CyberWire Daily - Blue screen blues.
Episode Date: September 25, 2024CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing ac...cess to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test. This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access (Infosecurity Magazine) Exclusive: State Department cyber bureau preps funding blitz aimed at boosting allies' defenses (The Record) Iranian-linked election interference operation shows signs of recent access (CyberScoop) FEC expands campaign spending rules to allow for physical, cybersecurity purchases (CyberScoop) Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities (SecurityWeek) New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (Forbes) Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica) Proton warns that data of thousands politicians leaked on the dark web (Beyond Machines) Third Recent Ivanti Vulnerability Exploited in the Wild (SecurityWeek) PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts (Hackread) Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks (Veriti) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
CrowdStrike's Adam Myers testifies before Congress.
The State Department is set to provide nearly $35 million in foreign aid CrowdStrike's Adam Myers testifies before Congress.
The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity.
Foreign adversaries claim ongoing access to presidential campaign documents.
Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than 10 minutes. Exploiting
chat GPTs a long-term memory. Politicians and staffers find personal data exposed on the dark
web. A critical vulnerability in Avanti's virtual traffic manager is being actively exploited.
On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvachi to break
down a question from N2K's CompTIA Project Plus practice test. And don't click the P. Diddy links.
It's Wednesday, September 25th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here again today. It is great to have you with us.
Yesterday, CrowdStrike VP Adam Myers testified before a U.S. congressional committee
to address the July 19th incident where a faulty update to its Falcon sensor software
disabled approximately 8.5 million Windows PCs, causing widespread blue screen
of death errors. The problem arose from a mismatch between input parameters and the
Falcon Sensor's rules engine, which led to system failures until the issue was corrected.
CrowdStrike apologized for the disruption, acknowledging that the incident impacted customers like Delta Airlines,
which claims $500 million in losses due to flight cancellations.
Myers detailed CrowdStrike's efforts to restore affected systems,
including deploying automated remediation techniques and providing physical support to reboot machines.
and providing physical support to reboot machines.
To prevent future incidents, CrowdStrike has implemented enhanced validation and testing processes,
phased rollouts of updates, and added runtime safeguards.
They've also hired third-party security vendors to review Falcon's sensor code and quality control.
Congress also questioned the necessity of granting kernel access to software like Falcon. Myers defended its importance, emphasizing that kernel-level visibility is
essential for detecting threats and preventing tampering. He warned that restricting access
could weaken cybersecurity solutions. CrowdStrike is one of the many vendors out there
that uses the Windows kernel architecture,
which is an open kernel architecture.
This is a decision that was made by Microsoft
to enable the Microsoft operating system
to support a vast array of different types of hardware
and different systems.
The kernel is responsible for the key
area where you can ensure that you have performance, where you can have visibility into everything
happening on that operating system, where you can provide enforcement, in other words,
threat prevention, and as well to ensure anti-tampering, which is a key concern from a cybersecurity perspective.
Anti-tampering is very concerning
because when a threat actor gains access to a system,
they would seek to disable security tools.
And in order to identify that that's happening,
kernel visibility is required to see when that's occurring.
The kernel driver is a key component of every security product that I could think of,
whether they would say that they do most of their work in the kernel or not,
varies from vendor to vendor, but to try to secure the operating system without kernel access would
be very difficult. CrowdStrike is facing multiple lawsuits as a result of the outage,
including from Delta and its own shareholders. The U.S. State Department's Bureau of Cyberspace
and Digital Policy is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity,
particularly among U.S. allies, according to exclusive reporting from The Record.
Created in 2022, the Bureau aims to lead in international cyber norms,
especially as nations like China exert influence.
This funding boost, part of a broader strategy outlined in the
Biden administration's national cyber strategy, will support rapid cyber incident response,
counter spyware misuse, and enhance undersea cable and cloud security in the Pacific.
The Bureau's flagship project, Falcon, enables rapid deployment of private sector tools to address cyber
vulnerabilities for U.S. allies within 48 hours of a request. Additionally, a Pacific Islands
undersea cable project, supported by Google and regional governments, will expand digital
connectivity and cloud migration. As demand for cybersecurity assistance grows, the Bureau has
shifted toward more strategic, flexible funding to improve global resilience against cyber threats
and bolster U.S. cyber diplomacy. Hackers linked to Iran's Islamic Revolutionary Guard Corps
reportedly continue to target the Trump campaign. On September 18th, the group shared
stolen campaign material with journalists, including a letter dated September 15th,
suggesting ongoing access to campaign documents. The group, tracked as APT42, has previously
targeted U.S. political figures, including officials connected to both the Trump and Biden campaigns.
