Cisco confirms data leak
It’s a data leak that’s been speculated but now Cisco has confirmed the authenticity of a second 4GB data leak linked to its public-facing DevHub environment, which provides developer resources. The hacker IntelBroker, known for targeting major organizations like AMD and T-Mobile, claims to have obtained sensitive data, including source code, credentials, and confidential documents, though Cisco asserts no breach of its internal systems or enterprise environments occurred. While public access to the DevHub has been disabled as a precaution, Cisco says they will continue to investigate the incident and has not identified any evidence of compromised sensitive personal or financial information.
Microsoft announces urgent .NET domain transition
Microsoft is urging .NET developers to update their applications and pipelines to replace references to “azureedge.net” domains with “builds.dotnet.microsoft.com” as the former will soon be retired due to CDN provider Edgio’s bankruptcy. This sudden transition, happening during the holidays, could disrupt projects using .NET installers, GitHub Actions, or Azure DevOps pipelines tied to the old domains, with firewall updates also necessary for the new CDN locations.
2024 security lessons
According to an article by Dark Reading there are some key lessons to takeaway as we head into the new year. The threat landscape in 2024 underscored the rise of zero-day exploits, nation-state alliances with cybercriminals, and increasing attacks on critical infrastructure, exposing systemic vulnerabilities in both IT and OT systems. High-profile incidents, including ransomware disruptions to supply chains and espionage targeting telecom networks, highlighted the need for stronger defenses, proactive patch management, and cross-sector collaboration.
Huge thanks to our sponsor, ThreatLocker
ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team.
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Stories of the year from Cyber Security Headlines reporters
Can you believe it, we’ve made it, the last headlines episode of the year, so we figured we’d change things up a bit with these final few stories. Throughout the year cybersecurity headlines reporters Sean Kelly, Rich Stroffolino, Steve Prentice, and myself (Lauren Verno) scour the top stories of the day to pass along to you, and as we wrap up this year the team wanted to share a story that stood out to them whether for notability, the sheer impact of the story, or one that simply stuck out.
Lauren Verno: The persistent threat of small-scale ransomware attacks
My story—or rather stories—of the year is the weekly ransomware attacks on local governments, regional infrastructure, and other under-resourced industries that impact our daily lives. Hear me out, there has not been one week this year where I wasn’t able to find a ransomware attack impacting a relatively small agency, county, or business. But because they don’t carry the massive Change Healthcare ransom of $22 million or involve a well-known branded name, these attacks are often noted and then quickly overshadowed by a new small town experiencing a similar attack the following week. Pittsburgh Regional Transit, Costa Rica State Energy, Texas County, Ohio’s capital city—even my own local beach town, Jacksonville Beach City Hall, was a victim. I could go on and on, and those were just attacks we’ve reported on in the last two months of the year. While I can only assume why these criminals are going after these “lesser-known” targets, there was a definite trend this year that I am fairly confident in saying will likely not change in the new year.
Steve Prentice: The $25 Million Deepfake Heist
My story of the year has to be the $25 million Hong Kong deepfake heist in February. It was at the time – and probably remains – one of the most sophisticated deepfake campaigns to date, involving Arup, the British design and engineering company famous for building the Sydney Opera House. One of its Hong Kong based employees was duped into attending a video call with people he believed were the chief financial officer and other members of staff, but all of whom turned out to be deepfake re-creations. This resulted in the transfer of $25 million to cybercriminals. The story was not only intriguing in its audacity but also reflected that the employee did everything right – refusing the initial request to transfer the money and therefore practicing proactive cybersecurity. It was only after the criminals upped the stakes by creating the deepfake video meeting that the employee was convinced of the validity of the transaction. So, this story to me is a salute to employees doing what they are trained to do in terms of staying vigilant, while at the same time serves as a reminder of the endless creativity of threat actors.
Sean Kelly: Women in Cybersecurity—A Call to Action
The team and I covered a number of game-changing stories this year, including the CrowdStrike and Change Healthcare incidents, the evolving threat of AI and deepfakes, and cybercrime ring takedowns. But the story that resonated with me most t his year was one that I reported in our September 16 Cyber Security Headlines. A report from The Wall Street Journal highlighted that just 22.6 percent of tech roles are occupied by women. And that number had only risen by half a percent in 17 years (since 2005). Coincidentally, a new documentary called Do We Belong Here premiered by Cyber Florida at the University of Southern Florida (USF). The documentary highlights stories of perseverance and success shared by women and other underrepresented groups in cyber. The documentary is inspiring and extremely well-done, but it’s not just a feel-good story; it’s a call to action for all of us. So, regardless of your sex, race, or background, please watch the documentary and share it with others. You can also get involved with organizations like WiCyS and Cyversity, which are always looking for allies and partners to help fulfill their mission.
Rich Stroffolino: NIST’s Vulnerability Database Backlog
The story I keep thinking about this year is the status of NIST’s National Vulnerability Database, NVD. NIST has had problems enriching items added to the NVD and came out in April saying there was a significant backlog. In May, it announced it hired a contractor to help clear the backlog, hoping to have it done by the end of September. That estimate proved optimistic, with NIST admitting in November that it made progress but was still working on it. But what’s got me thinking is what long-term solutions NIST will use to keep this backlog from going out of control as vulnerabilities inevitably grow and become more complex. NIST threw out the idea of starting a consortium with industry and government stakeholders, but we’ve heard nothing about that for months. Will the idea of the NVD as a single source of vulnerability truth become a quaint anachronism? It’s one of my big unresolved questions going into the new year.