Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
From the CISO series, it's
0:02
Cybersecurity Headlines. These
0:07
are the Cybersecurity Headlines for Friday, June
0:09
28, 2024. I'm
0:13
Steve Prentiss. Gas
0:16
chromatograph vulnerabilities reveal medical
0:19
IoT challenges. The
0:21
research firm Clarity, C-L-A-R-O-T-Y,
0:24
has revealed four vulnerabilities
0:27
within the model Roseman
0:29
370XA gas chromatograph manufactured
0:32
by Emerson. This
0:34
is a device used by hospitals for
0:36
blood testing and by environmental facilities to
0:38
measure air pollution. These
0:40
devices are also connected to internal
0:43
networks and they are quote controlled
0:45
remotely by technicians over a communication
0:47
channel that leverages a proprietary protocol
0:49
end quote. This altogether points
0:51
to a weakness that could be exploited
0:53
by threat actors as another method for
0:56
attacking hospitals and other infrastructure facilities. For
0:59
context in this case, CISA and
1:01
Emerson both published advisories regarding these
1:03
vulnerabilities in January and a patch
1:05
was made available. We
1:09
never authorized polyfill.io to use
1:11
our name, says CloudFlare. Following
1:14
up on the polyfill.io story we
1:16
covered in yesterday's newscast, CDN provider
1:18
CloudFlare has stated that it had
1:21
not authorized the use of its
1:23
name or logo on the polyfill.io
1:25
website and is criticizing this action
1:27
as misleading to customers. Adding on
1:29
their blog quote, this is yet
1:31
another warning sign that polyfill.io cannot
1:34
be trusted end quote. As
1:36
of this recording, CloudFlare continues to
1:39
automatically replace polyfill.io links with a
1:41
safe mirror on websites that use
1:43
CloudFlare protection including free plans and
1:46
polyfill.io is no longer online.
1:50
Evolve Bank confirms data breach
1:53
undermining Lockpit's Federal Reserve claim.
1:57
Arkansas-based Evolve Bank and Trust confirms data
1:59
breach. confirmed this week the theft of customer
2:01
information, which has now been posted on the dark
2:03
web. Bank representatives
2:06
say the information involved PII,
2:08
including social security numbers, but
2:10
not financial or banking information.
2:13
This appears to be a job pulled
2:15
off by hackers affiliated with Lockbit, which
2:17
itself had claimed to have breached the
2:19
US Federal Reserve this week. The
2:22
first batch of documents that it leaked
2:24
reportedly actually belonged to Evolve Bank and
2:26
Trust. Among them was
2:28
a press release about the Federal
2:30
Reserve enforcement action against Evolve Bank
2:33
regarding deficiencies in anti-money laundering controls
2:35
and risk management practices. And
2:40
now a word from our sponsor, Prelude. When
2:44
executives ask the question, are we vulnerable to
2:46
this threat, how long does it take you
2:48
to get a confident answer? Prelude
2:51
automatically transforms threat intelligence into validated
2:53
detections so you can know with
2:56
certainty in just a matter of
2:58
minutes. Visit preludesecurity.com/threats
3:00
to upload your own
3:03
threat intelligence and see
3:05
for yourself. Once
3:08
again that
3:10
is PreludeSecurity,
3:12
P-R-E-L-U-D-E, security.com/threats.
3:17
DHS aims to streamline clearance
3:19
approvals to increase headcount. As
3:23
lawmakers at a House hearing pointed
3:25
at the federal government's quote, cumbersome
3:27
hiring process that has undermined its
3:29
ability to recruit cyber talent, end
3:31
quote, Department of Homeland Security CIO
3:34
Eric Heisen reported that the department
3:36
uses quote, a multi-pronged approach including
3:38
through its cybersecurity talent management system
3:40
and by assessing clearance protocols, but
3:42
that it is looking to reduce
3:45
requirements and expand the use of
3:47
interim clearances at both the secret
3:49
and top secret level, end quote.
3:52
This solution is just one of many proposed
3:54
to assist with the estimated 500,000 vacant cyber
3:58
related jobs.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More