CyberWire Daily - Password snafu sparks election security questions.
Episode Date: October 30, 2024Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says... Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: The 9 Most In-Demand Professional Certifications You Can Get Right Now Selected Reading Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says (The New York Times) Election Threats Escalating as US Voters Flock to the Polls (BankInfo Security) Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (Bleeping Computer) Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability (Cyber Security News) Russian spies use remote desktop protocol files in unusual mass phishing drive (The Register) FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities (SecurityWeek) 0patch Blog: We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) (0patch) Recent Version of LightSpy iOS Malware Packs Destructive Capabilities (SecurityWeek) Lawsuits Accuse LinkedIn of Tracking Users' Health Info (GovInfo Security) Feds name a Russian accused of developing Redline (The Register) Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Colorado election officials downplay a partial password leak.
Over 22,000 cyber panel instances were targeted in a partial password leak.
Over 22,000 cyber panel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome.
Microsoft says Russia's SVR is conducting a wide-ranging phishing campaign.
The fake-call Android banking trojan gets advanced evasion and espionage capabilities.
A new zero-patch fix blocks malicious theme files.
iOS malware LightSpy adds destructive features.
LinkedIn faces class-action lawsuits over alleged privacy violations.
The U.S. charges a Russian national as part of Operation Magnus.
On this week's CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management certification.
And an ex-Disney staffer allegedly adds a side of sabotage to park menus.
It's Wednesday, October 30th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. Thanks for joining us here. It is great to have you with us.
A partial password leak for Colorado election machines discovered on the state's website
does not pose a threat to system security, according to the Colorado Secretary of State's office. The passwords, visible due to a
spreadsheet tab error, have reportedly been accessible since August but require physical
access to be usable. Colorado's voting machines remain offline and secured in rooms with badge
restricted entry and 24-7 camera surveillance. Additionally, two separate passwords are required for each machine,
held by different parties.
The leak, highlighted by Colorado GOP official Hope Scheppelman,
could fuel distrust or misinformation.
However, cybersecurity expert Chris Krebs noted that robust security layers
prevent any technical impact.
CISA has been notified to
monitor the situation. The breach echoes past election security concerns in Colorado,
where former official Tina Peters was sentenced to nine years in federal prison
over a 2020 voting machine breach. Over 50 million Americans have already cast their ballots,
while foreign interference efforts from Russia, China, and Iran have been largely contained,
according to the Foundation for Defense of Democracies.
Despite some influence campaigns, the U.S. is better prepared than in 2016
with real-time warnings and resources from agencies like CISA to counter disinformation.
and resources from agencies like CISA to counter disinformation.
Additionally, authorities are investigating physical threats after ballot box fires in Oregon and Washington.
Protections are in place to ensure impacted voters can recast their votes.
Over 22,000 cyber panel instances were targeted in a ransomware attack
exploiting a critical vulnerability,
allowing remote code execution with root access.
CyberPanel is an open-source web hosting control panel designed for managing websites and servers.
The flaw, disclosed by researcher Dreyand, involves three main issues,
defective authentication, command injection, and security filter bypass,
which together allow attackers to execute arbitrary commands on vulnerable servers.
The PISO ransomware, which surfaced in June of this year,
exploited these flaws, encrypting files on affected servers and leaving ransom notes.
affected servers and leaving ransom notes. Leak 9, a threat intelligence service, reported that almost half of the vulnerable servers were in the U.S., but their numbers quickly dropped as
attackers took them offline. Leak 9 has since released a decryptor for the ransomware, although
users are urged to back up data before using it to avoid potential corruption. Cyber panel users are strongly advised to apply the latest security patch on GitHub immediately.
Google has issued a critical security update for Chrome.
The update addresses two serious issues, an out-of-bounds write vulnerability in the
DAWN graphics system, potentially enabling remote code execution,
and a use-after-free flaw in WebRTC that could cause system crashes or breaches.
Users are advised to update Chrome immediately to mitigate the risks.
Microsoft has reported that Russia's SVR intelligence agency, via the Midnight Blizzard, also known as APT-29 or
Cozy Bear Group, is conducting a wide-ranging phishing campaign targeting governments,
NGOs, academia, and defense sectors. Unusual for this group, the campaign involves RDP
configuration file attachments, which, when executed, link victim systems to attacker-controlled
servers. This setup exposes local system resources like hard drives, peripherals, and even user
credentials, enabling malware installation and continued remote access. The phishing emails,
often in Ukrainian, impersonate Microsoft and other tech providers to appear legitimate.
