CyberWire Daily - ‘Bitcoin Jesus’ and Sheboygan face problems.
Episode Date: November 13, 2024Federal agencies and Five Eyes partners list the past year’s most exploited vulnerabilities. U.S. authorities hand down indictments in the Snowflake customer breach. Patch Tuesday updates. Zoom disc...loses multiple vulnerabilities. A China-linked hacker group has compromised Tibetan media and university websites. A cyberattack on a Dutch company affects over 2,000 U.S. grocery stores. Sheboygan suffers a ransomware attack. The White House plans to support a controversial UN cybercrime treaty. On today’s CertByte segment, N2K’s Chris Hare is joined by Dan Neville to break down a question from the CompTIA® Security+ certification Practice Test. Bitcoin Jesus faces $48 million in tax fraud charges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment On CertByte, host Chris Hare, content developer and project management specialist at N2K, shares practice questions and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Nevllie to break down a question targeting the CompTIA® Security+ (SY0-701) certification. Today’s question comes from N2K’s CompTIA® Security+ Practice Test. According to CompTIA®, Security+ is "the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market." The exam is geared towards anyone who already holds a Network+ cert, and has two years of experience in a security or a systems admin role.To learn more about this and other related topics under this objective, please refer to the following resources: CompTIA Security+ Study Guide with over 500 Practice Test Questions (Sybex Study Guide), Chapter 17: Risk Management and Privacy and CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Chapter 11: Implementing Policies to Mitigate Risk. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: www.comptia.org Selected Reading FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (Bleeping Computer) Here’s the indictment against two men allegedly responsible for Snowflake customer breach (CyberScoop) Microsoft Patch Tuesday, November 2024 Edition (Krebs on Security) ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell (SecurityWeek) Zoom App Vulnerability Let Attackers Execute Remote Code (Cyber Security News) China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike payload (The Record) Dutch company behind Hannaford, Stop & Shop says cyber issue affecting US network (The Record) City of Sheboygan hit by apparent ransomware attack (WPR) Biden Administration to Support UN Cyber Treaty Despite Concerns Over Misuse (Bloomberg) ‘Bitcoin Jesus’ Fights IRS Tax Evasion Case From Spanish Island (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K.
Federal agencies and Five Eyes partners list the past year's most exploited vulnerabilities.
U.S. authorities hand down indictments in the Snowflake customer breach.
Patch Tuesday updates.
Zoom discloses multiple vulnerabilities.
A China-linked hacker group has compromised Tibetan media and university websites.
A cyber attack on a Dutch company affects over 2,000 U.S. grocery stores.
Sheboygan suffers a ransomware attack.
The White House plans to support a controversial U.S. cybercrime treaty.
On today's CertBite segment, N2K's Chris Hare is joined by Dan Neville
to break down a question from the CompTIA Security Plus Certificate practice desk.
And Bitcoin Jesus faces $48 million in tax fraud charges.
It's Wednesday, November 13th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It's great to have you with us.
CISA, the FBI, NSA, and Five Eyes intelligence agencies
have identified the top 15 most exploited security vulnerabilities from last year,
urging organizations to patch these flaws immediately. In a joint advisory, they emphasize
the critical need for effective patch management to reduce network exposure. The report highlights an increase in zero-day exploits in 2023
compared to the previous year,
noting that the majority of frequently targeted vulnerabilities were zero-days,
which allowed attackers to infiltrate high-value targets more effectively.
Twelve of the top 15 vulnerabilities had patches released last year, underscoring the importance of swift patch deployment as cybercriminals continue targeting unpatched flaws.
Leading the list is a code injection vulnerability in Netscaler ADC Gateway.
This vulnerability, exploited by state actors, enabled remote code execution on unpatched servers, compromising
U.S. critical infrastructure. By mid-August, hackers had used this flaw to backdoor over 2,000
Citrix servers worldwide. The advisory also mentions 32 additional vulnerabilities frequently
exploited in 2023, offering guidance on minimizing risk. Meanwhile, MITRE recently updated its list
of dangerous software weaknesses, underscoring ongoing challenges. Jeffrey Dickerson, NSA's
cybersecurity director, warned that exploitation of known vulnerabilities will persist,
urging network defenders to remain vigilant and proactive throughout 2024 and beyond.
