This week’s Cyber Security Headlines – Week in Review is hosted by Sean Kelly with guest Edward Frye, head of security, Luminary Cloud.
Missed the live show? Check it out on YouTube.
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours
This story pertains to a bug that appeared on November 14 in the internet security company’s log collection service, one that allows its customers to monitor the traffic on their websites and filter it based on certain criteria. They are also used to investigate security incidents, DDoS attacks, traffic patterns, and to perform site optimizations. This is a big service, amounting to over 50 trillion customer event logs every day, of which around 4.5 are sent to customers. The incident was caused by a misconfiguration in a log forwarder component in Cloudflare’s pipeline. The pause then created a massive spike once the system tried to resolve itself. Cloudflare has now implemented several measures to prevent future occurrences.
Cyber-unsafe employees increasingly put their orgs at risk
A new study from CyberArk surveyed more than 14,000 employees across a variety of industries and shows that 80% of respondents access workplace applications from personal devices that lack key security controls. Additionally, the study found that privileged access often extends beyond IT admins. One third of respondents are able to alter sensitive data without controls, and roughly 30% can approve large financial transactions on their own. Nearly half (49%) of respondents admitted to reusing the same login credentials for multiple work applications, while 36% use the same credentials for both work and personal applications. Finally, about 65% admitted to bypassing cybersecurity policies for personal ease. All of these practices heighten the risk of organizations falling victim to leaks and data breaches.
FBI and CISA urge Americans to use encrypted apps rather than calling
Further developments from the Salt Typhoon attack on U.S. telecommunications companies, officials from both agencies are recommending that Americans use start using encrypted messaging apps. Speaking to the media on Tuesday, Jeff Greene, executive assistant director for cybersecurity at CISA, along with a senior FBI official who asked not to be named, said they plan to use the same message as they do inside their respective organizations: Encryption is your friend,” whether it’s on messaging or encrypted voice communication. They also suggest people considering using a cellphone that “automatically receives timely operating system updates, responsibly managed encryption and phishing resistant multi-factor authentication for email, social media and collaboration tool accounts.”
(NBC News)
Phishing tool Rockstar 2FA targets Microsoft 365 creds
Researchers at Trustwave are warning of a Phishing-as-a-service toolkit named Rockstar 2FA, which apparently targets Microsoft 365 accounts and bypasses multi-factor authentication via adversary-in-the-middle attacks. It is an updated version of the DadSec/Phoenix phishing kit. The attacks involve theft of a victim’s password and session cookie though the creation of a proxy server between a target user and the website the user wishes to visit, which itself is a phishing site. Trustwave points out a unique feature of this current campaign being websites whose common theme is cars.
Huge thanks to our sponsor, Vanta
With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs.
Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.
Visit vanta.com to learn more about Questionnaire Automation.
Hydra Market leader sentenced to life
Russia continues its crackdown on cybercriminals. On Monday, authorities sentenced Hydra Market leader Stanislav Moiseyev to life in prison for running the world’s largest dark web platform for drugs and money laundering. Fifteen accomplices received sentences ranging from 8 to 23 years, along with fines totaling 16 million rubles. Hydra Market, which served 17 million customers and processed $1.35 billion in transactions, was dismantled in 2022 by German and U.S. authorities. This marks the second maj or action in less than a week, as Russian law enforcement also arrested ransomware gang leader Wazawaka on Friday for his role in several hacking groups—a rare move for a country that typically tolerates cybercriminals as long as they don’t target Russian organizations
GenAI boosting financial fraud
A new alert from the FBI’s Internet Crime Complaint Center details how threat actors use generative AI tools for fraud on a larger scale and with more believability. This includes using tools like ChatGPT to assist with language translation for romance or investment scams, enabling faster and more elaborate lures. Image generation tools allow for believable social media profile photos and other supporting evidence in financial fraud schemes. Deepfakes are increasingly using short audio-only voice clips, bypassing visual verification checks and video calls. Not surprisingly, the FBI recommended creating a secret word or phrase to verify your identity with friends and family.
Chinese group linked to another long-term intrusion
Researchers at Symantec report that a Chinese-linked threat actor carried out a long-term attack against an unnamed US organization, operating since at least April 11, 2024. The attacks used a DLL side-loading attack, showing similarities to the larger Crimson Palance espionage campaign Sophos discovered back in September. The threat actors used their access for credential theft and targeted access around Exchange servers. While we don’t know the name of the victim, researchers said it previously suffered an attack linked back to the Chinese-based group Daggerfly in 2023.