Google's threat analysis group confirmed blocking attempts
to access personal emails of high-profile individuals,
but at least one political consultant's Gmail account was compromised.
Meanwhile, the Federal Election Commission has expanded rules
allowing federal campaign funds to cover physical and cybersecurity measures for candidates, their families, and staff.
Approved unanimously on September 19, the new rules enable funds to be used for cybersecurity tools, alarm systems, and other security upgrades.
alarm systems, and other security upgrades.
This move responds to increasing digital and physical threats,
including recent cyberattacks on Donald Trump's and Kamala Harris' campaigns by foreign hackers.
The FEC emphasized that spending must be legitimate,
avoiding potential abuse of campaign funds for personal gain.
Despite nearly a decade of warnings, critical vulnerabilities in automatic tank gauge systems used in gas stations and critical infrastructure like military
bases and airports remain unaddressed. These systems monitor fuel tank parameters such as
volume and temperature, but cybersecurity firm BitSight recently identified
10 vulnerabilities in six ATG systems from various vendors. Seven of the flaws are rated as critical,
including authentication bypass and OS command execution issues, allowing full system access.
BitSight warned that attackers could cause physical damage, such as fuel leaks or
relay damage, and monitor or manipulate fuel levels. Thousands of vulnerable ATG devices remain
exposed, particularly in the U.S. and Europe, although some vendors have responded with patches,
others have not, leaving these systems at risk. CISA has released advisories,
but progress on addressing these vulnerabilities remains limited.
Google introduced application-bound encryption in Chrome 127 for Windows to prevent cookie-stealing
hackers from bypassing two-factor authentication using InfoStealer malware.
This security feature ties encrypted data to app identity,
making it harder for hackers to access sensitive information.
However, multiple InfoStealer malware developers,
including those behind Luma, Vidar, and Radamathis,
claim to have quickly bypassed this new protection.
Reports from Bleeping Computer confirm that these malware updates can break Chrome's cookie encryption,
effectively rendering 2FA protections useless.
Once attackers steal session cookies, they can bypass authentication
and gain full access to users' accounts and sensitive data.
Security researcher Johann Reberger recently uncovered a vulnerability in ChatGPT's long-term memory feature
that could let attackers store false information or malicious instructions.
Initially, OpenAI dismissed it as a safety issue rather than a security concern,
but Reberger pressed on, developing a proof-of-concept exploit that grabbed the attention of OpenAI engineers.
ChatGPT's long-term memory is a feature that remembers user details to provide more personalized responses.
Reberger discovered that attackers could exploit this memory
by planting false details,
like claiming a user was 102 years old or lived in the Matrix,
and ChatGPT would incorporate this into future conversations.
The exploit used indirect prompt injection,
allowing malicious content such as a simple web link
to trigger the attack. OpenAI
has since issued a partial fix to prevent data exfiltration, but prompt injections can still
manipulate memory. Users should regularly review their chat GPT memories and be alert for any
suspicious changes during sessions to avoid unwanted memory tampering.
An investigation by Constella Intelligence and Proton revealed that the email addresses
and sensitive information of over 4,100 British MPs, EU Parliament members, French politicians,
and U.S. political staffers were exposed on the dark web. The data includes names, email addresses, home addresses, social media accounts,
and over 2,500 passwords, some in plain text.
British MPs had the highest exposure, with 68% of their email addresses compromised.
The leaks stemmed from breaches of third-party websites like LinkedIn
and Dropbox, where politicians used their official emails. A critical vulnerability in Avanti's
virtual traffic manager is being actively exploited, marking the third flaw Avanti
customers have been warned about in two weeks. The vulnerability allows remote,
unauthenticated attackers to create administrator accounts. Avanti released patches on August 12th
and later acknowledged the existence of a proof-of-concept exploit. Although there have
been no public reports of attacks, CISA added the flaw to its known exploited vulnerabilities catalog.
Avanti has provided fixes, recommendations, and indicators of compromise for customers.
Coming up after the break, N2K's Chris Hare and George Monsolvaci break down a question from our CompTIA Project Plus practice test.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached. Protect your executives and their families 24-7, 365,
with Black Cloak.
Learn more at blackcloak.io.
On the latest edition of our CertByte segment,
N2K's Chris Hare is joined by resident Microsoft subject matter expert George Monsalvachi.
They're breaking down a question from N2K's CompTIA Project Plus practice test.
Hi, everyone. It's Chris. I'm a content developer and project management specialist here at N2K Networks.
I'm also your host for this week's edition of CertByte, where I share a practice question
from our suite of industry-leading content and a study tip to help you achieve the professional
certifications you need to fast-track your career growth.
Today's question targets CompTIA's Project PLUS exam, which is exam code PK0-005.