U.S. authorities have indicted Connor Mocha and John Binns, suspected cybercriminals accused of
hacking into cloud platforms of major firms, the Snowflake customer breach, including AT&T, in a scheme targeting over 10 organizations.
Mocha and Binz allegedly stole sensitive data and demanded ransoms totaling $2.5 million
in digital currency. Mocha, a Canadian, was arrested by Canadian authorities on October 30th,
while Binz, also charged in a 2021 T-Mobile breach, was detained by Turkish authorities.
Though the indictment doesn't name specific victims,
it aligns with earlier reports of breaches involving snowflake clients like Ticketmaster and Santander.
Researchers suggest Mocha and Binz are linked to The Calm,
a group tied to various criminal activities,
including cyber extortion and violent crimes.
Yesterday was Patch Tuesday. Microsoft has released patches for 89 vulnerabilities in Windows and other software, addressing two critical zero-day threats actively exploited
by attackers. The first impacts Windows Task Scheduler, allowing attackers to elevate privileges.
Google's Threat Analysis Group identified it.
The second enables attackers to spoof and expose NTLMv2 hashes used for authentication,
raising the risk of pass-the-hash attacks, which let attackers act as legitimate users without
needing passwords.
Additional updates include a privilege escalation flaw in Active Directory and a spoofing vulnerability
in Exchange Server.
One notable thread affects Kerberos protocol in Windows domains, potentially allowing attackers
to gain domain controller access.
domains, potentially allowing attackers to gain domain controller access. Microsoft also patched a critical flaw in.NET and Visual Studio and 29 memory-related issues in SQL Server.
Siemens, Schneider Electric, SysA, and Rockwell Automation have issued November 2024 Patch Tuesday
advisories addressing multiple critical vulnerabilities in industrial systems.
Siemens released fixes for numerous products,
notably a deserialization flaw in telecontrol server BASIC,
allowing unauthenticated code execution.
Cinec INS received updates for roughly 60 vulnerabilities,
many involving third-party components,
while Cinec NMS and Scalance M800 addressed over a dozen issues each.
High-severity patches target code execution risks in engineering platforms
and stored cross-site scripting in OZW web servers, among others.
Schneider Electric issued four advisories,
including a critical EcoStruxure IT gateway flaw
enabling system control and sensitive data access.
PowerLogic PM5300 and Modicon controllers
were also patched for denial-of-service
and code execution risks.
CISA's advisories include critical flaws in subnet power system
center and Hitachi TR-0600 radios, plus a Rockwell factory talk view ME remote code
execution vulnerability. Rockwell additionally addressed several issues in factory talk updater,
including authentication bypass and privilege escalation.
updater, including authentication bypass and privilege escalation.
Zoom disclosed multiple vulnerabilities in its applications, including a critical buffer overflow flaw with a CVSS score of 8.5, allowing authenticated users to execute remote code.
Another significant issue involves improper input validation, which could lead to unauthorized
information disclosure. Affected products include the Workplace app, Rooms client, Video SDK,
and Meeting SDK across Windows, macOS, iOS, Android, and Linux. Users are advised to update
to the latest versions to mitigate risks. A China-linked hacker group, Tag112,
has compromised Tibetan media and university websites
in an espionage campaign to gather intelligence for Beijing.
Tag112 targeted the Tibet Post and Yidmed Tantric University sites,
exploiting vulnerabilities in the Jumla CMS to deploy Cobalt Strike,
a cybersecurity tool repurposed for hacking.
Researchers suggest Tag112 may be a subgroup of the Chinese state-sponsored group Evasive Panda,
which also targets the Tibetan community.
Both groups use hacked websites to prompt downloads of malicious files disguised
as security certificates, aiming to monitor Tibetan and other ethnic minority groups that
China deems subversive. A cyber attack on the Dutch parent of U.S. grocery chains like Stop and Shop,
Hannaford, and Food Lion has disrupted online services, affecting over 2,000
stores. Customers faced issues with online orders, and some websites and pharmacy operations went
offline. While in-store credit card transactions still work, delivery orders were canceled.
The company is investigating with law enforcement and cybersecurity experts, taking some systems offline as a precaution.
