CyberWire Daily - From secret chats to public spats.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.

Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.

Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.

Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Telegram's CEO is arrested by French police, presumably over moderation failures. A cyber attack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash.

Starting point is 00:02:19 Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe Radio Liberty looks at Iran's active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, senior manager for worldwide Specialists at AWS, and Adam McKeel, CISO at Texas A&M.

Starting point is 00:02:49 They spoke with N2K's Brandon Karp about CISO circles, security challenges faced in higher education, and fostering the culture of security. And pig butchering devastates a small-town bank. It's Monday, August 26, 2024. I'm Dave Bittner, and this is your you for joining us here today. Over the weekend, Telegram CEO Pavel Durov, a dual citizen of the UAE and France, was arrested by French police at Le Bourget airport. Durov, who founded Telegram in 2013, was detained under a warrant related to the app's moderation failures, including accusations of not curbing criminal activities on the platform. Telegram, popular in Russia and former Soviet states,

Starting point is 00:04:06 has faced criticism for weak moderation of extremist content. The arrest has sparked controversy, with some accusing the West of double standards on free speech. Much of the coverage of Durov's arrest points to the popularity of Telegram as an encrypted messaging app. But is it really? Johns Hopkins University professor and cryptographer Matthew Green addressed this question in a blog post. As Green points out, Telegram does offer encryption, but not by default. Unlike industry-standard messaging apps that use end-to-end encryption for all conversations, Telegram requires users to manually activate its Secret Chats feature to enable end-to-end encryption. This feature is only available for one-on-one chats and not for group conversations.

Starting point is 00:04:59 The process to start a secret chat is cumbersome, making it difficult for non-experts to use. As a result, most Telegram conversations are not end-to-end encrypted, leaving them potentially visible to Telegram servers and vulnerable to unauthorized access. Despite these limitations, Telegram markets itself as a secure messaging app, which has led to criticism. markets itself as a secure messaging app, which has led to criticism. Additionally, while encryption is important for privacy, metadata, such as who is communicating with whom and when, is not protected by end-to-end encryption and can still be collected by Telegram, posing another privacy concern. A cyber attack disrupted websites, email, and phone services at Seattle-Tacoma International Airport and the Port of Seattle over the weekend, impacting travel plans.

Starting point is 00:05:52 The attack, which began Saturday and continued into Sunday, led to manual baggage sorting for over 7,000 bags, delayed flights, and caused some airlines to handwrite boarding passes. The FBI and federal agencies are investigating the incident, but the attackers' intentions and whether any personal data was compromised remain unclear. Despite the disruptions, security operations continued, and most flights were unaffected. This incident follows previous warnings about the growing vulnerability of airline operations to cyberattacks due to increased reliance on interconnected systems. A non-password-protected database containing 31.5 million files was discovered by security

Starting point is 00:06:41 researcher Jeremiah Fowler, exposing business records from 2012 onward, including contracts, invoices, and personal data. The documents belonged to ServiceBridge, a franchise management software by GPS Insight. Sensitive information such as PII, medical records, and site audit reports were accessible, posing significant security and privacy risks. After a responsible disclosure, the database was restricted, but it's unclear

Starting point is 00:07:11 how long it was exposed or if others accessed it. The incident highlights the dangers of inadequate data protection and the potential for invoice fraud, especially affecting small businesses. The importance of encryption, access control, and secure data storage is emphasized by Jeremiah Fowler to prevent such exposures. Fowler says he does not imply any wrongdoing by ServiceBridge or GPS Insight, but aims to raise awareness of cybersecurity best practices. SonicWall has warned customers of a critical vulnerability in its SonicOS operating system

Starting point is 00:07:49 that could lead to unauthorized access or a firewall crash. The flaw affects SonicWall Gen5, Gen6, and Gen7 firewalls. Updates are available to fix the issue, and customers are urged to patch their systems promptly. Although no in-the-wild exploitation has been reported, similar vulnerabilities in SonicWall products have been exploited before. Around 650,000 SonicWall firewalls are Internet-exposed, with over 400,000 in the U.S. with over 400,000 in the U.S.

Starting point is 00:08:28 Dutch and French regulators fined Uber 290 million euros for failing to protect the privacy of EU drivers when transferring their data to U.S. servers. The data included sensitive information such as account details, licenses, location data, and even criminal and medical records. The fine follows a collective complaint from over 170 drivers with Dutch authorities, leading to the investigation due to Uber's EU headquarters in the Netherlands. Uber, previously fined 10 million euros for GDPR breaches, plans to appeal, calling the decision unjustified. The company argued that its data transfer process complied with GDPR during a period of legal uncertainty between the EU and U.S.

Starting point is 00:09:12 The fine highlights ongoing challenges in cross-border data transfers, despite the new data privacy framework established last year. Microsoft will host a cybersecurity conference on September 10th in Redmond, Washington, following the disastrous CrowdStrike software update in July that caused millions of Windows computers to crash, disrupting industries like airlines and logistics. The conference will gather cybersecurity firms, including CrowdStrike, to discuss preventing such incidents. Topics will include reducing reliance on kernel mode, which caused the widespread crashes, and exploring user mode, which offers more isolation.

