Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
From the CISO series, it's
0:02
cybersecurity headlines. These
0:07
are the cybersecurity headlines for Monday, June
0:09
10, 2024. I'm
0:13
Steve Prentice. Microsoft
0:15
Resets Recall Plans Following
0:19
up on a story that dogged
0:21
the industry last week, Microsoft announced
0:23
on Friday that its new feature,
0:25
Recall, will not be released as
0:27
active by default, but will instead
0:29
be an opt-in feature. Recall,
0:31
which had been designed as a
0:34
visual timeline, capturing screenshots of users'
0:36
screens every five seconds, to be
0:38
analyzed and parsed later, was immediately
0:40
decried by security experts for its
0:42
potential as a gaping security lapse,
0:45
with Wired's Andy Greenberg going so
0:47
far as to call it unrequested
0:50
pre-installed spyware. Microsoft
0:53
has responded by pointing out Recall's security
0:56
features and how a user remains in
0:58
total control of its functionality. Researcher
1:00
Kevin Beaumont, whose warnings were instrumental in
1:02
getting Microsoft to change course on the
1:05
product, did add later, there
1:07
are obviously going to be devils in the
1:09
details, but there's some good elements here. Microsoft
1:12
needs to commit to not trying to sneak
1:14
users to enable it in the future. LastPass
1:19
says 12-hour outage caused
1:21
by bad Chrome extension
1:23
update. According to
1:26
representatives from the company, an outage that
1:28
occurred on Thursday was a result of,
1:30
quote, a bad update to its Google
1:32
Chrome extension, end quote, which put too
1:35
much stress on its servers. This
1:37
left users with a 404 not found
1:39
message when attempting to access their
1:42
LastPass accounts, even in offline mode.
1:45
The problems for users started after
1:47
LastPass launched an update on June
1:49
6. Lawrence Abrams
1:51
writing in a bleeping computer suggests
1:53
that, quote, the extension was creating
1:55
too many requests, essentially D-dossing the
1:58
platform, end quote. New
2:01
York Times source code stolen
2:04
using exposed GitHub token Basically,
2:08
all source code belonging to the New York
2:10
Times company, 270 GB. That
2:14
was the ad headline placed on a
2:16
4chan forum post referring to data stolen
2:18
from the company's GitHub repositories in January
2:21
of this year. This
2:23
stolen data included quote IT
2:25
documentation, infrastructure tools and source
2:27
code allegedly including the viral
2:29
wordle game end quote. The
2:33
Times itself in a statement described
2:35
this event as when a credential
2:37
to a cloud-based third-party code platform
2:40
was inadvertently made available end
2:42
quote. And
2:45
now a word from our sponsor, Vanta.
2:49
Whether you're starting or scaling your security
2:51
program, Vanta helps you automate compliance across
2:54
frameworks like SOC 2, ISO 27001 and
2:56
more. With
2:59
Vanta you can streamline security reviews
3:01
by automating questionnaires and demonstrating your
3:04
security posture with a customer facing
3:06
trust center. Over 7,000
3:09
global companies like Atlassian, Flow
3:11
Health and Quora use Vanta
3:13
to manage risk and prove
3:15
security. Our listeners get
3:17
$1,000 off at vanta.com/headlines. That's
3:23
vanta.com/headlines.
3:28
Angry Club Penguin hackers allegedly
3:30
steal Disney data. 4chan
3:33
was not only the site of
3:35
the New York Times data breach,
3:37
it also hosted a link to
3:39
internal Club Penguin PDFs, a breached
3:41
file that not only contained old
3:43
information about Club Penguin, the popular
3:45
multiplayer online game that was shuttered
3:48
in 2017, but also contained
3:51
information from as recently as
3:53
this month about Disney Plus.
3:56
Corporate strategies, advertising plans, links
3:58
to Disney's internal websites and
4:00
its internal developer tools Helios
4:02
and Communicore, all allegedly stored
4:05
on Disney's Confluence server. iCare
4:09
management services company Panorama announces
4:11
breach. Colorado-based
4:14
Panorama iCare owns or provides
4:16
services to dozens of optometry
4:18
or ophthalmology offices in the
4:20
Rocky Mountain region. Its
4:22
systems manage IT departments, HR,
4:24
payroll, marketing and capital improvements
4:26
for equipment and facilities. In
4:29
a report submitted to regulators in Maine
4:31
and Massachusetts, it disclosed that a cyber
4:33
attack happened in June 2023, resulting in
4:37
the theft of PII and some financial
4:39
and medical information of almost 378,000 current
4:41
and former patients
4:45
and employees. The
4:47
company did not mention whether the event
4:49
was a ransomware attack, however last July
4:51
the now defunct Lockbit gang claimed credit
4:54
for the attack. Expert
4:57
warns of Akira as the next
4:59
big thing in ransomware. The
5:02
director of cyber threat intelligence at
5:04
Tidal Cyber, Scott Small, has stated
5:06
in an interview that although Akira's
5:09
activity is currently low-key, its crew
5:11
are quote very much a skilled
5:13
group end quote. The
5:16
organization, spelt A-K-I-R-A, uses tools that
5:18
are less commonly deployed by other
5:20
groups such as using FTP to
5:23
exfiltrate files and they also like
5:25
to pursue smaller organizations with the
5:27
goal of using them to access
5:30
larger targets. Small
5:32
warns quote the gang's intent and
5:34
capability should get the attention of
5:36
CSOs end quote. PHP
5:39
vulnerability a threat to Windows
5:42
servers. According
5:44
to security researcher Orange Tsai
5:46
at Taiwan-based Dev Corps, this
5:48
new critical security flaw impacting
5:50
PHP could be exploited to
5:52
achieve remote code execution under
5:54
certain circumstances. The
5:57
vulnerability which has a CVE number is
5:59
being described described as, quote, a
6:01
CGI argument injection vulnerability affecting all
6:03
versions of PHP installed on the
6:06
Windows operating system, end quote. Although
6:09
a fix has been made available, DevCore
6:11
warns that all XAMPP installations on Windows
6:16
are vulnerable by default when configured
6:18
to use the locales for traditional
6:20
Chinese, simplified Chinese or
6:23
Japanese. The company
6:25
also recommends that administrators move
6:27
away from the outdated PHP
6:29
CGI altogether and opt for
6:31
a more secure solution such
6:33
as MOD PHP, FAST CGI
6:35
or PHP FPM. This
6:37
story, by the way, is not the same
6:40
one as the Think PMP vulnerability that we
6:42
reported on on Friday. Managing
6:45
risk is one of the primary tools
6:47
of cybersecurity. So that's why
6:49
improving how we talk about risk is
6:52
so imperative. That's why
6:54
we are devoting this week's Super
6:56
Cyber Friday to hacking the conversation
6:58
about risk. A cybersecurity
7:00
pro that can elevate risk conversation with
7:02
the business stands a much better chance
7:05
of improving their security posture. We
7:07
just posted a preview video of this conversation
7:09
over at cisoseries.com. Check it out and then
7:12
be sure to head on over to our
7:14
events page to register to join us for
7:16
the live stream at 1 p.m. eastern, 10
7:18
a.m. Pacific on Friday. We always
7:20
answer tons of questions from our audience
7:23
and play fun games with prizes. So
7:25
be sure to join us this Friday.
7:28
I'm Steve Prentice reporting for
7:31
the CISOseries.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More