This marks a shift for Midnight Blizzard, which typically conducts more targeted stealthy attacks.
Microsoft, CertUA, and Amazon have been tracking the campaign since its October 22nd start,
noting it may have been planned since August. Midnight Blizzard, responsible for previous breaches,
including a major Microsoft system breach exposing U.S. government emails,
often seeks sensitive data for Russian intelligence.
The fake-call Android banking trojan, primarily targeting South Korea,
has evolved with advanced evasion and espionage capabilities.
Distributed via phishing to prompt users to download a malicious APK,
FakeCall connects to a command-and-control server,
allowing attackers to intercept calls and redirect users to fraudulent numbers posing as banks,
where they request sensitive information.
Recent research by Zimperium's Z-Labs reveals increased complexity,
including encrypted code, Bluetooth and screen state monitoring,
and accessibility services enabling remote control over the device's interface.
This upgrade allows FakeCall to manipulate the device by simulating screen interactions,
fake call to manipulate the device by simulating screen interactions, uploading images, disabling Bluetooth, and setting itself as the default dialer. Researchers note the malware's sophisticated
techniques, resembling those in state-sponsored espionage, now enable attackers to create a
man-in-the-device scenario, jeopardizing not only individuals but also organizations and governments lacking
robust mobile protections.
Zeropatch has released free micropatches for Windows users to address a vulnerability in
theme files that can leak NTLM credentials simply by viewing a malicious theme file.
simply by viewing a malicious theme file.
Discovered during Microsoft's patch for CVE-2024-38030, this vulnerability stems from Windows theme files pointing to network paths,
inadvertently sending user credentials.
While Microsoft's patch for the related CVE issue used the pathisun UNC function to block network paths,
this was bypassed, prompting
ZeroPatch to create an additional
fix. The MicroPatch
applies to both legacy and updated
Windows Workstation versions,
offering free protection until
Microsoft releases an official patch.
Notably, ZeroPatch
does not support Windows Server,
where theme files require active application to pose a threat.
A recent iOS-targeted update to the LightSpy malware has expanded its plugin account from 12 to 28, adding destructive functions, according to ThreatFabric.
according to Threat Fabric.
Originally observed in 2020,
LightSpy targeted Hong Kong iPhones,
exploiting iOS vulnerabilities to access location,
call history, messages, and passwords.
The malware has since appeared in Android and macOS versions and recently targeted South Asia, likely India.
The latest iOS variant, which affects devices up to iOS 13.3, includes plugins
for data theft, device freezing, browser history wiping, file deletion, and Wi-Fi profile removal.
The non-persistent jailbreak used by attackers allows reboots to clear the malware, though
reinfection remains a risk. Evidence suggests a Chinese state-sponsored
group may be behind LightSpy. LinkedIn faces multiple class-action lawsuits in California
alleging privacy violations over its use of web tracking tools on medical websites.
The lawsuits claim LinkedIn's Insight tag tracked users' interactions on healthcare platforms,
including sensitive data on medical bookings without consent.
Plaintiffs include users of Spring Fertility, Therapy Match, and CityMD.
Allegedly, LinkedIn intercepted highly personal information,
including treatment types and patient sexual orientation. Co-defendants
Meta and Spring Fertility are accused of collaborating in this data interception.
These lawsuits echo broader concerns over social media trackers on healthcare websites,
as federal agencies like the FTC warn of potential HIPAA and privacy law violations.
Meanwhile, privacy experts advise
healthcare providers to avoid using tracking pixels on sensitive sites, given risks of
re-identifying users and data exposure. Recently, LinkedIn also faced a €310 million GDPR fine in
Ireland over similar privacy issues involving data tracking.
The U.S. has charged Russian national Maxim Rudomitov with creating and managing the
redline Infostealer malware used in millions of infections worldwide. Part of Operation Magnus,
an international effort led by Dutch police, the case details years of FBI investigations
that connected Rudamatov's online aliases and activities
across IP addresses, emails, social media, and gaming profiles.
