This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Montez Fitzpatrick, CISO, Navvis
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
UK Legal Aid program faces collapse due to cyberattacks
Following up on a story we covered last May, lawyers in the UK are warning that the cyberattack that occurred in May has “pushed the sector into chaos, with barristers going unpaid, cases being turned away and fears [that] a growing number of firms could desert Legal Aid work altogether.” After the personal data of hundreds of thousands of legal aid applicants in England and Wales dating back to 2010 was stolen in the attack, the inability for lawyers to access data or get compensated for their services has led to stress and a simple financial inability to maintain their Legal Aid practice, leading to a possible collapse of the entire system.
Ohio sets new cybersecurity rules for local governments, including public approval of ransomware payments
Ohio enacted new cybersecurity rules requiring all local governments to implement formal policies and publicly approve any ransomware payments. The move was passed as part of the state’s budget and follows a wave of cyberattacks on municipalities like Cleveland. Lawmakers say the new measures should increase transparency and improve defenses against increasingly sophisticated attacks that jeopardize constituent data and local infrastructure.
PBS confirms data breach after employee info leaked on Discord servers
PBS confirmed a data breach after a file containing contact info for nearly 4,000 employees and affiliates was leaked on Discord servers tied to “PBS Kids” fan communities. The data included names, job titles, emails, departments, and supervisors. PBS says the breach came from its internal MyPBS.org platform and that no other systems were affected.
Huge thanks to our sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO
Google says hackers stole its customers’ data by breaching its Salesforce database
Google says hackers linked to the ShinyHunters group breached one of its Salesforce databases containing small business contact info. While only basic and largely public data was taken, the attackers used voice phishing to gain access and may be preparing a leak site. The breach is the latest in a string of Salesforce-related incidents, following attacks on Cisco, Qantas, and Pandora.(TechCrunch)
Luxembourg suffers attack on its Huawei systems, knocking out mobile service
As posted in The Record, “Luxembourg’s government announced on Thursday it was formally investigating a nationwide telecommunications outage caused last week by a cyberattack reportedly targeting Huawei equipment inside its national telecoms infrastructure.” This attack affected the country’s 4G and 5G mobile networks, making them unavailable for more than three hours, including for access to emergency services. This is because the country’s fallback 2G system became overloaded. Internet access and electronic banking services were also inaccessible. Statements issued by the country’s government said that the attack was “intentionally disruptive rather than an attempt to compromise the telecoms network,” and this led to a system failure.
Hackers hijacked Google’s Gemini AI with a poisoned calendar invite to take over a smart home
Wired has a new report on security researchers who are demonstrating indirect prompt injection attacks by hiding prompts for Gemini in Google Calendar items. At Black Hat, they reported how these prompts could cause Gemini to do things like raise your smart blinds or start a Zoom call every time you tell Gemini “thanks.” The researchers informed Google of the methods in February, and Google has since deployed mitigations.
(Wired)