This week’s Cyber Security Headlines – Week in Review, June 26-30, is hosted by Rich Stroffolino with our guest, Cassio Goldschmidt, CISO, ServiceTitan
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
SEC notice to SolarWinds CISO and CFO shakes up cybersecurity industry
US SEC staff have recommended legal action against individual SolarWinds employees, in an unusual move that is causing a stir among cybersecurity professionals. Current and former employees and officers of the company including the CFO and CISO have received so-called Wells notices from the SEC staff, in connection with the investigation of the 2020 cyberattack, the company said in an SEC filing. The notices allege that the company violated federal securities law by not having internal cybersecurity controls in place to prevent the attack. A SolarWinds spokesperson defended the company’s response to the fiasco but said its executives may face charges related to their handling of the situation.
(The Record and CSO Online)
US military personnel report receiving smartwatches in the mail
Service members across the military who have received these unsolicited smartwatches in the mail report that upon using them, they automatically connected to Wi-Fi and to cellphones unprompted, gaining access to a huge quantity of user data. They may also contain malware that would grant the sender access to saved data that includes banking information, passwords and PII, and also may contain malware that accesses both voice and cameras. US Military personnel are advised to not turn these unsolicited watches on, and to report the receipt to their local counterintelligence, or security manager.
Chinese state-backed hackers accidentally infect a European hospital
The incident occurred earlier this year at an unnamed hospital that was inadvertently affected by a self-propagating malware infection introduced to its network via a USB drive. Incident responders discovered that an employee of the hospital attended a conference in Asia and conducted a presentation with another attendee. That person’s laptop was infected with WispRider — a powerful malware that can not only bypass antivirus solutions and establish backdoors into a system but also spread itself to newly connected removable drives. Check Point researchers have traced this to Camaro Dragon also known by researchers as Mustang Panda and LuminousMoth— a China-based espionage threat actor whose operations focus on Southeast Asian governments and institutions.
5G deadline could impact flights
The Wall Street Journal reports that as of July 1st, planes flying in the US without retrofitted sensitive radar altimeters can’t land in low visibility conditions. This cutoff comes as part of a deadline by US wireless carriers to increase power of 5G networks. Right now about 80% of domestic aircraft and 65% of aircraft from international destinations have updated equipment. You may recall carries and the Federal Aviation Administration butted heads with this power increase last year. The carriers initially planned to increase power in January 2022, delaying until July 2022 before compromising to a final delay until July 1st of this year.
(Engadget)
Thanks to today’s episode sponsor, AppOmni
Windows 11 gets passkey manager
The latest Windows 11 Insider build includes an integrated passkey manager, allowing users to sign into accounts with Windows Hello. Microsot says this will allow for a broader range of “native” Windows Hello logins across sites and apps, using face or fingerprint biometric authentication. Users can also use a PIN or their phone as another factor for a login. The build also brings a passkey manager into Windows settings. Bleeping Computer reports it appears to still be a work in progress. Some website passkeys worked fine, but it noted Google allowed the PC to save a passkey, but never prompted to use it at login.
Third-party vendor hack exposes American and Southwest Airlines data
A breach of Pilot Credentials 3rd party application has affected data of more than 8,700 pilots at American Airlines and Southwest Airlines. The breach, discovered on May 3, was limited to the vendor’s systems and reportedly did not compromise the airlines’ networks. American Airlines breach notifications revealed that Social Security numbers, driver’s license and passport numbers, dates of birth, Airman Certificate numbers, and other government identification details were exposed. Southwest said they have discontinued use of the third party system in favor of an internal portal managed by Southwest.
Submarine cables at growing risk of cyber-attacks
Researchers from Recorded Future say that recent geopolitical developments, including the Russia-Ukraine conflict, China’s coercive actions towards Taiwan and growing tensions between the US and China increase the risk that submarine cables will be targets for sabotage and even espionage attacks. An estimated 99% of intercontinental internet traffic and data and voice communication is transmitted through fiber-optic submarine cables laid along the ocean floor. The report cited two submarine cables connecting Taiwan with the island of Matsu were cut by Chinese civilian ships, likely intentionally, within six days of each other in February 2023. Earlier this month, Dimitry Medvedev, a close ally of Russian President Vladimir Putin, declared that Russia should have a free hand to destroy its enemies undersea communication cables. In addition to physical attacks, the report highlights the risk of cyberattacks on the undersea cables, though there is only one known example of such a cyber-attack, back in April 2022, when the US government revealed it had thwarted an attack on an underwater cable linking Hawaii and the Pacific Region.
US considering more AI chip export bans
We’ve seen the US government consistently clamping down on Chinese access to the semiconductor supply chain for years now. Much of this focuses on limiting access to advanced chipmaking tools. But access to accelerator chips for AI workloads also remains a focus. Now the Wall Street Journal’s source say the Biden administration began considering new restrictions on the latter. This could codify export control measures announced by the Commerce department in October, stopping shipments from Nvidia and other chipmakers as early as next month. Nvidia already sells lower spec’d AI accelerators specifically for the Chinese market. However these new restrictions could ban the sale of those chips without a license. These new restrictions could also place limits on Chinese firms leasing cloud resources.
(WSJ)