This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guests Rob Teel, CTO, Oklahoma Department of Commerce and Howard Holton, CEO, GigaOm
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Qantas penalizes executives for cyberattack
Following up on a story we covered in July, Qantas has cut annual bonuses for senior leaders by 15% after a July cyberattack exposed data of 5.7 million people. The airline reported a $1.5 billion profit for the past fiscal year but said the penalty reflects accountability for the incident. CEO Vanessa Hudson’s pay was reduced by $250,000 as part of the decision. Chairman John Mullen noted the move balances responsibility with recognition of efforts to support customers and strengthen protections. Qantas added that it is facing rising social engineering threats and is using lessons from the breach to enhance its risk management framework.
SonicWall SSL VPN flaws now being actively exploited
Following up on a story we covered in August, cybersecurity firm Rapid7 says it has “observed a spike in intrusions involving SonicWall appliances over the past month, particularly following reports about renewed Akira ransomware activity since late July.” SonicWall has subsequently confirmed that the attacks on its firewalls “involved a year-old security flaw (CVE-2024-40766) with a CVSS score of 9.3, where local user passwords were carried over during the migration and not reset. Customers are advised to “rotate passwords on all SonicWall local accounts, remove any unused or inactive SonicWall local accounts, ensure MFA/TOTP policies are configured, and restrict Virtual Office Portal access to the internal network.”
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC.
Get started at Vanta.com/headlines.
Cyber Command & NSA to remain under single leader
The US administration announced it won’t split the dual leadership of U.S. Cyber Command and the NSA, citing the complexity and multi-year timeline. Senior officials say maintaining the “dual-hat” structure allows faster, more unified operations. Army Lt. Gen. William Hartman, acting head of both agencies, is expected to be confirmed permanently.
U.S. based investors in spyware firms nearly tripled in 2024
According to a report from the Atlantic Council think tank, 31 American firms were found to be backing the manufacturers of spyware, compared to 11 in 2023. The report continues by saying “the U.S. is the largest investor in the spyware market.” The report mentions as examples, Paragon, makers of the Graphite product, allegedly “used to target WhatsApp users,” which was acquired by Florida-based AE Industrial Partners last year, and Integrity Partners, which invested in Saito Tech Ltd, creator of Candiru spyware.