CyberWire Daily - Mic, camera, and more at risk.
Episode Date: August 19, 2024Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google te...sts an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody’s likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome Tim Starks of CyberScoop back to discuss his story "Russian hacking campaign targets rights groups, media, former US ambassador." Selected Reading Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras (The Record) OpenAI Disrupts Iranian Misinformation Campaign (The New York Times) 100,000 Impacted by Jewish Home Lifecare Data Breach (SecurityWeek) Chrome will redact credit cards, passwords when you share Android screen (Bleeping Computer) Crypto firm says hacker locked all employees out of Google products for four days (The Record) House lawmakers push Commerce Department to probe Chinese Wi-Fi router company (CyberScoop) Moody's sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly’ (Industrial Cyber) The movement to diversify Silicon Valley is crumbling amid attacks on DEI (Washington Post) Google’s Stunning New Android AI Feature Instantly Locks Phone Thieves Out (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Cisco Talos uncovers vulnerabilities in Microsoft applications for macOS.
OpenAI disrupts an Iranian influence campaign.
Jewish Home Life Care discloses a data breach affecting over 100,000.
Google tests an auto-redaction feature in Chrome for Android.
Unicoin informs the SEC that it was locked out of G Suite for four days.
House lawmakers raise concerns over China-made Wi-Fi routers.
Moody's likens the switch to post-quantum cryptography to the Y2K bug.
Diversity-focused tech nonprofits grapple with flagging support.
Tim Starks of CyberScoop is back to discuss his investigation
of a Russian hacking group targeting human rights groups.
And smartphones get some street smarts.
It's Monday, August 19th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Happy Monday, and thank you for joining us here today.
Researchers from Cisco Talos discovered eight vulnerabilities
in various Microsoft applications for macOS,
including Teams, Outlook, Word,
PowerPoint, OneNote, and Excel.
These flaws could allow attackers
to access users' microphones,
cameras, screen recordings, and more
if the apps have been previously granted permission.
The vulnerabilities stem from Microsoft's use of a specific entitlement that disables some
protections in macOS's hardened runtime, which defends against risky library injections.
This entitlement, intended for loading third-party plugins, is reportedly unnecessary since the only plugins used by these apps are
web-based Office add-ins. While Microsoft considers these issues low-risk, they have
updated Teams and OneNote to remove the entitlement, but Excel, Outlook, PowerPoint,
and Word remain vulnerable. These vulnerabilities could enable attackers to exploit the app's permissions without alerting users.
OpenAI recently uncovered and disrupted an Iranian influence campaign
that used its generative AI technologies, like ChatGPT, to spread misinformation online.
The campaign, dubbed Storm2035, aimed to influence various topics, including the U.S. presidential election,
by generating and posting content on social media and websites. Despite the sophisticated use of AI,
OpenAI reported that the campaign did not gain significant traction or engagement from real
users. The company has since banned several accounts linked to the effort. This
incident highlights the growing concerns about the potential misuse of generative AI in spreading
disinformation, particularly during election periods. OpenAI has previously identified and
disrupted other similar campaigns from state actors and private entities in countries like
Russia, China, and Israel,
all attempting to sway public opinion using AI-generated content.
Jewish Home Life Care, a New York City-based nonprofit healthcare organization
now known as The New Jewish Home,
disclosed that a data breach affected over 104,000 individuals earlier this year.
The breach,
discovered on January 7th, involved unauthorized access to sensitive information, including names,
addresses, social security numbers, financial details, and medical records. Despite no evidence
of misuse, the organization is offering complementary credit monitoring to those affected.
The organization is offering complimentary credit monitoring to those affected.
The ransomware group Alpha, also known as Black Cat,
claimed responsibility for the attack in February,
alleging they had accessed various sensitive documents.
However, it's unclear if these files were ever publicly released as Black Cat's operations ceased in early March following a law enforcement crackdown.
Google is testing a new feature in Chrome for Android that will automatically redact
sensitive information, like credit card details and passwords, when you're sharing or recording
your screen. This feature, currently in an experimental phase, is designed to address
the issue of unintentionally exposing sensitive data
during screen sharing or recording.
While Chrome already blocks screen capture in incognito mode,
this new feature extends protection to regular tabs
by redacting the entire content area if sensitive form fields are detected.
The feature is not yet functional,
but it will be available for testing
in Chrome Canary in the coming weeks. Unicoin, a prominent cryptocurrency company,
reported to the SEC that a hacker breached its systems on August 9th, gaining control of the
company's Google G Suite accounts and locking out all employees. The hack left employees without access for nearly four days
until the company regained control on August 13th.
Unicoin is still investigating the incident to assess the full impact,
including discrepancies found in employee and contractor data.
Although no money or digital assets appear to have been stolen,
traces of hacked messages were discovered in certain managers' email accounts.
The company also terminated a contractor who had forged their identity, though it's unclear if this is linked to North Korean hacking schemes.
