CyberWire Daily - Breaking news blocked.
Episode Date: October 1, 2024A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital pat...ches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. A Crypto Criminal Stretches His Limits—And His Legs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment kicks off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. Selected Reading AFP News Agency's Content Delivery Systems Hit by Cyberattack (Hackread) CISA and FBI Issue Alert on XSS Vulnerabilities (Security Boulevard) UMC Health System Diverts Patients Following Ransomware Attack (SecurityWeek) Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code (CyberSecurity News) California passes car data privacy law to protect domestic abuse survivors (The Record) The Playstation Network is down in a global outage (Bleeping Computer) Verizon Mobile Outages Reported Across the U.S. (The New York Times) DoJ audit finds CISA faces challenges in cyber threat information sharing, as participation hits record low (Industrial Cyber) T-Mobile pays $31.5 million FCC settlement over 4 data breaches (Bleeping Computer) Man charged for selling forged license keys for network switches (Bleeping Computer) Crooked Cops, Stolen Laptops & the Ghost of UGNazi (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
A global news agency suffers a cyber attack.
CISA and the FBI provide guidance on cross-site scripting attacks.
A Texas healthcare system diverts patients following a ransomware attack.
Western Digital patches a critical vulnerability in network-attached storage devices.
California passes a law protecting domestic abuse survivors from being tracked.
Verizon and PlayStation each suffer outages. CISO responds
to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches.
The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys.
On our Industry Voices segment, kicking off Cybersecurity Awareness Month,
we're joined by Chad Radigie, Executive Director of the Oklahoma Cyber Innovation Institute
at the University of Tulsa.
We're discussing the Institute's K-12 outreach initiatives.
And a crypto criminal stretches his limits and his legs.
It's Tuesday, October 1st, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It is great to have you with us.
Asia's France Press, AFP, experienced a cyber attack on September 27th,
disrupting its content distribution infrastructure, but its core news reporting remains unaffected. The attack targeted AFP's IT systems, specifically content delivery networks and file transfer services used to deliver news to clients.
While the type of attack and the responsible party are still unknown,
AFP quickly responded, with the French cybersecurity agency ANSI assisting in
securing the systems. AFP warned clients that their FTP credentials might have been compromised,
advising them to update passwords and secure their systems. Despite these technical issues,
AFP assured that its newsroom continues to operate without interruptions,
delivering the news globally in multiple languages.
No group has claimed responsibility for the attack so far.
Cross-site scripting vulnerabilities remain a persisted issue in software development despite being preventable.
CISA and the FBI have issued a SecureByDesign alert to address these risks.
Cross-site scripting attacks occur when malicious scripts are injected into trusted web pages due to improper handling of user inputs.
This can lead to data theft, session hijacking, or unauthorized actions in the user's browser.
These vulnerabilities often arise from inadequate input validation, sanitization,
or escaping of user inputs. Despite effective mitigations, cross-site scripting vulnerabilities
continue to be widespread, ranking second in MITRE's top software weaknesses list.
CISA and the FBI urge developers to adopt best practices such as input validation using modern web frameworks with built-in security,
conducting thorough code reviews, and adversarial testing to prevent these vulnerabilities during the development process.
UMC Health System in Texas has been diverting patients after a ransomware attack forced them to take their IT systems offline. The incident, disclosed on September 27, led to both emergency and
non-emergency patients being diverted to nearby hospitals. UMC launched an investigation and
disconnected its systems to contain the breach. By Monday, some services were restored and only a few patients
were still being diverted. UMC's emergency center is now accepting ambulance patients,
while other facilities remain open but are not fully operational. The hospital has engaged
third-party experts to aid in the recovery process. Downt downtime procedures have been implemented, and patients are being
informed of changes to appointments. UMC continues its efforts to restore services
safely and provide updates on the investigation and remediation efforts.
A critical vulnerability has been identified in Western Digital's My Cloud devices, affecting models like My Cloud EX2 Ultra and PR4100,
this flaw with a CVSS score of 9.2 allows attackers to exploit an unchecked buffer in the dynamic DNS client
through a man-in-the-middle attack, leading to arbitrary code execution.
Western Digital has addressed the issue in a firmware update and urges users to update immediately.
The vulnerability poses risks of unauthorized access, data corruption, and system crashes.
