CyberWire Daily - From deadlock to debate on a revised Section 702 bill.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout. That's JoinDeleteMe.com slash N2K, code N2K. The House moves forward on Section 702 reauthorization. Ukraine suspends a top cybersecurity official.

Starting point is 00:01:38 A Wisconsin health co-op suffers a data breach. Sophos uncovers a malicious backdoor. Fortinet issues patches for critical and high-severity vulnerabilities. A Microsoft server exposed employee passwords, keys, and credentials. LG releases patches to secure smart TVs. The IMF warns of cyber attacks' potential

Starting point is 00:01:59 to trigger bank runs. It was a busy Patch Tuesday. In our Learning Layers segment, Sam Meisenberg and Joe Kerrigan continue their discussion of Joe's CISSP study journey and how to avoid frustration when you get a practice question wrong. And X marks the spot where Elon's impulsiveness turns chaotic. It's Wednesday, April 10th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here today. It is great to have you with us. The House Rules Committee has moved forward a revised bill to reauthorize the controversial Section 702 of the Foreign Intelligence Surveillance Act, breaking a long deadlock among Republicans.

Starting point is 00:03:06 This program permits warrantless surveillance of foreigners' communications outside the U.S., but can also inadvertently collect Americans' data. The vote was 9-2, setting the stage for a House vote on several amendments, including one requiring warrants to search Americans' information, a provision opposed by the Biden administration. Additionally, the bill proposes using Section 702 data for foreign traveler vetting and formalizes a ban on certain types of digital communication collection. Despite progress, uncertainty remains, especially after former President Trump's call to kill FISA, as well as discontent over not voting on closing data brokers' loopholes, which might be addressed separately.

Starting point is 00:03:55 The head of Ukraine's Security Service Cybersecurity Department, Ilya Vituik, has been suspended and reassigned to combat duty following an investigative report by a Ukrainian news organization. The report questioned the affordability of a property owned by Vituik's family, suggesting his official salary wouldn't cover the cost. Following the story, there were allegations of retaliatory actions against the journalist responsible, with claims of military draft enforcement being used as punishment. The SBU is investigating these allegations, but has not commented on Vituik's case. Vituik is generally well-respected for his insights into cybersecurity.

Starting point is 00:04:40 This incident follows the dismissal of other Ukrainian cybersecurity officials for suspected financial misconduct. Group Health Cooperative of South Central Wisconsin is notifying over 530,000 individuals about a data breach from a ransomware attack on January 25th. Although no ransomware was deployed to encrypt files, attackers exfiltrated personal and health information, including Social Security and Medicare numbers. The breach was revealed when a foreign ransomware gang claimed responsibility. GHCSCW, which has worked with the FBI and CISA, has no evidence the stolen information has been misused.

Starting point is 00:05:23 In response, the organization says they have enhanced their security measures. The Black Suit ransomware gang, potentially linked to the Royal Ransomware Group, known for targeting over 350 organizations, has listed GHC-SCW as a victim on its site. The U.S. Health Department has warned healthcare entities about BlackSuit, emphasizing its aggressive focus on the healthcare sector. The team at Sophos XOps discovered a malicious file signed with a valid Microsoft Hardware Publisher Certificate, masquerading as Catalog Authentication Client Services by Catalog Talus.

Starting point is 00:06:10 Initial suspicions were raised due to typos in the file's version information. Further investigation linked the file to Android screen mirroring software, described as marketing software capable of controlling mobile phones en masse. The file, identified as a malicious backdoor, was originally published by Hainan Yuhu Technology. Sophos Xops found no direct evidence of deliberate involvement of the company who made the Android screen mirroring software, but advised caution when downloading or using their product. The malware included a proxy server, 3Proxy, indicating intent to monitor and intercept network traffic. Sophos Xops reported the backdoor and related findings to Microsoft, leading to the revocation of the compromised files. This incident underscores the ongoing abuse of Microsoft's Windows hardware compatibility program by threat actors.

Starting point is 00:07:03 Windows hardware compatibility program by threat actors. Fortinet has issued patches and advisories for critical and high-severity vulnerabilities across its FortiOS, FortiProxy, and FortiClient products targeting Linux and Mac platforms. The most critical issue found in FortiClient for Linux allows remote code execution through a code injection vulnerability when a user is lured to a malicious website. This affects multiple versions of FortiClient Linux. Another significant flaw in FortiOS and Fortiproxy could let attackers obtain administrator credentials under specific conditions via an SSL VPN. Additionally, too high severity vulnerabilities in FortiClient for Mac could allow local execution of arbitrary code or commands by manipulating the installation process.