This exam is targeted for candidates who have about one to two years of project management experience.
This is not an actual test question, but an example of one that covers an objective for the fifth version of the exam, which came out in November of 2022.
So today, I've invited my teammate George back to talk more
about project management in the CompTIA context. How you doing, Chris? Hello, George. George is
our resident Microsoft expert, so I'm curious how he'll do with another PM question today.
So, George, before we get into the question, I'm going to share a 10-second study bit for this
exam. You have not taken the Project Plus exam yet. Is that right? That is correct. I've taken a lot of Microsoft exams,
but never a Project Plus. Okay. So, my 10-second study bit for the Project Plus exam is take the
exam at an exam center to rule out any issues you may have taking the exam at home. I don't know about you, George, but I've heard horror stories about failed tests due to Internet
and other unexpected disruptions, and you only have 90 minutes for this exam.
Yeah, I would agree with that.
I've taken an exam at home.
I had dogs barking.
I had cats fighting with the dogs, and it was very hard to concentrate on the exam, so I agree.
Okay, so now on to your question. Are you ready, George?
Let's give it a shot.
All right. You'll do well, as always. So which of the following options accurately describes a
typical SAFE team's recommended size range? Now, SAFE stands for Scaled Agile Framework.
Are you familiar with this methodology,
George? I'm familiar with Agile. Okay. SAFE is a bit different. I'll explain that in a bit. So,
let me give you your choices, and then I'll give you a little bit of a hint.
So, the choices are A, there is no recommended size, B, 3 to 10. C, 9 to 20.
D, multiples of 2 for pair programming, a term I'm sure you're familiar with.
So George, to give you your hint, you said you're not that familiar with SAFe.
So you are familiar with Agile and Scrum.
And as you know, Scrum is basically a framework that's part of the Agile philosophy.
Scrum is basically a framework that's part of the agile philosophy.
So the hint is it's very similar to a typical scrum team size as it scales scrum and agile practices.
So that said, what would your guess be?
Okay, so let me narrow these down.
So you said there's no recommended size. There's always a recommended size.
Come on.
You said there's no recommended size.
There's always a recommended size.
Come on.
The other one would be, you mentioned 3 to 10 and 9 to 20.
Yes.
Typically, 9 to 20 just seems very, very large.
So I'm going to lean for 3 to 10.
The other one was multiple twos for pair programming.
I don't think that's it.
So I'm going to go with three to 10.
Well, you are correct.
Great job.
The answer is B.
A typical scaled agile framework team size ranges from three to 10 members, basically to best promote high collaboration and smooth communication.
And a scrum team is typically between three to nine people.
So you see how I was trying to help you out there.
And so there was your hint.
And SAFe, just for the benefit of our listeners out there,
is basically just Godzilla Scrum.
It takes the principles and workflows of Scrum
and agile practices and blows it up to enterprise scale.
And SAFe also has a Scrum Master
and product owner like Scrum,
but also some additional roles
that the Scrum methodology does not feature.
Well, thanks again for being my PM test subject today, George.
Well, thanks for having me.
Anytime.
And thank you for joining me for this week's CertByte.
If you're actively studying for this certification
and have any questions about study tips
or even future certification questions you'd like to see,
please feel free to email me
at certbyte at n2k.com. That's C-E-R-T-B-Y-T-E at n number 2k.com. If you'd like to learn more
about N2K's practice tests, visit our website at n2k.com forward slash certify. For sources
and citations for this question, please check out our show notes.
Happy certifying.
Don't forget, you can find out more about our practice tests on our website. Thank you. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, cybercriminals are capitalizing on the latest Sean Diddy Combs scandal by spreading a malware strain
dubbed P. Diddy-Sploit, targeting curious social media users, particularly on ex-Twitter. Lured by
the promise of deleted Diddy posts, users are tricked into downloading files that infect their
devices with this trojan. P. Diddy-Sploit, a variant of the
Pi-Cylon rat malware, allows attackers to steal sensitive data, record screen activity,
and remotely control systems. As usual, cybercriminals know people just can't resist
celebrity drama, so instead of satisfying their curiosity, these users end up with a digital mess on their
hands. The scheme is reminiscent of past attacks, where hackers used everything from Oscar movie
downloads to nude celebrity leaks as bait. The moral of the story? Think twice before clicking
on files promising exclusive scandal content. You might get more than you bargained for.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we
deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K CyberW Wire is part of the daily routine of the most
influential leaders and operators in the public and private sector, from the Fortune 500 to many
of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for
companies to optimize your biggest investment, your people. We make you smarter about your teams Thank you. Editor is Brandon Carr. Simone Petrella is our president. Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.