This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Andrew Cannata, CISO, Primo Water
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Just breaking this morning, AT&T said today that almost all its wireless subscribers were exposed in a massive hack that occurred between April 14 and April 25 resulting in exfiltration of files containing “records of customer call and text interactions” in May 2022 through October 2022. The breach does not contain PII, but instead contains records of phone numbers used to make calls and text messages. AT&T added that the data was “illegally downloaded from our workspace on a third-party cloud platform”, which experts are suggesting was Snowflake.
(SecurityWeek)
Supreme court ruling makes cybersecurity regulations even trickier
Late last month the Supreme Court struck down a legal principle known as the Chevron Doctrine, this decision means courts no longer need to defer to federal agencies’ expertise on regulatory matters, including those related to cybersecurity. Why is this a big deal? Cybersecurity regulations issued by agencies like the SEC, FDA, and DHS could face increased legal challenges and potential invalidation by courts. According to Security Week this could lead more companies to appeal agency decisions, and well-funded companies to treat US regulations in the same way they treat EU regulations: masses of paperwork, dozens of lawyers, and appeal after appeal.
Senate takes aim at ‘overly burdensome’ cybersecurity regs
The Senate has introduced new bi-partisan legislation called the “Streamlining Federal Cybersecurity Regulations Act.” The bill would create a committee tasked with harmonizing the “overly burdensome, inconsistent, or contradictory” cybersecurity requirements currently imposed on companies by federal regulatory agencies. The committee would include the national cyber director, the heads of each federal regulatory agency and other government leaders. The new bill comes a month after assistant national cyber director for cyber policy and programs, Nicholas Leiserson, warned lawmakers of increasing “fragmentation” of cybersecurity regulations.
Thanks to today’s episode sponsor, Entro Security
Record-breaking 10 billion stolen passwords exposed
It appears to be the largest collection of stolen and leaked credentials ever seen on the crime marketplace BreachForums. Security researchers from Cybernews report that a hacker named “ObamaCare” has allegedly posted a database of almost 10 billion unique passwords, gathered from multiple breaches and hacks over the years. However, there are some doubts about the value of the data, according to Forbes sources much of the data is being described as “garbage” and unlikely to be useful to any adversary. Cybernews researchers responded to these claims, emphasizing their goal is to make the public aware of potential risks, rather than verifying the entire dataset or facilitating its use by threat actors.
US disrupts Russian AI-powered disinformation bot farm
A joint international law enforcement operation led by the U.S. Justice Department has seized email servers, domains and nearly a thousand Twitter accounts controlled by a large Russian bot farm. The bots have leveraged AI-enabled software called Meliorator to create authentic-looking social media accounts posing as people worldwide to propagate false narratives since 2022. The bot farm was managed by the deputy editor-in-chief of Russian news organization Russia Today (RT) and an officer of Russia’s Federal Security Service (FSB).
(Bleeping Computer and NPR)
The Fin7 resurgence
Speaking of Fin7, security journalist Brian Krebs highlighted new research on the group’s resurgence. This comes after the Washington US attorney declared the group “no more” in May 2023, following a series of convictions of high-profile members. However, researchers at Silent Push released a report documenting Fin7’s rebuild infrastructure, which now uses over 4,000 hosts to spoof high-profile brands for spearphishing attacks, as well as typosquatting attacks against popular free software. The group uses some hosting services from Stark Industries Solutions, which came online just before Russia invaded Ukraine and shows links to various Russian-based groups.