harvested posts for AI training without consent
According to The Register, LinkedIn “started harvesting user-generated content to train its AI without asking for permission,” which is not sitting well with many of its members. This was revealed in a “trust and safety” update published through Microsoft’s self-help network on Wednesday. In the update, senior VP and general counsel Blake Lawit revealed “LinkedIn’s use of people’s posts and other data for both training and using its generative AI features.” He added that the site’s privacy policy had been updated. The Register notes that this policy “links to an FAQ that was updated sometime last week…meaning it appears LinkedIn started gathering up content for its AI models, and opting in users, well before Lawit’s post.”
Ransomware groups make good on threats
This is an update to two separate ransomware incidents where the organizations involved said they were not going to pay the threat actors, and the ransomware artists did exactly what they said they would—release the data. In the first case, on Monday, the cybercriminals responsible for the attempted extortion on the Port of Seattle posted a 100-bitcoin ransom demand along with images of stolen documents. The photos appear to be scanned U.S. passports, tax identification numbers, and other personal information, with the threat of selling the data if the ransom is not met within seven days. A statement issued by the company on Friday said they refused to pay the ransom, with the understanding that the group may post the data, which they did, but the company has not issued an additional comment as of this recording. In a separate, second incident, the RansomHub ransomware group released 487 gigabytes of data allegedly stolen from the motorcycle manufacturer Kawasaki Motors Europe. Similar to the other situation, the group threatened the motorcycle company last week that they would release the data if the ransom was not paid, and on Monday, they fulfilled that promise.
AT&T pays $13 million FCC settlement over vendor’s data breach
The settlement is in regard to a breach that occurred in January 2023, when threat actors “accessed customer data of roughly 9 million AT&T wireless accounts stored by a vendor contracted to generate personalized video content, including billing and marketing videos.” The vendor was required to destroy or return the data after the contract ended, which was years before the breach, but failed to do so. AT&T was found to have inadequately monitored the vendor’s compliance with their contractual obligations.
Thanks to today’s episode sponsor, Conveyor
A few reasons.
One. Market-leading AI accuracy for any format of security questionnaire with limited knowledge base maintenance.
Two. Enterprise-grade trust center that automates every customer security request.
Three. Conveyor’s sales team is actually fun to work with.
Learn why Conveyor is the security review platform your infosec friends love at www.conveyor.com
Credential Flusher steals login credentials directly from browser
Researchers at OALABS describe this new technique as using an AutoIt script to “force users to enter their credentials in a browser operating in kiosk mode. This mode limits the user’s ability to close the browser or access other applications, making it easier for hackers to obtain the desired information.” The script does not steal the credentials but works with other stealer malware to do so. The attackers are taking advantage of the service provided by browsers to save user’s passwords securely. The researchers state that standard security hygiene such as updated software, 2FA and avoiding re-use of passwords will help protect against this new technique.
Newmark creates volunteer network for civil cyber defense
At the Aspen Cyber Summit, the titular founder of Craigslist, Craig Newmark, announced his philanthropic organization worked with CISA, the University of California, Berkeley, and the CyberPeace Institute to create the new Volunteer Network for Civi Cyber Defense. Newmark described the initiative as a way to bring “critical resources into communities that need a hand with cyber protection and resilience.” Craig Newmark Philanthropies will provide $1.2 million in funding, initially aiming to coordinate existing resources to high-risk communities. The Volunteer Network will operate as part of the programs under the Newmark Foundation’s Cyber Civil Defense Coalition.
Knowledge bases at risk due to ServiceNow misconfigurations
According to researchers Aaron Costello of AppOmni and Dan Meged of Adaptive Shield, thousands of companies are “potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.” The researchers, working separately and publishing separate reports, suggested that “pages set to ‘private’ could still be read by tinkering with a ServiceNow customer’s KB widgets.” This applies to cases where an organization’ s KB is set to ‘public,’ but the pages inside it are set to ‘private.’ Meged estimates 30 percent of ServiceNow customers have this faulty configuration and could be “unwittingly exposing secrets held in their KB, such as first-time-access passwords for new starters connecting to a company VPN.