This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest DJ Schleen, Head of Security, Boats Group
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Cybersecurity firm CEO charged with installing malware on hospital systems
Jeffrey Bowie is CEO of the cybersecurity firm Veritaco. He is now facing two counts of violating Oklahoma’s Computer Crimes Act for “allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital,” on August 6 of last year. He was arrested in April based on security footage showing a man attempting to access multiple offices. The malware was designed to capture screenshots every 20 minutes and transmit them to an external IP address. Officials have stated that no patient data was accessed.
Cloudflare sees a big jump in DDoS attacks
Cloudflare’s Q1 DDoS Report disclosed that the company mitigated 20.5 million DDoS attacks in the quarter, compared to 21.3 million DDoS attacks it mitigated in all of 2024. The Q1 figure is up 358% on the year and up almost 200% compared to Q4 2024 numbers. Attacks on Cloudflare accounted for 32% of the Q1 figure, and it saw over 6.6 million DDoS attacks as part of an 18-day campaign. Network layer attacks accounted for this huge spike, up 509% on the year. Within that, attacks using Connectionless Lightweight Directory Access Protocol (CLDAP) and Encapsulating Security Payload (ESP) floods saw the most significant growth. Cloudflare also saw over 700 attacks with at least one terabit bandwidths per second.
The FBI wants your help with Salt Typhoon
The Federal Bureau of Investigation released a Public Service Announcement asking the public to come forward with any actionable intelligence about the China-linked threat actor Salt Typhoon, which law enforcement discovered accessing US telecommunication companies in November. Among other things, the group targeted staff phones for both major parties’ presidential campaigns last year. In addition, the US Department of State’s Rewards for Justice program will offer up to a $10 million reward for any information on foreign state-linked threat actors who target US critical infrastructure.
Thanks to today’s episode sponsor, ThreatLocker
House passes bill to study routers’ national security risks
The U.S. House of Representatives passed the ROUTERS Act, which mandates the Department of Commerce to study national security risks posed by routers and modems controlled by foreign adversaries, especially China. Lawmakers have emphasized securing U.S. communications networks as a critical role in national infrastructure. This builds on previous efforts to remove untrusted equipment, following cybersecurity threats such as the Salt Typhoon hacker group’s exploitation of telecom networks.
Maryland man pleads guilty to outsourcing U.S. govt work to foreign national
A Vietnamese-born naturalized U.S. citizen, Minh Phuong Ngoc Vong, has pleaded guilty to fraud after landing a job with a U.S. government software contractor, and then outsourcing the work to a North Korean developer located in China. According to prosecutors, in January 2023, a Virginia-based technology company seeking a full-stack web developer received a resume falsely claiming Vong held a bachelor’s degree and had 16 years of experience. In reality, he worked at a nail salon in Bowie, Maryland. Vong participated in multiple job interviews to land the position, then worked on a software development contract for the Federal Aviation Administration. Vong installed remote access software on a company-issued laptop, allowing the developer access from China between March and July 2023, while masking the user’s location. Vong has admitted to similar frauds targeting at least 13 U.S. companies between 2021 and 2024. He’s due to be sentenced in August, and faces up to 20 years in prison.
That Windows folder “inetpub” might be a problem after all
Two Mondays ago, we reported on an issue following patch Tuesday in which a new, empty folder had been created on Windows subscribers’ hard drives. Microsoft issued a statement telling users the folder was “part of a fix for a Windows Process Activation elevation of privilege vulnerability” and that it should not be removed. However, cybersecurity expert Kevin Beaumont says this folder “can be abused to prevent further Windows updates from being installed if it is created a certain way,” adding “I’ve discovered this fix introduces a denial of service vulnerability in the Windows servicing stack that allows non-admin users to stop all future Windows security updates.” This can be achieved by anyone, by simply creating a junction between C:\inetpub and a Windows file by using a simple one-line command. “Beaumont says he reported the bug to Microsoft, who has assigned it a “Medium” severity classification and closed his case, stating they will consider fixing it in the future.”