This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David’s travel blog and recent “Secure by Default” white paper at IT ISAC.
Missed the live show? Watch it on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Deepfake attack targets cybersecurity software CEO
No one is immune from deepfake attacks—not even those hired to protect others from cyber threats. Speaking at TechCrunch Disrupt, Wiz CEO Assaf Rappaport shared that his employees were recently targeted in a deepfake attack just a couple of weeks ago. The attack involved voice messages that sounded like Rappaport attempting to get credentials from employees. But the red flags popped up quickly: the audio was cloned from a public event where Rappaport was speaking, and since he admits to dealing with public speaking anxiety, it didn’t match his usual day-to-day voice. The company says they’ve traced the origin of the voice but has yet to determine who was behind the attack.
Black Basta leverages Microsoft Teams
ReliaQuest researchers report that Black Basta ransomware affiliates have switched tactics, now using Microsoft Teams to gain initial access to target networks by impersonating IT support. By overwhelming employees with spam emails and then posing as help desk personnel on Teams, the attackers attempt to trick users into downloading remote monitoring tools like AnyDesk. In recent incidents, they have also incorporated malicious QR codes into their communications. The report highlights a significant increase in message volume, with one user receiving around 1,000 emails in just under an hour.
Five Eyes launches startup security program
Last year, the UK’s GCHQ National Cyber Security Centre and MI5’s National Protective Security Authority launched Secure Innovation, a program designed to help secure tech startups from state-backed threats. After the first-ever public meeting of the heads of the Five Eyes domestic intelligence agencies, the UK, US, Canada, New Zealand, and Australian governments agreed to launch regionalized versions. Secure Innovation provides basic advice on protecting technology, using simple questions to create a personalized action plan. The UK found over 500 startups engaged with the Secure Innovation program in its first year.
Thanks to today’s episode sponsor, Dropzone AI
Russia might fork the Linux community
In a statement to local media, the Russian digital ministry said it plans to create an “alternative structure” and an independent development community around Linux. This statement came after the Linux community delisted 11 Russian kernel maintainers, later explaining that it would add restrictions to developers whose companies are controlled by anyone named on the US Office of Foreign Assets Control list. Russia called this “an act of discrimination.” Linux creator Linus Torvalds doubled down on the action, saying the decision “is not getting reverted.”
Change Healthcare data breach confirmed as largest-ever in U.S. healthcare history
UnitedHealth Group (UHG) has confirmed that more than 100 million individuals were impacted during the ransomware attack on its subsidiary, Change Healthcare, in February making it the largest known digital theft of U.S. medical records in history. UHG’s CEO confirmed cybercriminals broke into employee systems using stolen credentials that were not protected with multi-factor authentication (MFA). Stolen data varied by victim but included sensitive health treatment data as well as personal details like names, dates of birth, contact info, government IDs, as well as Social Security, driver’s license, and passport numbers. United Health began notifying victims in July and continues to do so as “the investigation is still in its final stages.” The ramifications are likely to be lifelong for the millions of Americans whose private medical information was exposed.
CISA launches International Cybersecurity Plan
The plan is the first for CISA, aiming to increase international cooperation, specifically securing critical infrastructure. The plan sets out three goals to accomplish by 2026. The first is to bolster the resilience of foreign infrastructure the US demands. This will see CISA work with international partners on risk assessments and expanding visibility into shared threats. The plan also calls for working with partners to strengthen integrated cyber defenses, including steering international bodies and NGOs to adopt secure-by-design principles. The final goal calls for the CISA Stakeholder Engagement Division to create a governance structure to advise on international cybersecurity matters.