Western Digital thanks researchers at Clarity for responsibly disclosing the issue.
California has passed a new law requiring car manufacturers to let drivers disable remote access to their vehicles,
aimed at protecting domestic abuse survivors from being tracked by abusers.
Signed by Governor Gavin Newsom, the bill is part of a broader package of domestic violence protections.
It addresses the growing concerns around connected cars' ability to track
users. Automakers must now allow vehicle owners to block specific individuals from accessing their
cars remotely, and they cannot charge a fee for this service. Additionally, the law mandates
in-vehicle alerts when remote access is being used. The legislation could influence nationwide changes
as manufacturers tend to create cars for multiple markets.
The FCC is also investigating how it can regulate automakers
to ensure connected cars aren't used to harass survivors,
following pressure from advocacy groups.
On Monday morning, thousands of Verizon users across major U.S. cities, including New York, Los Angeles, and Chicago, experienced widespread cell phone service outages.
Over 104,000 reports were logged on Down Detector by 11.30 a.m. Eastern, with the number later dropping to 78,000.
Many users reported their phones showing SOS mode, preventing calls and messages.
Verizon confirmed the issue, with engineers working to resolve it,
though the cause was unclear.
Simultaneously, the PlayStation Network faced a global outage,
affecting services like gaming, account management, and the PlayStation Store.
affecting services like gaming, account management, and the PlayStation Store.
Sony says they're working to fix the issue, which began at 8.41 p.m. ET,
with some services still down, potentially due to overloaded servers.
Both outages disrupted users' daily activities and work.
The Office of Inspector General has highlighted challenges facing the Cybersecurity and Infrastructure Security Agency in sharing cyber threat information, as mandated by the Cybersecurity Act of 2015.
While CISA met some basic requirements, including updating its guidance and improving security clearances,
participation in the automated indicator
sharing system has declined significantly. The number of AIS participants dropped from 304 in
2020 to 135 in 2022, with a 93% reduction in shared cyber threat indicators. The OIG identified a lack of outreach and unclear financial tracking as key issues.
CISA has committed to evaluating AIS, exploring alternatives, and improving recruitment and
retention of participants with a target completion date of July 2025. The OIG also recommended CISA
develop a spending plan and implement performance metrics, which the agency agreed to address.
The FCC reached a $31.5 million settlement with T-Mobile over multiple data breaches that compromised millions of U.S. consumers' personal information between 2021 and 2023.
information between 2021 and 2023. As part of the agreement, T-Mobile will invest $15.75 million in cybersecurity improvements and pay a $15.75 million civil penalty. The settlement requires
T-Mobile to adopt modern cybersecurity practices, such as zero-trust architecture and multi-factor
authentication, and improve oversight and data management.
The FCC's Privacy and Data Protection Task Force played a key role in the investigation.
Benjamin Paley, age 75, co-owner of Minnesota IT company Gen8 Services, has been indicted for participating in an international conspiracy
to sell counterfeit software license keys for Brocade networking devices.
Paley, along with co-conspirators Wade Huber and David Rosenblatt,
allegedly ran a scheme from 2014 to 2022, selling over 3,600 forged Brocade switch licenses. These counterfeit keys were sold at
prices far below market rates, costing Brocade between $5 million and $363 million in losses.
Haley faces charges of conspiracy to commit access device fraud and access device fraud, with potential penalties of up to 15 years in prison for each count
and fines up to $250,000.
His co-conspirators have pleaded guilty,
and sentencing is set for later this month.
Coming up after the break, my conversation with Chad Radegy,
Executive Director of the Oklahoma Cyber Innovation Institute at the University of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like
Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1 thousand dollars off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
On today's Industry Voices segment, kicking off Cybersecurity Awareness Month,
we're joined by Chad Radegy, Executive Director of the Oklahoma Cyber Innovation Institute at the
University of Tulsa. We're discussing the Institute's K-12 outreach initiatives.
We were established just nine short months ago with the vision of helping the state of Oklahoma and the city of Tulsa kind of lay out a path forward.
We received some funding from the state of Oklahoma by way of the American Rescue Plan Act.
Many of us know that as ARPA or the Post-COVID Recovery Act.
