This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
ShinyHunters and Scattered Spider merge
Cybercrime groups ShinyHunters and Scattered Spider are working together in a coordinated campaign targeting Salesforce users, according to researchers at ReliaQuest. The activity combines phishing, voice phishing, and malicious app-based attacks. Techniques include impersonating IT support in phone calls, creating fake Okta-branded login pages, and setting up spoofed “connected apps” that look like legitimate tools to collect credentials and data. Many of the malicious domains use ticket-related themes and target industries including luxury retail, aviation, insurance, technology, and financial services. Researchers say the tactics align with known methods from both groups, suggesting a deliberate collaboration.
DARPA awards $4 million prize for AI code review at DEF CON
The winner of a two-year competition to “create the best artificial intelligence systems that can find and fix vulnerabilities” was announced at DEF CON by the competition sponsor, the U.S. Defense Department. Team Atlanta is “composed of tech experts from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST) and the Pohang University of Science and Technology (POSTECH). “The final competition saw teams attempt to find and generate patches for synthetic vulnerabilities buried in 54 million lines of code. Teams were judged on the ability of their systems to create patches for the bugs that were found.”
The Franklin volunteer hackers who defend the water system
A year after launching the program at last year’s DEF CON, former White House official and executive director at the University of Chicago’s Cyber Policy Initiative, Jake Braun, says his Franklin project continues to grow, with more volunteers than they can handle. The Franklin project focuses on providing free cybersecurity services to critical infrastructure, especially water systems, to help them with activities such as setting passwords, activating multi-factor authentication, conducting “asset inventories, operational technology (OT) assessments, and network mapping and scanning.” In addition to an excess of need, Braun told The Register during this year’s DEF CON that “One of the volunteers’ first challenges was convincing the water utilities that, despite being located in small towns, they were still a target for Chinese and Iranian cyber crews.”
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines
Microsoft rolls out PC back up during attack
Microsoft just opened a limited public preview for Windows 365 Reserve, a new service that gives employees temporary access to cloud PCs when their main devices fail or get hit by cyberattacks. You get up to 10 days per year of access, with pre-configured desktops that come ready with your company’s apps and security policies. The preview is invite-only for now, but once you’re in, users can log in from any device through a browser or Windows app, keeping work flowing while IT sorts out the problem.
Microsoft removes PowerShell 2.0 from Windows 11, Windows Server
Microsoft will permanently remove PowerShell 2.0 from Windows this month with Windows 11 version 24H2, and from Windows Server 2025 in September, ending support for the 14-year-old tool eight years after its deprecation. Legacy scripts will default to PowerShell 5.1, but Microsoft urges users to migrate to PowerShell 5.1 or 7 to avoid disruptions, as some older applications and installers may fail without it. The move is part of reducing legacy code, simplifying Windows, and improving security.
Booking.com faces another sneaky fishing trick
Back in June we covered a story about Booking.com dealing with the ClickFix Captcha scam, and now the travel organization is dealing with a new challenge, a variation on an old-school homograph scam in which a letter in a URL is replaced by a similar looking character. This time it is a Japanese hiragana ん character that looks like a forward slash and a tilde together. In this particular case, the phishing email containing the bogus link purported to be a follow-up to a “Complaint of Service.” This is occurring at the same time that financial software company Intuit is dealing with a similar homograph scam with the capital letter I being replaced by a lower case “L.”