Starting point is 00:07:55 Fortinet has not reported if these vulnerabilities have been exploited in the wild. Microsoft secured an Azure-hosted server last month that inadvertently exposed employee passwords, keys, and credentials. SOC radar researchers found that this server, linked to Microsoft's Bing, was accessible online without password protection, containing various security credentials within scripts, codes, and configuration files. various security credentials within scripts, codes, and configuration files. This vulnerability could have led to significant data leaks or compromises of Microsoft's services. Although Microsoft addressed this issue on March 5th after being notified on February 6th, it's uncertain if the server was accessed by unauthorized parties. This incident adds to Microsoft's recent security challenges,

Starting point is 00:08:46 including criticism for its security practices and previous breaches. Microsoft is reportedly overhauling its security measures in response to these concerns. We note that Microsoft is an N2K CyberWire partner, but we cover them just like we would any other company. Researchers from Bitdefender discovered four vulnerabilities in LG TVs running webOS versions 4 through 7, with 3 rated as severe. These flaws could enable hackers to add unauthorized users, gain elevated access, deploy malware, and potentially infiltrate smart home networks. One allows attackers to bypass PIN verification in the LG ThinkQ app to create privileged profiles, enhancing their access and attack capabilities.

Starting point is 00:09:35 Another facilitates full device takeover, while others could be exploited to insert malware or monitor traffic. Initially, over 91,000 devices were reportedly exposed globally. LG has confirmed these vulnerabilities and released patches on March 22. The International Monetary Fund, the IMF, reports that cyberattacks have cost the financial sector about $12 billion over the past two decades, highlighting the growing threat these incidents pose to global financial stability. The IMF's Global Financial Stability Report reveals that extreme losses from cyber incidents have increased fourfold since 2017 to $2.5 billion.

Starting point is 00:10:21 Financial institutions, particularly banks, are highly vulnerable due to the vast amounts of sensitive data and transactions they process. The sector has experienced over 20,000 cyberattacks, leading to significant economic and reputational damage. The IMF warns of potential bank runs following cyberattacks, suggesting that even the perception of insecurity can lead to destabilizing customer actions, like mass withdrawals. The report emphasizes the need for improved cybersecurity strategies and regulations,

Starting point is 00:10:56 especially with the increasing reliance on third-party IT and emerging technologies like AI. Yesterday was Patch Tuesday, and among the best reviews of Microsoft's monthly release comes from our partner and Dean of Research at the SANS Technology Institute, Johannes Ulrich. This update addresses 157 vulnerabilities, including seven affecting Microsoft Edge through Chromium

Starting point is 00:11:23 and three deemed critical. Notably, one vulnerability, a proxy driver spoofing issue, was previously disclosed and exploited. A trio of critical vulnerabilities affect Microsoft Defender for IoT, enabling remote code execution. Additionally, the update patches around 40 important rated remote code execution vulnerabilities in Microsoft OLE driver for SQL Server, targeting clients that connect to malicious SQL servers. Furthermore, seven important vulnerabilities in the DNS server service were patched, requiring perfect timing for exploitation to achieve remote code execution. We'll have a link to Johannes Ulrich's rundown in our show notes. Coming up next on our Learning Layers segment, Sam Meisenberg and Joe Kerrigan continue their

Starting point is 00:12:21 discussion of Joe's CISSP journey. Stay with us. Transat presents a couple trying to beat the winter blues. We could try hot yoga. Too sweaty. We could go skating. Too icy. We could book a vacation. Like somewhere hot. Yeah, with pools. And a spa. And endless snacks. Yes!

Starting point is 00:12:52 Yes! Yes! With savings of up to 40% on Transat self-packages, it's easy to say, so long to winter. Visit Transat.com or contact your Marlin travel professional for details. Conditions apply. Air Transat. Travel moves us. Do you know the status of your compliance controls right now? Like, right now.

Starting point is 00:13:16 We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,

Starting point is 00:13:49 and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses

Starting point is 00:14:24 is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io. On our latest Learning Layers segment, hosts Sam Meisenberg and Joe Kerrigan continue their discussion of Joe's CISSP study journey

Starting point is 00:15:12 and how to avoid frustration when you get a practice question wrong. Welcome back to another Learning Layer segment. On this segment, we are continuing our conversation with Joe Kerrigan as he gets ready for his CISSP exam. So, Joe, here we are. You, in the last time that we talked, you actually did some studying. I did, yeah. Actually used the system. Nice. You used the system. The learning management system. So, or all the cool kids call it the LMS. LMS, right. So, as if there's not enough acronyms, you know. Yeah. That's why we need more TLAs. Yeah, exactly.

Starting point is 00:16:08 So, how did it go? What did you do? How are you feeling after having a domain under your belt? Pretty good. Pretty good. So, I started with domain one because I wanted to do them in order. Now, in the diagnostic, I said I got a 70 on the test. So, I actually didn't do the reading.

Starting point is 00:16:25 Okay. Because it's a lot of pages of reading for the first domain. I just started with the short videos. And in the short videos, while watching the short videos, on one side, I would have them on one monitor, and off to the side, I would have another monitor with a Google Doc. Nice. have them on one monitor and off to the side, I would have another monitor with a Google Doc.