No hacking group has claimed responsibility, but similar incidents often involve ransomware targeting retail operations for quick payouts.
The Wisconsin city of Sheboygan reported a ransomware attack that disrupted its computer networks.
Officials discovered the issue in late October and began working with cybersecurity experts to secure the network.
An external party gained unauthorized access and issued a ransom demand, which the city reported to law enforcement.
Officials do not believe sensitive personal data was compromised, but will notify affected individuals if necessary.
City phone lines remain operational and the investigation is ongoing.
Sheboygan thanked residents for their patience and emphasized its commitment to security.
I'll add a personal note, the word Sheboygan is fun to say.
note, the word Sheboygan is fun to say. The Biden administration plans to support a UN cybercrime treaty aimed at establishing global cooperation on cybercrime. Despite concerns,
it could empower authoritarian regimes to surveil dissidents. While it would be the UN's first
binding agreement on cybersecurity, critics worry it could be misused to target
political opponents or censor internet users. U.S. officials argue the treaty would help
criminalize child exploitation and expand access to electronic evidence, facilitating extradition
of cybercriminals. Advocacy groups and six Democratic senators warn the treaty risks legitimizing censorship and human rights abuses.
To address these concerns, U.S. officials assure that human rights safeguards will be enforced and the Department of Justice will scrutinize assistance requests.
Although the treaty is likely to pass the U.N. vote, it may face ratification challenges in the U.S. unless
human rights protections are enhanced.
Coming up after the break on our CertBytes segment, we break down a question from the
CompTIA Security Plus certification practice test.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives Thank you. and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
On our latest CertBytes segment,
N2K's Chris Hare is joined by Dan Neville
to break down a question from the CompTIA Security Plus Certification Practice Test.
Hi, everyone. It's Chris. I'm a content developer and project management specialist here
at N2K Networks. I'm also your host for this week's edition of CertByte, where I share a
practice question from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need
to fast-track your career growth
in IT, cybersecurity, and project management.
Today's question targets the CompTIA Security Plus exam,
which is exam ID SY0701,
targeted for those candidates
who already hold a Network Plus certification
and have
about two years of experience in a security or systems admin role.
I have my teammate Dan here to help us out today.
He's our resident CompTIA expert.
One can say maybe you're our captain of CompTIA.
Dan, how are you today?
Well, thanks for the welcome, Chris.
I'm glad to be here, and I'm glad for the promotion from being Lieutenant Dan for so many years to Captain Dan.
So that's pretty cool.
Thank you.
Yes, well-deserved.
So, Dan, we're going to turn the tables and you will be asking me today's question.
But while I summon up the courage to answer your question, Dan, I understand you have a 10-second study bit for Security Plus.
So what do you have for us?
So this is absolutely crucial.
Get a copy of the published exam objectives.
If there's a term or a concept in the objective that you don't understand,
use your study materials to read up on that term
and keep studying it until you can explain it to a five-year-old
and you'll do just fine.
That's great. That's a great tip.
So do you have your Security Plus question ready for me?
Yes, I do. I think I'm ready to launch this one.
All right. Hit me.
So, which role and associated responsibility involves managing and overseeing the use of systems and data,
insurance compliance with security policies and regulations?
Mm-hmm.
All right.
So your choices are A, owners, B, custodians and stewards, C, processors, or D, controllers.
Okay.
So, Dan, there is a precedent with this series where I remind my listeners of my limited technical acumen with these types of exams. So, now, that's out of the way. What I do know is that this question targets program management and oversight and elements of effective security governance, correct?
Yes.
All right. So coming in from a project management bent, I'm going to think about this in terms of a RACI chart. So RACI, to remind everyone, stands for responsible, accountable, consulted,
and informed. So I'm going to proceed with this strategy not knowing the answer. And so let's go
through them. So the first one is owners. So that sounds more like a role of accountability rather than management.
Custodians and stewards.
That may be more like hands-on and responsible.
So that could be a possible answer.
Let's put a pin in that one.
Processors could be likely, but not for something as overarching and overseeing of systems and data and compliance.
So maybe that's more of the I in the RACI, in the informed role.
And then controllers,
that might be more of a legal or compliance role,
which would fit the consulted part of the RACI chart,
the C in RACI.
