Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Cybersecurity Today is brought to you by
0:02
the generous support of our sponsor, Boseron
0:04
Security. You. You Can get their Twenty
0:07
Twenty Four State of Cyber Security Awareness
0:09
report at both are on security.com and
0:11
is a link you can follow in
0:13
the show. Notes: More.
0:17
Suspicious attempts to take over
0:20
open source projects, A data
0:22
theft at Cisco Duo partner
0:24
and more wagon the cyber
0:27
security today and Wednesday April
0:29
seventeenth, Twenty twenty Four I'm
0:31
Howard Solomon. A
0:37
suspected China-based threat actor
0:39
hid in an organization's
0:41
on-premise IT network for
0:43
about three years, in
0:45
part by exploiting unpatched
0:47
network appliances. That's
0:50
according to researchers at Signia who were
0:52
called in to investigate the attack. They
0:55
nicknamed the attacking group Velvet
0:57
Ant. Its goal
0:59
was espionage. One
1:01
tactic was compromising two legacy
1:03
F5 Big IP firewalls
1:06
running an outdated version of the
1:08
operating system that were exposed to
1:10
the internet. The attacker
1:13
used it for internal command
1:15
and control. In fact,
1:17
a gang exploited several entry points
1:19
to get into the IT network
1:22
and maintain persistence. This
1:25
attacker was so adept that as
1:27
soon as one foothold was discovered
1:29
by defenders, the gang quickly shifted
1:32
to another foothold. One
1:34
of the organization's weaknesses, some
1:37
of the IT systems weren't
1:39
monitored. For example,
1:41
some Windows servers weren't connected
1:43
to the organization's endpoint detection
1:45
and response software. Now,
1:48
what I've given here is a short version of
1:50
the report, but it shows
1:52
the importance of establishing a
1:55
resilient defense against sophisticated attackers.
1:58
That means having continuous network
2:00
and device monitoring, periodic
2:03
and systemic threat hunting,
2:06
stringent traffic controls, and system
2:08
hardening. And in
2:10
particular, perimeter firewalls should be
2:13
configured to allow only necessary
2:15
outbound connections. And that
2:17
means internet facing devices such
2:20
as load balancers should be
2:22
behind firewalls. Broadcom
2:25
has released security updates
2:27
to VMware vCenter Server
2:30
to close three vulnerabilities. Two
2:33
of the holes have been rated
2:35
as critical, so administrators should install
2:37
the patches fast. Products
2:40
affected have vCenter Server,
2:42
which means vSphere and
2:44
Cloud Foundation. A
2:47
health board in southwestern Scotland is
2:49
notifying everyone in the region this
2:52
week to assume their personal information
2:54
that it held will likely be
2:56
published by a ransomware gang. In
2:59
the letter to tens of thousands of residents,
3:02
the CEO of the Dumfries
3:04
and Galloway Health District, say
3:06
the data published May 6th,
3:08
included x-rays, test results, and
3:10
letters between healthcare professionals. Still
3:15
in the United Kingdom, cybersecurity
3:17
researcher Jeremiah Fowler has discovered
3:20
another company whose employees created
3:22
an unprotected database open to
3:24
the internet with personal information
3:27
that anyone could have copied.
3:30
The company is Total Fitness, a
3:33
chain of health clubs across northern England
3:35
and Wales. The database
3:37
is largely of faces of
3:40
club members, apparently for identification.
3:43
However, Fowler says it also
3:45
includes images of passports, credit
3:47
cards, and utility bills. The
3:50
risk is the identity of a person can
3:53
be determined through AI and
3:55
facial images search across the internet.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More