Starting point is 00:09:54 The summit will also address adopting eBPF technology and memory-safe programming languages like Rust. Radio Free Europe Radio Liberty looks at Iran's active attempts to interfere in the upcoming U.S. presidential election through sophisticated campaigns involving hackers, phishing attacks, and AI-generated content on websites. Iran's goal is to fuel distrust in the U.S. democratic system and deepen social divisions iranian hackers have targeted the email accounts of both trump and harris with the suspected involvement of the islamic revolutionary guard corps additionally an iranian network known as storm 2035 operates multiple inauthentic news

Starting point is 00:10:39 sites aimed at polarizing u.s voters. These efforts mirror Russian tactics from the 2016 election and are intended to disrupt the election process and undermine its integrity. While both Republican and Democratic campaigns are targeted, experts suggest Iran may have a particular interest in preventing a second Trump term. The full impact of these actions remains unclear as the election approaches. An audit by the Department of Justice's Office of the Inspector General found significant weaknesses in the FBI's management and disposal of electronic storage media containing sensitive and classified information. Key issues include inadequate tracking of storage media, inconsistent labeling

Starting point is 00:11:27 of classification levels, and insufficient physical security during media destruction. The OIG recommended revising procedures to ensure proper tracking, labeling, and security of these materials. The FBI acknowledged the issues and is developing a new directive to address them, including plans to install protective cages and improve surveillance at storage facilities. The FBI is expected to provide updates on its corrective actions within 90 days. Coming up after the break, our guests, Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam McHale, CISO at Texas A&M. Stay with us. Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security,

Starting point is 00:12:38 but when it comes to our GRC programs, we rely on point-in-time checks. But get this. In our ERC programs, we rely on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting,

Starting point is 00:13:12 and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home. Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when

Starting point is 00:13:56 executives are compromised at home, your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io. Danielle Ruderman is Senior Manager for Worldwide Security Specialists at AWS, and Adam McKeel is CISO at Texas A&M. They recently sat down with N2K's Brandon Karf at the AWS Reinforce 2024 conference. They spoke about CISO circles, security challenges faced in higher education,

Starting point is 00:14:47 and fostering the culture of security. I am here today at AWS Reinforce with Danielle Ruderman, Senior Manager for Worldwide Security Specialists, and Adam Michael, the Chief Information Security Officer at Texas A&M. Danielle, Adam, so great to have you on the show. Thank you. Very happy to be here to talk about the CISO Circles. Thank you for having me. So, Danielle, could you give us a sense of the CISO Circles? What is the CISO Circle? How does it play out in reality on the ground? What's the value there?

Starting point is 00:15:23 Sure. So, the CISO Circles for AWS is a mechanism that we created for us to connect our AWS security leaders and our service team leaders directly with our customers, but directly with our customers in different countries, right? We really wanted to make sure that we were taking our leadership out to where the customers are. And this was really intended to be a trust-building activity. We wanted to learn from our customers, but we also wanted to create a space where our customer CISOs could interact with each other, because that's really where the value comes, is hearing these conversations customer CISOs could interact with each other. Because that's really where the value comes is hearing these conversations from CISOs in different industries, different businesses all be able to come together. And it's intended to be a learning opportunity, right? So the CISOs do learn from each other. And we're there to listen to be part of the conversation as well. And the big thing is that we do prioritize open discussion. And we make a

Starting point is 00:16:04 really big point about this. And it's a real that we do prioritize open discussion. And we make a really big point about this. And it's a real opportunity for people to be very real with each other, you know, talk about the real issues we're facing, and for us to share roadmap information, what we're thinking. So it's intended to be a very collaborative, safe space. And I think, I'm hoping we have achieved that for our customers. Well, Adam, curious from your perspective, what are those real issues that you might be facing? And your experience with the CISO circles would love to hear kind of how you've experienced it so far. You know, like anything else in our industry, those issues change over time.

Starting point is 00:16:35 So I've attended now two or three of the CISO circle events. Two were these cross-industry where we had CISOs from various sectors, right? And that was a year or two ago. So the most recent that I've attended was one that was focused on higher ed specifically. And obviously that being just in the past six months or so, generative AI came up, security around AI and machine learning, how we deal with the contractual issues that arise there. We talked about cultures of security, how we build that within our organizations. And also higher ed tends to lag a little bit behind a lot of other industries in terms of how we adopt new technology. So some of us are still dealing with issues of adopting cloud technologies, right? Things that

Starting point is 00:17:30 might be more common now in certain industries are still something we are moving into, cloud native application, things like that. I'd be curious, Adam, to pull the thread a little bit on what you just said, because you shared that you did host a circle at Texas A&M recently. And someone who's worked in higher ed myself and been around that world also, higher ed's mission has nothing to do with technology. Organizations tend to not focus on the security enterprise and the IT enterprise. And so you're working for an organization that's typically pretty focused on the students and the research part of the organization, if it's a research institute. So I'd be curious, your experience in that environment, how you've addressed security, how you've brought that into the community, into the culture, and then also lessons learned from