So using this line of thinking,
I'm going to go with B, custodians and stewards.
Final answer.
Well, that was a great logical way of working through that.
Thank you.
The correct answer is custodians and stewards.
Yay.
So well done, well done.
So they are the individuals, they could be entities as well,
who are responsible for the day-to-day management and the protection of systems and data assets.
They ensure the proper handling and storage and security of data
in accordance with established policies and procedures. Okay. Custodians are typically
responsible for implementing security controls, monitoring access, and responding to security
incidents, while on the other hand, stewards focus on data governance, quality assurance, and metadata management.
So, that's a lot.
So, let's sum it up.
Yes.
Okay.
Owners have ultimate responsibility for the governance and strategic direction of systems and data.
Controllers ensure compliance with legal and regulatory requirements related to data processing.
Okay. Processors handle personal data requirements related to data processing. Okay.
Processors handle personal data on behalf of data controllers and implement security measures to protect data.
And then finally, custodians and stewards are responsible for the day-to-day management
and protection of systems and data assets, implementing security controls, and ensuring data integrity
and quality.
Well, that's a great question and great answer explanation.
So, Dan, CompTIA says that the Security Plus exam is the most widely adopted ISO ANSI-accredited
early career cybersecurity certification out there on the market.
early career cybersecurity certification out there on the market. In your professional opinion,
out of the top three popular certifications, Network+, Security+, and A+, which of these would you say is the hardest and why? Well, I'm going to say that Security+,
is the hardest of the three. The first time you look at A+, it's very broad and wide, a lot of material,
but not a whole lot of depth. Networking builds on that. And Security+, you have to have elements
of A+, and Network+, plus in addition to the security requirements. So, of the three exams,
Security+, is the hardest. Great. All right. That's very helpful to our listeners. So, of the three exams, Security Plus is the hardest.
Great. All right. That's very helpful to our listeners. So, thank you so much for being here
today, Dan. Thank you. I really appreciate it. So, are there any upcoming CompTIA practice tests
or courses you'd like to promote here? Oh, I get to do that. Yes, you do. So, let's see.
Cloud Plus is being updated by CompTIA. We should have that
out very shortly. Later this fall, IT Fundamentals has been updated to a new exam called Tech Plus,
and we'll have material for that. Pentest Plus comes out also later in the fall, early in the
winter. And the brand new exam, SecurityX,
the first second of their security expert exams
replaces the CASP Plus.
And we'll have all those out end of the year
or early beginning in 2025.
Excellent.
That's exciting to hear.
So thank you, Dan.
And thank you for joining me for this week's CertByte. If you're actively studying for this certification and have any questions about study
tips or even future certification questions you'd like to see, please feel free to email me at
certbyte at n2k.com. That's C-E-R-T-B-Y-T-E at N number 2K dot com. If you'd like to learn more
about N2K's practice tests, visit our website
at n2k.com forward slash certify. For more resources, including our N2K Pro offerings,
check out thecyberwire.com forward slash pro. For sources and citations for this question,
please check out our show notes. Happy certifying.
Be sure to visit our show notes for links to the practice test and other helpful resources that Chris and Dan talked about.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, Roger Ver, also known as Bitcoin Jesus, is facing U.S. tax fraud charges over $240 million in token sales,
with accusations of evading over $48 million in taxes.
Known for his crypto evangelism,
Ver claims he's being targeted for his political views
and insists he followed professional advice
amid IRS crypto tax ambiguity.
Arrested in Spain, Ver spent a stint in jail
and now awaits a ruling on possible extradition to the U.S.
The indictment alleges he hid substantial Bitcoin holdings
when renouncing U.S. citizenship in 2014
under reporting assets and crypto sales.
While Ver continues living in Mallorca,
practicing jujitsu and hosting friends,
his supporters are rallying behind him,
decrying what they call unjust prosecution.
If extradited, Ver's case could set a precedent as the first crypto-only tax case to go to trial.
Bitcoin Jesus might not be walking on water, but he's definitely skating on thin ice with the IRS. And that's the Cyber Wire. For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter.
Learn how at n2k.com.
This episode is produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. AI and data products platform comes in. With Domo, you can channel AI and data
into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com Learn more at ai.domo.com.
That's ai.domo.com.