This attack highlights ongoing concerns about North Korean cyber activities, which have resulted in significant thefts from cryptocurrency companies worldwide.
Top lawmakers on the House Select Committee on U.S.-China Issues are urging the Commerce Department to investigate TP-Link Technologies,
a Chinese company that produces widely used Wi-Fi routers in the U.S.
widely used Wi-Fi routers in the U.S. Representatives John Moulinar and Raja Krishnamoorthi raised concerns in a letter to Commerce Secretary Gina Raimondo highlighting potential national
security risks. They noted that TP-Link's routers are commonly used in U.S. homes and military bases,
and the company's compliance with Chinese laws could expose these devices to exploitation
by the Chinese government for cyber attacks.
The lawmakers referenced industry reports indicating TP-Link routers
have been targeted by Chinese hacking groups in malicious campaigns.
They requested a response by the end of the month,
assessing the security risks and how existing authorities could address them.
New research from Moody's warns that advances in quantum computing will eventually threaten
current encryption methods, necessitating a costly and lengthy transition to post-quantum
cryptography, PQC. The transition, focusing on asymmetric encryption encryption could take 10 to 15 years due to operational challenges,
including updating hard-to-reach devices like satellites and legacy systems.
The shift is compared to the Y2K bug in terms of scale and complexity, although the cost is hard to estimate.
Quantum computing could break existing encryption methods using algorithms like
Shores, posing a significant risk to data security. Despite challenges in error correction,
scalability, and talent shortages, Moody's urges swift adoption of quantum-resistant algorithms
to protect against future threats, emphasizing the importance of international cooperation in quantum science
and technology. A story in the Washington Post tells the tale of Girls in Tech, a non-profit
organization dedicated to increasing the representation of women in the tech industry.
It was once a Silicon Valley success story. Founded in 2007 by Adriana Gastioni, the organization quickly
became a darling of the tech world, attracting major corporate partnerships and growing its
membership to 130,000. However, by late 2023, the organization faced an unexpected and rapid decline,
leading to its dissolution in July. The turning point came when five key
corporate donors abruptly pulled their funding within a single week, citing economic uncertainties
and market turbulence. This financial blow left girls in tech struggling to stay afloat.
Gascogne, in a desperate bid to save the organization, considered merging with Women Who Code,
another nonprofit with a similar mission that had strong backing from tech giants like Microsoft, Google, and Boeing.
However, just days after discussing the possibility with her board,
Women Who Code also shut down, leaving Gascogne with no viable options.
leaving Gascony with no viable options.
The collapse of girls in tech is symptomatic of a broader retreat from diversity, equity, and inclusion initiatives across the tech industry.
These initiatives, once heavily promoted by companies
as part of their commitment to diversifying a workforce
dominated by white and Asian men,
have come under increasing political and financial pressure.
Despite the initial optimism surrounding these initiatives, the demographics of the tech
industry have remained largely stagnant.
According to the U.S. Department of Labor, women made up just 26% of the workforce in
STEM fields in 2022, a mere one percentage point increase since the year 2000.
a mere one percentage point increase since the year 2000.
At Google, the percentage of black employees in the U.S.
rose by only 2.4 percentage points between 2019 and 2024,
leaving them still unrepresented at less than 6% of the company's workforce.
Critics argue that DEI programs have often failed to address the deeper systemic issues within tech
companies. Some diversity consultants have noted that as tech companies lay off DEI teams,
they are also offering fewer contracts to external consultants who are crucial in supporting these
efforts. The overall climate has made it difficult for non-profits like Girls in Tech to sustain their operations,
as corporate leaders quietly withdraw their support.
The retreat from DEI initiatives in the tech industry reflects a broader shift in how companies view these programs.
What was once seen as a critical effort to diversify the tech workforce is now increasingly viewed through a political lens, leading to reduced funding and support.
increasingly viewed through a political lens, leading to reduced funding and support. The collapse of girls in tech and similar organizations underscores the fragile nature of diversity
efforts in an industry still grappling with deep-seated disparities.
Coming up after the break, Tim Starks from CyberScoop joins us
to discuss his investigation of a Russian hacking group targeting human rights groups.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation
to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize
key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and
their families at home. Black Cloak's award-winning digital executive protection platform secures
their personal devices, home networks, and connected lives. Because when executives are
compromised at home, your company is at risk. In fact, over one-third of new members discover
they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
It is always my pleasure to welcome back to the show Tim Starks.
He is a senior reporter at CyberScoop.
Tim, great to have you back.
And it is always my pleasure to be back.
Well, I want to talk about the story that you recently posted over on CyberScoop. This is titled Russian Hacking Campaign Targets Rights Groups Media Former U.S. Ambassador.
What drew you to this story here, Tim?
Yeah, it was obviously Russians hacking people
that they don't like isn't that new.
