0:00

From the CISO series, it's

0:02

Cybersecurity Headlines. These

0:07

are the Cybersecurity Headlines for Friday, June

0:09

28, 2024. I'm

0:13

Steve Prentiss. Gas

0:16

chromatograph vulnerabilities reveal medical

0:19

IoT challenges. The

0:21

research firm Clarity, C-L-A-R-O-T-Y,

0:24

has revealed four vulnerabilities

0:27

within the model Roseman

0:29

370XA gas chromatograph manufactured

0:32

by Emerson. This

0:34

is a device used by hospitals for

0:36

blood testing and by environmental facilities to

0:38

measure air pollution. These

0:40

devices are also connected to internal

0:43

networks and they are quote controlled

0:45

remotely by technicians over a communication

0:47

channel that leverages a proprietary protocol

0:49

end quote. This altogether points

0:51

to a weakness that could be exploited

0:53

by threat actors as another method for

0:56

attacking hospitals and other infrastructure facilities. For

0:59

context in this case, CISA and

1:01

Emerson both published advisories regarding these

1:03

vulnerabilities in January and a patch

1:05

was made available. We

1:09

never authorized polyfill.io to use

1:11

our name, says CloudFlare. Following

1:14

up on the polyfill.io story we

1:16

covered in yesterday's newscast, CDN provider

1:18

CloudFlare has stated that it had

1:21

not authorized the use of its

1:23

name or logo on the polyfill.io

1:25

website and is criticizing this action

1:27

as misleading to customers. Adding on

1:29

their blog quote, this is yet

1:31

another warning sign that polyfill.io cannot

1:34

be trusted end quote. As

1:36

of this recording, CloudFlare continues to

1:39

automatically replace polyfill.io links with a

1:41

safe mirror on websites that use

1:43

CloudFlare protection including free plans and

1:46

polyfill.io is no longer online.

1:50

Evolve Bank confirms data breach

1:53

undermining Lockpit's Federal Reserve claim.

1:57

Arkansas-based Evolve Bank and Trust confirms data

1:59

breach. confirmed this week the theft of customer

2:01

information, which has now been posted on the dark

2:03

web. Bank representatives

2:06

say the information involved PII,

2:08

including social security numbers, but

2:10

not financial or banking information.

2:13

This appears to be a job pulled

2:15

off by hackers affiliated with Lockbit, which

2:17

itself had claimed to have breached the

2:19

US Federal Reserve this week. The

2:22

first batch of documents that it leaked

2:24

reportedly actually belonged to Evolve Bank and

2:26

Trust. Among them was

2:28

a press release about the Federal

2:30

Reserve enforcement action against Evolve Bank

2:33

regarding deficiencies in anti-money laundering controls

2:35

and risk management practices. And

2:40

now a word from our sponsor, Prelude. When

2:44

executives ask the question, are we vulnerable to

2:46

this threat, how long does it take you

2:48

to get a confident answer? Prelude

2:51

automatically transforms threat intelligence into validated

2:53

detections so you can know with

2:56

certainty in just a matter of

2:58

minutes. Visit preludesecurity.com/threats

3:00

to upload your own

3:03

threat intelligence and see

3:05

for yourself. Once

3:08

again that

3:10

is PreludeSecurity,

3:12

P-R-E-L-U-D-E, security.com/threats.

3:17

DHS aims to streamline clearance

3:19

approvals to increase headcount. As

3:23

lawmakers at a House hearing pointed

3:25

at the federal government's quote, cumbersome

3:27

hiring process that has undermined its

3:29

ability to recruit cyber talent, end

3:31

quote, Department of Homeland Security CIO

3:34

Eric Heisen reported that the department

3:36

uses quote, a multi-pronged approach including

3:38

through its cybersecurity talent management system

3:40

and by assessing clearance protocols, but

3:42

that it is looking to reduce

3:45

requirements and expand the use of

3:47

interim clearances at both the secret

3:49

and top secret level, end quote.

3:52

This solution is just one of many proposed

3:54

to assist with the estimated 500,000 vacant cyber

3:58

related jobs.