Starting point is 00:18:20 the CISO circle that you hosted at A&M. Right. Well, so yes, you're right. Technology isn't the focus, but like any other large enterprise, right, effort in 2024, you can't accomplish the things we want to accomplish in higher ed without very strong technology as its foundation and the infrastructure. And we are a very high research activity institution, $1.4 billion in research expenditure annually. We have a lot of students, 78,000 students this year. And that's just on our main campus. When you deal with that scale,

Starting point is 00:19:02 you have to have technology to enable the things you want to do. Even basic things like teaching in the classroom, dealing with student enrollment issues, the scheduling problem of 78,000 students across multiple thousand classes and sections in hundreds of individual rooms on campus in the various buildings. And being able to handle that requires a lot of technology infrastructure. So some of that's in the cloud, some of it's on-prem. We are constantly evaluating and looking at where is it appropriate for us to move to cloud workloads? Where do we need to keep things on-prem? And none of that even speaks to the research technology. Conducting research in any field, any field in 2024, it doesn't matter if it's, you know,

Starting point is 00:19:47 computer science or if it's physics or chemistry or even English in the humanities, it is conducted with technology. So our researchers can purchase cloud computing services from us through the main technology organization. So you've also mentioned this idea of culture of security. So I'm curious, Danielle, in your experience running CISO Circles and really managing this program, this global program at AWS, how do you see this idea of fostering culture of security? How do we do it as senior security executives in an effective way? Right. And I'll tell you a little bit of background. So the idea of culture of security

Starting point is 00:20:31 has been something that's been talked about at Amazon and AWS for a long time. Security is our top priority. And we've heard these stories and had these customer meetings. And so we decided to offer this to the CISO circles because it's just over time and something that's really resonated with customers. And the whole premise behind this, I want to give you like this idea, the phrase culture of security we use very deliberately instead of security culture, because culture of security is the idea that security is a priority for everybody in the company, right? Everyone. Whereas when we say security culture, we're talking about the culture of your security team itself. And both these things are very important.

Starting point is 00:21:05 But when we say culture of security, we mean, hey, you as a security leader, security owners, how are we scaling that responsibility out to the business so that security teams can do more with less? And that's really why the topic has resonated, especially today, is I haven't met a CISO or security team yet that feels they have enough resources. Sure.

Starting point is 00:21:21 And so a lot of these concepts and these mechanisms that live within that idea of culture of security are ways for CISOs and security teams to really push that responsibility out to the business and find ways to partner. So the security team can really be a partner and enabler to the business. Yeah, I completely agree with that formulation. You know, our security team, clearly we have our own culture and I work hard to develop that. But the difficult part is getting those ideas and beliefs and the things, priorities, the things that are important to us. How do we translate that back to the rest of the IT organization, much less the rest of our entire university as an organization, right? So there is no way we can accomplish all the things that I want to do. I can't move the needle on security within my organization if the only people thinking about security topics are my employees on my team.

Starting point is 00:22:11 I have to get that idea, I have to get that culture moved out into the rest of the technology organization. And so that's definitely on my mind a lot. And being able to talk about how you accomplish that with peers and learn from things that have been successful for them, that is very valuable. Danielle and Adam, so great to have you join us. Thank you for being here. Thank you. Appreciate the opportunity. Thank you so much. That's Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, along with Adam McKeel, CISO at Texas A&M. They were speaking with N2K's Brandon Karp.

Starting point is 00:23:04 Cyber threats are evolving every second, and staying ahead is more than just a challenge. Thank you. designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. To be continued... to over 24 years in prison for embezzling $47 million, all of which he sent to scammers in a pig-butchering crypto scheme. Haynes was so dazzled by the prospect of quick riches that he drained the bank, a local church, an investment club, and even his daughter's college fund, only to lose everything to the scam. His reckless wire transfers led to the collapse of

Starting point is 00:24:26 Heartland Tri-State Bank, leaving a small town reeling and shareholders wiped out. At his sentencing, Haynes offered a half-hearted apology, but the judge and his victims were unimpressed. Despite being duped, Haynes believed until the end that he could recover the money if only given more time, highlighting just how deep he was in over his head. The judge delivered a harsh sentence, reflecting the devastating impact of Haynes' actions on his community. It's a good reminder that scams can happen to anyone. Haynes' story is a cautionary tale that even those in positions of power and knowledge can fall victim to scams. And that's The Cyber Wire.

Starting point is 00:25:19 For links to all of today's stories, check out our daily briefing at thecyberwire.com. Don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show every week. You can find Grumpy Old Geeks where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. We're privileged that N2K CyberWire is part of the daily routine,

Starting point is 00:25:59 the most influential leaders and operators in the public and private sector from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Teltzman.

Starting point is 00:26:27 Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in.

Starting point is 00:27:07 With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

CyberWire Daily - From secret chats to public spats.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.