I think what I found most compelling about this
is the way they did it.
It was a very, not technically sophisticated campaign,
but sophisticated in the sense that they really knew
who they were going for.
They pretended to be acquaintances, friends, even family when they were going after the people they were going after with their lures. And there were some compromises,
or at least the people who clicked on the links. It was a reminder that with all the
things going on with Iran and going after our presidential campaigns, that Russia remains a big player in that space.
Well, let's fly up to a little higher level here. Can you describe to me exactly what Russia was after here with this campaign?
Yeah, so this was research from Access Now
and the
University of
Toronto's
Citizen Lab.
This is a
group that is
affiliated with
the FSB,
the Russian
Security Agency.
Well, one of
the groups.
There was
another group
as well that
appears to be
new, but
still to be
determined on
exactly who
they are.
We had
Cold River and we had Cold Wastrel,
which is a great name, I think.
But ultimately, they were going after the same kind of targets
and using the same kind of similar techniques.
And basically, if you were an enemy of Russia,
this group was going after you.
We're talking about media outlets.
We're talking about, as you mentioned,
the former U.S. ambassador to Ukraine. We're talking about civil rights groups, civil liberties groups, civil society groups that were active on pursuing Russian corruption.
interested in was just gathering intelligence, but also maybe potentially hacking and leaking is some of the fears of one of the groups I talked to that got targeted. And also maybe using
if they were able to compromise anybody, using those credentials to
continue to fake emails that would lure other people.
Is this campaign particularly brazen by Russian standards? You know, they stay pretty
brazen, don't they? I don't think it was particularly brazen. It was similar targeting
we've seen from them. But I think, again, what really stuck out to me was the techniques that
were pretty advanced. But in terms of who they're going after, they don't have a lot of hesitation about going after groups like this.
This is very much part and parcel.
Well, let's talk some about the techniques.
What were they doing here?
Yeah, so they were using ProtonMail,
which is another thing that was kind of interesting.
They were using a very kind of email that is known for being encrypted secure.
The lures that were designed to get people to click on a PDF
that would lead to a fake login page.
But I think I mentioned there was a publisher
of one of the organizations that I talked to,
and I feel bad because I don't want to mispronounce the name
of the organization, Prokt, I believe,
an investigative news site that reports on Russian government stuff. and I feel bad because I don't want to mispronounce the name of the organization, Prokt, I believe,
an investigative news site that reports on Russian government stuff.
They got an email from someone from another purported news organization.
The idea was to discuss a partnership they already had.
And the email was offering a presentation for a new project. The idea was to get them to click on that,
and then the idea would be then to go drag them
to a fake login page where they'd enter their credentials.
Putting all this through the lens that, you know,
we are on final approach to the U.S. elections here,
how does this inform folks looking to defend us
from these sorts of things, given that reality?
Yeah, I mean, again, it's something of a reminder that there are still players.
I mean, we've heard a lot about Iran and what it's been doing with the Trump campaign
and targeting the Biden-Harris, now Harris campaign.
But Russia's the OG of this in a certain way, right?
Going after campaigns and going after the elections,
going back to 2016 and even before.
Similar tactics, similar objectives.
The Hacken Lake thing is very dangerous.
We've seen it before,
that it can really potentially influence an outcome of an election.
And I think it was John Scott Railton who said to me in the story that this is a reminder that no matter how much you call them out, no matter how much you say they're doing this, they're going to keep coming and we have an election coming up.
And that's just a thing we need to be on the lookout for. Yeah. Well, the article, again, is titled Russian
Hacking Campaign Targets Rights Group's Media Former U.S. Ambassador. It is over on CyberScoop
where Tim Starks is a senior reporter. Tim, thanks so much for taking the time for us. Thanks, Dave. Thank you. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, imagine if your smartphone could outsmart a thief in the act.
Well, Google's new AI-powered theft detection lock feature is about to make that a reality.
Rolling out to Android 10 and later devices,
this nifty tool uses AI to sense when your phone's been snatched,
like Sherlock Holmes, but faster, instantly locking it down to keep your data safe.
It's like your phone knows when it's being kidnapped
and slams the door in the crook's face.
Initially teased back in May,
this feature is part of Google's anti-theft suite
designed to protect your device before, during, and after a theft.
It's currently being beta tested in Brazil,
with a global rollout to follow.
And for those who are extra cautious,
Android 15 will make it harder for thieves to factory reset your device
or access your sensitive apps.
So your smartphone won't just be smart, it'll be street smart.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast,
where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. We're privileged that N2K Cyber Wire
is part of the daily routine
of the most influential leaders and operators
in the public and private sector,
from the Fortune 500 to many of the world's
preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies
to optimize your biggest investment, your people.
We make you smarter about your teams
while making your team smarter.
Learn how at n2k.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with
original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp. Simone Petrella is our president. Peter Kilby is our
publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Thank you. that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.