They authorized some funding allocations to us and gave us a mandate of let's get cybersecurity
awareness classes across the state of Oklahoma. So concentrate on K-12, but also don't leave out
the adult continuing education. So those that are trying to reskill or upskill.
I also received some funding from a large family foundation here in Tulsa, Oklahoma,
where we have been asked to focus on business development and get cyber education and research
and activities into those local businesses. So not just kids,
but businesses, homes, local governments. Well, tell us a bit about your own background.
My understanding is you are a U.S. Air Force veteran? I am, Dave. Thanks for bringing that up.
Proudly wore the uniform of our nation, United States Air Force, for 29 years.
Proudly wore the uniform of our nation, United States Air Force, for 29 years.
Eventually retired in November of 2023 after a long but rewarding career.
I specialized in communications, information technology, and cyber operations for my entire career.
As I was retiring last November, I wanted to find some meaningful work. I wanted to find a new mission, quite frankly. So as I looked across the U.S. landscape,
I came back to the state of Oklahoma, found this unique opportunity here with the University of
Tulsa and this Oklahoma Cyber Innovation Institute, one that, as I noted, was
focused on kids, focused on businesses, focused on critical infrastructure for our nation.
That's where I've immediately found a calling and really meaningful work that provides a daily
mission for me. Why the focus on kids and cybersecurity? What makes that the right match at this particular moment?
cyber kids, and here are some of the statistics that they've discovered in their research.
80% of kids cannot tell if they are talking to a child or an adult posing as a child.
54% of college-age students actually reported sexting as minors. 92% of teens are online every single day, with 24% of those commenting that they're almost entirely online constantly every day.
And finally, how about this one? 95% of kids age 8 through 12 now report that they have their own smart device. And so it's for those reasons that we think that the youth of our
nation, those that are going to bring us into the future, are the ones that we need to concentrate
on the most. Help them be prepared for the digital society that we're not only experiencing today,
but the one that's building out tomorrow. Well, describe what this outreach looks like. How are you going
to interact and engage with these kids? Absolutely. We're taking a framework that has been
published by our U.S. government. It's one that was born out of the National Institute of Standards
and Technology. We may know it as the acronym NIST, but they have a cybersecurity
workforce framework known as NICE. It's the National Initiative for Cybersecurity Education.
The NICE framework is all about increasing the size and capability of our U.S. cybersecurity
workforce. It defines what cybersecurity is. It provides a list of critical
cybersecurity tasks, and it provides knowledge, skills, and abilities that will be required to
perform those tasks. So NIST and NICE is really what's defining where we go. Now, what are we
doing with the state of Oklahoma? Well, that's where we're working directly with those K-12
teachers, those that are on the front lines of education across the state of Oklahoma.
We're identifying where they might have interests, and we're trying to figure out how to tailor some
programs to those schools. Help me understand where things stand when it comes to Oklahoma.
It's easy to talk about different states in the nation
being haves or have-nots and being ahead or behind. Where does Oklahoma sit on the spectrum
of exposing kids and bringing them up to speed when it comes to cyber?
Yeah, I think the recognition is that Oklahoma has put some investment into getting out of the bottom tier of our nation.
And part of that is the mandate for my institute.
Give us some funds.
Give us some teachers.
Develop a framework.
Make contact with those teachers in the classrooms and look to build out.
So we're doing that by a number of
things. We're creating cyber camps. We're getting into local community centers. We're developing
STEM classes and looking for opportunities to find new students. Interestingly, we note that
a lot of those students are not necessarily in classrooms anymore.
There is a large homeschool community here in Oklahoma.
We have some rural districts that embrace the homeschool community.
And so we're working with those parents to create some virtual classes for their students,
link them with resource kits for families,
and provide the parents with some cyber training themselves.
What is it that makes the University of Tulsa the right choice to be home to this initiative?
Well, across the state of Oklahoma and, quite frankly, across the nation, the University
of Tulsa is a recognized leader in cybersecurity.
We have provided, through our Cyber Corps program, a direct beeline of graduates into the National Security Agency and the U.S. Cyber Command for over 20 years now.
So we're a recognized program. We're a top 25 ranked capability.
We have a bunch of great researchers,
faculty, PhD students
that are looking at making cybersecurity
and Tulsa that much better.
