Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
From the CISO series, it's
0:02
Cybersecurity Headlines. These
0:07
are the Cybersecurity Headlines for Monday,
0:09
June 24, 2024. I'm
0:13
Steve Prentice. CDK
0:16
Global Outage Caused by Black
0:19
Suit Ransomware Attack In
0:21
an update to one of last week's
0:24
biggest stories, a bleeping computer has learned
0:26
that the operation behind CDK Global's massive
0:28
IT outage and disruption to car dealerships
0:30
across North America is Black Suit, an
0:32
operation launched in May 2023 and which
0:35
is believed to
0:37
be a rebrand of the Royal
0:39
Ransomware operation and therefore the direct
0:42
successor of the Conti Cybercrime Syndicate.
0:45
CDK is believed to be negotiating with the
0:47
gang to receive a decryptor and for the
0:49
gang to not leak the stolen data. Car
0:52
and truck dealerships and individual customers are
0:54
being forced into pen and paper transactions
0:56
if they are able to do anything
0:59
at all, and to make matters worse,
1:01
CDK is also warning that threat actors
1:03
are contacting dealerships posing as CDK agents
1:06
or affiliates in order to gain access
1:08
to their systems. BUG
1:11
Allows Microsoft Corporate Email Account
1:13
Spoofing A security
1:16
researcher by the name of Vesfelad
1:18
Kokorin claimed on X under the
1:20
handle at Slonser that
1:24
he has discovered a bug that
1:26
quote, allows anyone to impersonate Microsoft
1:28
corporate email accounts, end quote. This
1:31
of course comes in very handy for deploying
1:33
phishing attacks. He says that he had reported
1:35
the bug to Microsoft but that the company
1:37
replied that it could not reproduce his findings.
1:40
He explained that quote, the vulnerability works
1:42
when an attacker sends an email to
1:44
Outlook accounts, end quote. At
1:47
this time this vulnerability appears to
1:49
remain unaddressed. nuclear
2:00
site that is SELLA-FIELD
2:03
in Northern England has
2:05
pleaded guilty to three
2:07
criminal charges over cybersecurity
2:09
failings. Sellafield is no
2:11
longer a functioning nuclear plant but
2:13
currently houses more plutonium than any
2:16
other location on earth and also
2:18
has a number of facilities for
2:20
nuclear decommissioning and waste processing and
2:22
storage. As such it is
2:24
considered one of the most complex and
2:26
hazardous nuclear sites in the world. The
2:30
criminal charges focus on failures to comply
2:32
with approved security plans between 2019 and
2:34
early 2023. In admitting these failures, SELLA-FIELD
2:39
management is also denying stories placed
2:42
in the Guardian news outlet that
2:44
the facility might also have been
2:46
compromised by hacking groups linked to
2:48
both China and Russia. The
3:18
Ohio-based company, one of the
3:20
largest manufacturers of forklifts in the world and
3:22
a major player in the defense industry, in
3:24
a statement made on Wednesday attributed this
3:26
attack to quote,
3:44
an international cyber criminal organization
3:46
end quote. The
3:48
attack started on June 8th as a
3:50
ransomware operation and has brought operations to
3:52
a halt. According to
3:55
the record hourly workers have lost out
3:57
on pay due to the shutdown with
3:59
some reported reporting that they have been told
4:01
to file for unemployment insurance while the company
4:03
tries to restore its operations. An
4:06
email sent to employees, a copy
4:08
of which was obtained by Bleeping
4:10
Computer, claimed the attack originated from
4:12
an employee that, quote, failed to
4:14
adhere to our data security policies
4:17
by allowing unauthorized access to their
4:19
device. End quote. US
4:22
government bans Kaspersky and sanctions
4:25
twelve of its executives. These
4:28
sanctions were issued by the Treasury Department's
4:30
Office of Foreign Assets Control, OFAC,
4:33
and involve twelve senior executives
4:35
of the company. This
4:37
means that the OFAC has frozen
4:39
all property and interests in property
4:42
of the designated individuals and of
4:44
entities under US jurisdiction. These
4:46
actions come on the heels of
4:48
an announcement made by the Biden administration
4:51
on June 20th regarding a ban on
4:53
selling Kaspersky antivirus software due to it
4:55
being a Russian organization. The
4:58
ban itself starts on July 20th and
5:00
software updates to its US customers will
5:02
be prohibited as of September 29th. In
5:06
a briefing call with the media
5:08
held on Thursday of last week,
5:10
Commerce Secretary Gina Raimondo said, quote,
5:12
Russia linked actors can abuse the
5:14
software's privileged access to a computer's
5:16
systems to steal sensitive information from
5:18
American computers or to spread malware.
5:20
End quote. She added
5:22
that now would be a good time
5:25
for companies to find an alternative to
5:27
Kaspersky for their security needs, but that,
5:29
quote, US individuals and businesses that continue
5:31
to use or have existing Kaspersky products
5:33
and services are not in violation of
5:36
the law. End quote. Patch
5:39
alert. Solar winds serve
5:41
you a vulnerability under active attack.
5:45
A high severity flaw impacting
5:47
solar winds serve you file
5:49
transfer software that is S-E-R-V
5:52
and letter U file transfer software
5:54
is being actively exploited by malicious
5:56
actors in the wild. that
6:00
has a CVSS score of 8.6 affects
6:03
a directory transversal bug that could
6:05
allow attackers to read sensitive files
6:07
on the host machine. It
6:09
was patched earlier this month as serveu15.4.2.
6:15
Cybersecurity firm Rapid7 describes the vulnerability
6:18
as, quote, trivial to exploit, end
6:20
quote. It allows access to
6:22
any arbitrary file on disk, assuming the
6:24
path is known and that it is
6:26
not locked. Upgraded
6:30
Ghost Rat appears to be active. Researchers
6:33
at Cisco Talos are warning of
6:35
a customized version of the remote
6:37
access Trojan malware known as Ghost
6:39
Rat, that is GH0ST. They
6:43
have dubbed the upgraded version Sugar
6:45
Ghost, also GH0ST, and they say
6:47
it is delivered through scanned documents
6:50
that appear normal but are infected
6:52
with the malicious code. They
6:55
have also named the rat's operators Sneaky
6:57
Chef, and they say it has been
6:59
observed in the ministries of foreign affairs
7:01
and embassies in at least nine countries
7:03
across Africa, the Middle East, Europe, and
7:05
Asia. The scanned
7:07
documents currently take the form of
7:10
government-themed decoy documents as well as
7:12
malicious application forms to register for
7:14
a conference and research paper abstracts.
7:17
They believe this to be a
7:19
Chinese state-backed operation. Just
7:23
a reminder, we have no Super Cyber Friday
7:25
event coming up this week, but it is
7:28
never too early to register for our next
7:30
one on July 12th, all about hacking the
7:32
materiality of a data breach. With
7:35
the new SEC reporting requirements, it's a topic
7:37
that is on everyone's mind. So
7:39
be sure to head on over to cisoseries.com
7:42
and click on our events page to register.
7:45
And we still have our Week in Review show coming up
7:47
this Friday at 3.30pm Eastern. Be
7:49
sure you are subscribed to the CISO Series
7:51
YouTube channel to catch it every week and
7:53
to add your comments to the show. I'm
7:57
Steve Prentice, reporting for the CISO
7:59
Series. Cybersecurity
8:03
headlines are available every weekday.
8:05
Head to cisoseries.com for the
8:07
full stories behind the headlines.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More