Starting point is 00:16:52 Nice. I have a, in my Google Drive, I have a folder that's just CISSP notes. And I created a document called Domain 1 Security and Risk Management. And I just started taking notes in that document. So I would have a big header that was talking about that specific topic and then have regular-sized headers underneath for each video. And then I would bold important points inside of the text as I'm taking the notes. So for those of you who are sort of listening and following along at home, I think the big takeaway that Joe's doing well is sort of engaging with the material as you're watching it. So you don't want to watch this video library like you're watching Netflix, or you don't want

Starting point is 00:17:31 to read the textbook like you're reading a Harry Potter novel. No, I don't think that's a good idea. Right. Or else it's just going to pass over you. It's like osmosis, in and out. You have to actively engage with the material. Right. So, Joe, after you did the material, you sat through it, you took notes, you digested it, reworded it, did you re-quiz or re-test yourself on that material? And if so, how'd you do? I did.

Starting point is 00:17:56 First, I watched the big lecture. Okay. I set some time aside from that. I printed out the notes that come along with it. The lesson book? The lesson book, yes. That's what it's called. Look, there's no official word for it, whatever works for you. I know what you're talking about, though. And I took some notes on that. And then after finishing that, I took the quiz or the end of the unit quiz, and I got an 85%. Great. That's good. Which is an

Starting point is 00:18:21 improvement from 70%. Sure. Which I would consider to be acceptable. I would consider 85 to be good enough to consider the material learned, or at least learned enough at the end of the classes or the lectures. And that's the key I want to hone in on because I think the timing matters, right? So you obviously sound like you did the quiz in short order after going through material. The material is fresh in your brain. Right. I did wait a little bit. I waited probably six hours between the two.

Starting point is 00:18:53 Great. It was on a Saturday. Yeah, there you go. So I think that that makes sense. It's a good score. It means you were able to follow all the material and retain some of it. But the key is to kind of keep spacing that time out

Starting point is 00:19:06 when you take the quiz. So maybe day one, it's six hours, but then you can use the QBank and in 48 hours, you take another quiz on domain one to see if you can retain that information. And then you, as you're studying domain four, you also want to go back to domain one

Starting point is 00:19:20 and take another quiz. Just again, make sure that information is staying fresh and you can actually move it to your long-term memory. So it's kind of like a continuous process. I'll be doing that. Yes. Because testing is also almost, is a pretty good learning experience as well. With immediate feedback and you can go back and see where your weaknesses are and immediately, you can learn the material that you missed right away. Absolutely. And I think that's also a really good perspective to have on it. You were saying that I think you're a good test taker because you have that perspective.

Starting point is 00:19:49 You have to have that same perspective in studying too, in the sense where you just said, think of it as a interesting data point about yourself. A wrong question is not a bad thing. A wrong question is learning about yourself and an opportunity to learn the material. So get excited. Try to get motivated, try to reframe it like, oh, I'm not frustrated I got it wrong. This is an opportunity for me to learn that I got it wrong and learn how to get it right the next time. So Joe, sounds like you have a pretty good path forward. Right. Get ready, buckle up because domain two is a little bit weaker from your diagnostic assessment. That's

Starting point is 00:20:22 correct. I didn't do as well on the diagnostic with domain 2. Which is surprising to me. I thought I would have done a lot better with assets, but I didn't. Yeah, it's one of those things, right? Because sometimes your real-world experiences always translate to the test world. Right. So next time we talk, we will keep going with your journey, and we'll talk a little bit more about domain 2,

Starting point is 00:20:43 or at least conceptually how to wrestle with a domain that's a little bit harder to grasp. Excellent. That's my Hacking Humans co-host Joe Kerrigan, joined by our Learning Layer host, Sam Meisenberg. Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. And finally, Elon Musk, in what we can only speculate was a characteristic spur-of-the-moment decision, renamed Twitter to X last summer. Despite this, the world, including official pages on the platform itself,

Starting point is 00:22:29 stubbornly clings to Twitter as its name. We refer to it as X Twitter, trying to straddle clarity and practicality. Attempting a forceful push towards the new branding, X's iOS app started covertly changing mentions of Twitter.com to X.com in user posts, without user consent. This hasty move spiraled into a debacle. Imagine for a moment someone owns Netflitwitter.com. Under Musk's erratic change, posting this on X morphs it into Netflix.com, a golden ticket for phishing scams. Realizing the potential havoc, vigilant users quickly snagged such domains to avert disaster, one even setting up a warning page on Netflitwitter.com.

Starting point is 00:23:23 setting up a warning page on netflatwitter.com. X Twitter scrambled to patch this mess, but the fix was partial, leaving many references still forcibly changed from twitter.com to x.com. This not only oversteps by modifying user content without permission, but also underlines a risky underestimation of the change's implications,

Starting point is 00:23:44 demonstrating yet another instance of Musk's impulsive decision-making wreaking unnecessary confusion. The irony? X.com still redirects to Twitter.com, a fitting emblem of this chaotic rebranding effort. rebranding effort. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast.

Starting point is 00:24:21 You can email us at cyberwire at n2k.com. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people. Thank you. by Elliot Peltzman. Our executive producers are Jennifer Iben and Brandon Karp. Our executive editor is Peter Kilpie, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.

Starting point is 00:25:43 Learn more at ai.domo.com. That's ai.domo.com.

CyberWire Daily - From deadlock to debate on a revised Section 702 bill.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.