0:00

From the CISO series, it's

0:02

cybersecurity headlines. These

0:07

are the cybersecurity headlines for Monday, June

0:09

10, 2024. I'm

0:13

Steve Prentice. Microsoft

0:15

Resets Recall Plans Following

0:19

up on a story that dogged

0:21

the industry last week, Microsoft announced

0:23

on Friday that its new feature,

0:25

Recall, will not be released as

0:27

active by default, but will instead

0:29

be an opt-in feature. Recall,

0:31

which had been designed as a

0:34

visual timeline, capturing screenshots of users'

0:36

screens every five seconds, to be

0:38

analyzed and parsed later, was immediately

0:40

decried by security experts for its

0:42

potential as a gaping security lapse,

0:45

with Wired's Andy Greenberg going so

0:47

far as to call it unrequested

0:50

pre-installed spyware. Microsoft

0:53

has responded by pointing out Recall's security

0:56

features and how a user remains in

0:58

total control of its functionality. Researcher

1:00

Kevin Beaumont, whose warnings were instrumental in

1:02

getting Microsoft to change course on the

1:05

product, did add later, there

1:07

are obviously going to be devils in the

1:09

details, but there's some good elements here. Microsoft

1:12

needs to commit to not trying to sneak

1:14

users to enable it in the future. LastPass

1:19

says 12-hour outage caused

1:21

by bad Chrome extension

1:23

update. According to

1:26

representatives from the company, an outage that

1:28

occurred on Thursday was a result of,

1:30

quote, a bad update to its Google

1:32

Chrome extension, end quote, which put too

1:35

much stress on its servers. This

1:37

left users with a 404 not found

1:39

message when attempting to access their

1:42

LastPass accounts, even in offline mode.

1:45

The problems for users started after

1:47

LastPass launched an update on June

1:49

6. Lawrence Abrams

1:51

writing in a bleeping computer suggests

1:53

that, quote, the extension was creating

1:55

too many requests, essentially D-dossing the

1:58

platform, end quote. New

2:01

York Times source code stolen

2:04

using exposed GitHub token Basically,

2:08

all source code belonging to the New York

2:10

Times company, 270 GB. That

2:14

was the ad headline placed on a

2:16

4chan forum post referring to data stolen

2:18

from the company's GitHub repositories in January

2:21

of this year. This

2:23

stolen data included quote IT

2:25

documentation, infrastructure tools and source

2:27

code allegedly including the viral

2:29

wordle game end quote. The

2:33

Times itself in a statement described

2:35

this event as when a credential

2:37

to a cloud-based third-party code platform

2:40

was inadvertently made available end

2:42

quote. And

2:45

now a word from our sponsor, Vanta.

2:49

Whether you're starting or scaling your security

2:51

program, Vanta helps you automate compliance across

2:54

frameworks like SOC 2, ISO 27001 and

2:56

more. With

2:59

Vanta you can streamline security reviews

3:01

by automating questionnaires and demonstrating your

3:04

security posture with a customer facing

3:06

trust center. Over 7,000

3:09

global companies like Atlassian, Flow

3:11

Health and Quora use Vanta

3:13

to manage risk and prove

3:15

security. Our listeners get

3:17

$1,000 off at vanta.com/headlines. That's

3:23

vanta.com/headlines.

3:28

Angry Club Penguin hackers allegedly

3:30

steal Disney data. 4chan

3:33

was not only the site of

3:35

the New York Times data breach,

3:37

it also hosted a link to

3:39

internal Club Penguin PDFs, a breached

3:41

file that not only contained old

3:43

information about Club Penguin, the popular

3:45

multiplayer online game that was shuttered

3:48

in 2017, but also contained

3:51

information from as recently as

3:53

this month about Disney Plus.

3:56

Corporate strategies, advertising plans, links

3:58

to Disney's internal websites and

4:00

its internal developer tools Helios

4:02

and Communicore, all allegedly stored

4:05

on Disney's Confluence server. iCare

4:09

management services company Panorama announces

4:11

breach. Colorado-based

4:14

Panorama iCare owns or provides

4:16

services to dozens of optometry

4:18

or ophthalmology offices in the

4:20

Rocky Mountain region. Its

4:22

systems manage IT departments, HR,

4:24

payroll, marketing and capital improvements

4:26

for equipment and facilities. In

4:29

a report submitted to regulators in Maine

4:31

and Massachusetts, it disclosed that a cyber

4:33

attack happened in June 2023, resulting in

4:37

the theft of PII and some financial

4:39

and medical information of almost 378,000 current

4:41

and former patients

4:45

and employees. The

4:47

company did not mention whether the event

4:49

was a ransomware attack, however last July

4:51

the now defunct Lockbit gang claimed credit

4:54

for the attack. Expert

4:57

warns of Akira as the next

4:59

big thing in ransomware. The

5:02

director of cyber threat intelligence at

5:04

Tidal Cyber, Scott Small, has stated

5:06

in an interview that although Akira's

5:09

activity is currently low-key, its crew

5:11

are quote very much a skilled

5:13

group end quote. The

5:16

organization, spelt A-K-I-R-A, uses tools that

5:18

are less commonly deployed by other

5:20

groups such as using FTP to

5:23

exfiltrate files and they also like

5:25

to pursue smaller organizations with the

5:27

goal of using them to access

5:30

larger targets. Small

5:32

warns quote the gang's intent and

5:34

capability should get the attention of

5:36

CSOs end quote. PHP

5:39

vulnerability a threat to Windows

5:42

servers. According

5:44

to security researcher Orange Tsai

5:46

at Taiwan-based Dev Corps, this

5:48

new critical security flaw impacting

5:50

PHP could be exploited to

5:52

achieve remote code execution under

5:54

certain circumstances. The

5:57

vulnerability which has a CVE number is

5:59

being described described as, quote, a

6:01

CGI argument injection vulnerability affecting all

6:03

versions of PHP installed on the

6:06

Windows operating system, end quote. Although

6:09

a fix has been made available, DevCore

6:11

warns that all XAMPP installations on Windows

6:16

are vulnerable by default when configured

6:18

to use the locales for traditional

6:20

Chinese, simplified Chinese or

6:23

Japanese. The company

6:25

also recommends that administrators move

6:27

away from the outdated PHP

6:29

CGI altogether and opt for

6:31

a more secure solution such

6:33

as MOD PHP, FAST CGI

6:35

or PHP FPM. This

6:37

story, by the way, is not the same

6:40

one as the Think PMP vulnerability that we

6:42

reported on on Friday. Managing

6:45

risk is one of the primary tools

6:47

of cybersecurity. So that's why

6:49

improving how we talk about risk is

6:52

so imperative. That's why

6:54

we are devoting this week's Super

6:56

Cyber Friday to hacking the conversation

6:58

about risk. A cybersecurity

7:00

pro that can elevate risk conversation with

7:02

the business stands a much better chance

7:05

of improving their security posture. We

7:07

just posted a preview video of this conversation

7:09

over at cisoseries.com. Check it out and then

7:12

be sure to head on over to our

7:14

events page to register to join us for

7:16

the live stream at 1 p.m. eastern, 10

7:18

a.m. Pacific on Friday. We always

7:20

answer tons of questions from our audience

7:23

and play fun games with prizes. So

7:25

be sure to join us this Friday.

7:28

I'm Steve Prentice reporting for

7:31

the CISOseries.