This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Dan Holden, CISO, BigCommerce
Dan will be speaking at RVASEC in Richmond, VA, June 3 and 4th. Go check him out!
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Ransomware attacks on food and agriculture industry have increased this year
Speaking at RSA, Jonathan Braley, director of the Food and Agriculture-Information Sharing and Analysis Center, (Food and Ag-ISAC), said that paired with the increase in ransomware attacks is the fact that many go unreported, preventing visibility into the full scope of the problem. The increase in attacks seems to stem from activities by the Clop ransomware gang, specifically its exploitation of MOVEit, GoAnywhere and Accellion, as well as activity from the groups RansomHub and Akira. The industry saw 84 attacks from January to March, more than double the number seen in Q1 2024. A report from Food and Ag-ISAC says that industries in food, agriculture, and manufacturing typically face ransomware attacks because they tend to have more legacy equipment and industrial control systems, making them easier targets.
Congress challenges Noem over proposed CISA cuts
On Tuesday, Homeland Security Secretary Kristi Noem faced tough questioning from members of Congress about the Trump administration’s proposal to cut CISA’s funding by $491 million, as part of their “skinny budget.” Homeland Security subcommittee chair Rep. Mark Amodei, R-Nev., said at a time when government leaders are saying China is getting the better of the U.S. in cyberspace, appropriators need more information on the budget proposal. Top panel Democrat, Rep. Lauren Underwood (D-Ill.), said to Noem, “Last week you said we should ‘just wait’ for the president’s grand cyber plan. But you have not waited to erode the department’s cyber defense capabilities by removing resources and personnel from CISA and other components.” Noem maintained that instead of “censorship,” CISA is now focused on securing critical infrastructure. She added that the president’s cyber plan would be “coming out shortly and that’s the president’s prerogative.”
(CyberScoop and The Record
Disney Slack attacker turns out to be Ryan from California
Following up on a story we covered last July, in which The Walt Disney Company suffered the theft of more than one terabyte of data through its Slack channels, it turns out that the perpetrator was not a Russian hacktivist group, but was instead, 25-year-old California resident Ryan Mitchell Kramer. The hack was originally described as retribution against Disney for how it handled artist contracts, their use of AI, and how it treated its consumers. Now, according to the Department of Justice, “Kramer published a program online that purported to be an AI art generation app but actually contained malware that gave him remote access to the victim’s computer. A Disney employee downloaded the program, allowing Kramer to nab login credentials for various accounts in their name, including their Disney Slack account.” Kramer has agreed to plead guilty to one count of accessing a computer and obtaining information, and one count of threatening to damage a protected computer, which could lead to ten years in prison.
Thanks to today’s episode sponsor, ThreatLocker
NSO Group to pay WhatsApp $167 million in damages
On Tuesday, after a five-year legal battle, a jury ruled that NSO Group must pay the Meta-owned platform $167,256,000 in punitive damages and around $444,719 in compensatory damages. WhatsApp accused NSO Group of exploiting an audio-calling vulnerability in the chat app to target around 1,400 people, including dissidents, human rights activists, and journalists. WhatsApp was seeking more than $400,000 in compensatory damages, based on the time its employees spent on investigating and remediating the attacks. A WhatsApp’s spokesperson hailed the historic ruling as, “the first victory against illegal spyware that threatens the safety and privacy of everyone.” NSO Group said it plans to carefully review the details of the verdict and left the door open for an appeal.
Telemessage stores plaintext chat logs per security researchers, Senator demands DOJ investigate, Telemessage suspends services
TeleMessage, a federal contractor that sold a modified version of Signal called TM SGNL to senior US officials, can reportedly access plaintext chat logs—despite marketing claims suggesting end-to-end encryption. Security researcher Micha Lee analyzed the app’s Android source code and found it insecure, confirming TeleMessage’s access. The company was recently hacked twice, leaking sensitive data and prompting it to suspend operations. Senator Ron Wyden has now called for a DOJ investigation, citing the app as a potential national security threat due to its insecure design and foreign ties.
PowerSchool hacker now extorting individual school districts
Following up on a story we have been covering since January, the education technology company PowerSchool now says that despite having paid a ransom, “the same threat actor is now attempting to use the stolen data to extort the individual school districts that it works with.” The breach, which occurred in December, exposed sensitive personal data of more than 60 million K-12 students and more than nine million teachers. PowerSchool had expressed confidence that the incident had been resolved, telling Bleeping Computer the hacker shared a video which purported to show the data being deleted. Apparently, this was not the end of the story as at least four school boards have contacted with extortion requests.