Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:00
Cybersecurity Today is brought to you
0:02
by the generous support of our
0:04
sponsor, Beauceron Security. You can
0:06
get their 2024 State of Cybersecurity
0:08
Awareness Report at beauceronsecurity.com, and there's
0:10
a link you can follow in
0:12
the show notes. Hundreds
0:17
of thousands of routers are wiped,
0:20
warnings to Okta and Snowflake
0:22
administrators, and more. Welcome
0:25
to Cybersecurity Today. It's Friday, May
0:27
31st, 2024. I'm
0:30
Howard Solomon, contributing reporter
0:33
on cybersecurity for
0:35
technewsday.com. Over
0:39
600,000 small office and
0:41
home routers used by customers
0:43
of an unnamed internet service
0:45
provider were wiped last
0:48
October by an unknown threat actor.
0:50
That's according to researchers at
0:53
Lumen Technologies. They
0:55
said Thursday that 49% of
0:57
the ISP's modems were hit
0:59
by a commodity remote access
1:02
trojan dubbed Chalubo,
1:05
which likely implanted a fatal firmware update
1:07
to the modems. So
1:09
fatal, they all had to be replaced. Lumen
1:12
believes the modems affected
1:14
were particular models from
1:16
ActionTech and Sagemcom.
1:19
The report doesn't say how the attacker
1:21
was able to plant the update. This
1:25
particular ISP served rural and
1:27
underserved communities in an unnamed
1:29
country. However, several
1:31
news agencies said the ISP was
1:34
in the United States. Experts
1:37
are puzzled why one ISP would
1:39
be targeted. Roger
1:41
Grimes at KnowBefore wonders
1:44
if the attacker tried to extort
1:46
the internet provider. Lumen
1:48
warns ISPs that manage customers'
1:51
routers to make sure the
1:53
devices don't have common default
1:55
passwords and that the
1:57
providers' device management interfaces aren't
2:00
open to the internet. As
2:03
for users, they should regularly reboot
2:05
their routers to Flush malware, and
2:08
they should also install the latest
2:10
security updates. Identity
2:13
and Access Management Provider, Okta,
2:16
has warned customers of another credential
2:18
stuffing attack. Vulnerable
2:21
are implementations that have
2:23
the cross-origin authentication feature
2:25
enabled in Okta
2:28
Customer Identity Cloud. Attacks
2:30
started as far back as April 15th.
2:34
IT departments are urged to look
2:36
for suspicious activity in logs from
2:38
that date forward. Suspicious
2:41
signs include failed
2:43
cross-origin authentication and
2:46
an alert that someone attempted to log in with
2:48
a leaked password. A
2:51
threat actor is using stolen
2:53
credentials to break into organizations
2:55
using the Snowflake Cloud database.
2:59
The warning comes from researchers at
3:01
Mitiga. The threat
3:03
actor, dubbed UNC5537
3:06
by some researchers, has
3:09
mainly exploited environments that
3:11
haven't implemented two-factor authentication
3:13
as an extra login
3:15
step. The attacker
3:18
steals data, then tries
3:20
to extort organizations to pay up, or
3:23
the information will be put up for sale
3:25
on hacker forums. Administrators
3:27
are urged to check logs
3:29
for suspicious activity. Over
3:33
100 servers distributing malware
3:35
in 10 countries, including
3:37
the US, Canada and
3:39
Europe, have been taken down and
3:41
four people were arrested this week
3:43
in an operation coordinated by the
3:45
Europol Police Cooperative. The
3:48
IT infrastructures were distributing
3:50
well-known malware droppers, such
3:52
as Trickbot, Iced ID,
3:55
System BC, as well as
3:57
Ransomware. closing
4:00
the servers, over 2000 criminal
4:03
domains are now under the control of
4:05
law enforcement. It's alleged
4:07
that one suspect earned at least 69 million
4:10
euros in cryptocurrency by renting
4:13
out the IT infrastructure to
4:15
deploy ransomware. The
4:18
US now says it seized
4:21
the IT infrastructure running the
4:23
911 S5 botnet in addition
4:25
to arresting two people allegedly
4:27
behind it. You may
4:29
recall that on Wednesday I reported on the
4:32
arrests. This botnet
4:34
of millions of hacked home computers
4:36
helped crooks hide their tracks. The
4:39
botnet was controlled through 150 servers around the world
4:41
including 76 leased from US
4:45
based online service providers.
4:50
The dark website known as Breach
4:52
Forums is back after being seized
4:54
by the FBI earlier this month.
4:56
Well, maybe it's back. Researchers
4:59
at Malwarebytes say at least one
5:01
Breach Forums domain is now live.
5:05
It's selling data of 560
5:07
million people allegedly copied from
5:10
Ticketmaster. The price? Half
5:13
a million dollars. This
5:15
wouldn't be the first time a
5:17
seized criminal operation has resurfaced. But
5:20
is it real? Or a trap set
5:22
by law enforcement? The
5:26
consumer spyware app called
5:28
PCTattletail has closed after
5:30
a hacker published links to a
5:32
large amount of customer data from
5:34
the company's servers. According
5:37
to TechCrunch, the company's
5:39
founder said he deleted all of its
5:41
data because the data breach could have
5:44
exposed information of customers from screenshots taken
5:46
by the app. And
5:49
finally, an American debt collection
5:52
company called Financial Business and
5:54
Consumer Solutions has updated
5:56
the number of victims from a
5:58
February data breach. It.
6:01
Now says data on three point
6:03
two million people were stolen. The.
6:05
Original estimate was just over one
6:07
point. nine million victims. As
6:11
that's it for now, the
6:13
later Today the week Review
6:15
podcast will be out. Guess
6:17
commentator Carry Cutler of Scientology
6:19
Labs will discuss Microsofts controversy
6:21
over new tool and weather
6:23
is helpful or a privacy
6:25
risk. The lessons learned
6:27
from the hack of the Mitre Organization
6:29
and how to implement a zero trust
6:32
model. Links. To details
6:34
about news mentioned in this podcast
6:36
episode or in the text version
6:38
at Tech News day.com. Follow
6:41
Cyber Security today on Apple
6:43
podcasts, Spotter Fi or at
6:45
Us to your flash briefing
6:47
on your smart speaker. Thanks
6:51
for listening on Howard Solomon.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More