And so that's why Tulsa is,
is we have a distinguished staff and faculty
ready to, ready to support us. You know, it strikes me that in addition to the, the educational
opportunities here, that a lot of this is inspiration. It's, it's getting these kids
to understand that all of this is within the realm of possibility for them. Boy, that's a fantastic word, Dave. And that's right back to meaningful purpose for me of
finding a way to find a mission on a daily basis. It is about inspiring the youth of the future
into the cybersecurity workforce, perhaps, but certainly to put their impact on the digital society that we're
building. Let me just offer a couple of statistics associated with that, and I think these are very
interesting to understand. The global cyber workforce, for example, grew to 4.7 million
professionals in 2022, and that is actually up 11% from 2021. And so you can see a rapid increase
in the number of workforce needs that are out there. How bad are the needs? Well, actually,
October of 2023, so just a year ago this time, there were nearly 600,000 job openings in cybersecurity, and only 68% of those open jobs were filled.
And so there is not only a need, but there's a vacancy.
And so we're trying to close that gap.
You know, I imagine there are a lot of places of higher learning.
Educational establishments are going to look to what you all are doing
there at University of Tulsa with this Oklahoma Cyber Innovation Institute and sit up and
take notice and look at it as inspiration, the combination of the types of funding that
you've gone for, the programs you're putting in place here.
Do you have any words of wisdom or guidance for those other organizations,
those other institutes who are looking at you all for inspiration?
Well, that's a fantastic question, Dave, and one that I very much appreciate. What I will tell you is that we're not doing this alone. There are other remarkable institutions that are out there
trying to figure out how to take a look at the challenge that is out there,
develop their own NIST and NICE standards and curriculum, and get those out. So the University
of Tulsa is very much a collaborator. We are well involved with some of the ongoing national
dialogues regarding workforce development. We have had conversations with the White House's
Office of the National Cyber Director. We have been at some of the different forums around the
nation where we look at best practices and who has gained some ground based on an initiative
that they came up with. And we are rapidly looking at how do we bring that into the state of Oklahoma.
And likewise, we're looking to develop our own initiatives, and then we will be willing
sharers of that information to help all boats rise and to tackle this for our nation as a whole.
What's the bottom line here? I mean, as you look towards these kids who are in the classrooms, what do you hope they get out of the program?
Well, what we hope for very much is an understanding that cyber impacts everyone, young and old alike.
This is the digital society that we're building.
And so society will not only get more digital, but it'll also get more connected as we move forward.
We will choose to focus on the future, which we believe is our kids.
And so we want cybersecurity to be as unique and responsive and automatic as saying please and thank you and looking both ways before you cross the street,
and putting on your seatbelt when you get into the car. How do we make these automatics for the youth of America? That's how we become a cyber secure nation moving forward.
That's Chad Radigie, Executive Director of the Oklahoma Cyber Innovation Institute at the
University of Tulsa.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And finally, Krebs on Security chronicles an absolutely bonkers mix of cybercrime and corruption straight out of a pulp novel.
A California man, Adam Iza, also known as The Godfather,
is accused of not only dodging taxes on millions allegedly earned from cybercrime,
but also paying off local cops to
help intimidate rivals. ISA, co-owner of the cryptocurrency platform Zort, reportedly spent
investors' money on luxury cars, jewelry, and even leg-lengthening surgery. I swear I am not making
this up. According to the FBI,
Isa hired Los Angeles Sheriff's Department officers
to help him extort former business partners,
some of whom were tied to the notorious hacker group UGNATSI.
One incident involved trying to steal a laptop full of cryptocurrency,
while another involved kidnapping attempts.
Isa allegedly paid these officers $280,000 a month for their services,
like forcing rivals to hand over assets.
Issa's scheme came to light after he stiffed a private investigator,
triggering a cascade of lawsuits and criminal investigations.
His girlfriend, also allegedly involved,
is now dating the star of reality TV show Love Island.
This tale has everything.
Crypto, hackers, corrupt cops, and reality show romance.
With corrupt deputies, stolen millions, and custom legs,
this saga truly stretches the limits of what we thought possible in cybercrime.
And that's the Cyber Wire. We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing
world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement
agencies. N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design
by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
A program note,
we're taking a break from publishing
this Wednesday and Thursday
for some internal company meetings.
We'll be back on our regular schedule starting this Friday.
We'll see you then. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.