The malware, sold as a malware-as-a-service,
collects sensitive data like credentials and financial information
from infected devices.
The FBI traced Rudamatov
through logs from Redline's licensing server, showing financial and IP links to his Yandex
email, iCloud, and Binance accounts. Though he faces up to 35 years in prison, Rudamatov
remains at large in Russia, limiting immediate enforcement possibilities.
Coming up after the break on our CertByte segment, Chris Hare and Dan Neville break
down a question targeting the Certified Associate in Project Management Certification. Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Because when executives are compromised at home, your company is at risk. Thank you. Learn more at blackcloak.io.
On our latest CertByte segment, Chris Hare, a content developer and project management specialist here at N2K,
is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management Certification. Hi, everyone. It's Chris. I'm a content developer and project management
specialist here at N2K Networks. I'm also your host for this week's edition of CertByte,
where I share a practice question from our suite of industry-leading content
and a study tip to help you achieve the professional certifications you need
to fast-track your career growth in IT,
cybersecurity, and project management.
Today's question targets the Certified Associate
in Project Management CAP-M 7th Edition exam.
It was updated in July 2023
to align with the PMP 7th Edition.
It's aimed at anyone interested
in learning the fundamentals of project management
or for anyone new to the profession.
Entrepreneur Media ranked the CAPM as the most in-demand professional certification.
My teammate Dan is here today as our new guest host.
Welcome, Dan. How are you today?
Well, I'm doing great, Chris. Thanks for having me.
Absolutely. So, Dan, what level of project management expertise would you say you are at?
Well, over my career, I've managed a whole lot of projects, but I don't have any formal training.
So, this is going to be a little bit interesting.
Yes, it will be. I promise you. So, Dan, before we get into the question, like I always do,
I'm going to share a 10-second
study bit for this exam for our listeners.
Given you're our CompTIA expert, this may align with how some of your exams work.
So my 10-second study bit for the CAPM is study it as if you were studying for the PMP.
So as I mentioned, the CAPM is based off the PMP 7th edition exam, and it uses PMI's
PMBOK guide along with seven other sources that the PMI freely shares.
Here's a bonus bit.
I also wrote a comprehensive CAP-M study guide, which comes free when you purchase our CAP-M
practice exam.
So now on to your question.
Dan, are you ready?
Yes, I am.
Let's see how much I don't know.
I think you'll do fine.
All right.
Here is your question.
Which of the following is not an input to a product roadmap?
So for our listeners, in terms of CAPM, a product roadmap is defined as, per the PMI, and I quote,
A product roadmap is defined as, per the PMI, and I quote, a high level of the features and functionality to include in a product along with the sequence in which they will be built or
delivered. So that's a mouthful, and I'll repeat the question. Which of the following is not an
input to a product roadmap? So Dan, your choices are A, business objectives, B, business feature requirements, C, business architecture, or D, business goals.
Now Dan, while you think over your answer, this question is part of domain four, business analysis frameworks, which is 27% of what's covered on the CAPM exam.
So why don't you talk over your thoughts a bit
as you think through the answers? Okay, so we are looking for something that does not belong,
which is not an input to a product roadmap. So the first one that you gave me, business objectives,
well, that seems like that you would have to have that in order to help define what the project is.
It seems like that you would have to have that in order to help define what the project is.
The business feature requirements, well, that would be part of a high-level view of the features.
Business architecture, let's hang on to that.
Okay. Business goals, high-level view of the features and functionality.
high-level view of the features and functionality. So the business goals and the objectives and the features, they all seem like they should be part of the project plan. So I'm going to take a shot
just by elimination that it's going to be business architecture that is not an input to a product
roadmap. And you are correct. The answer is C, business architecture. Good reasoning there. So this is not an input to
a product roadmap. It is defined as a set of organizational functions, documents, locations,
processes, and structures. That's a component of enterprise architecture. It's an input to
assessing current and future states as part of a needs assessment, among other activities that
are part of a business analysis and their processes and practices.
So, the other answer options, business objectives, goals, and feature requirements are all inputs to a product roadmap.
And some of the main benefits of a product roadmap are establishing expectations for a project and prioritizing features.
Any questions, Dan?
Yeah, I've got a couple. You mentioned that this is part of the
business analysis domain for the exam. Is this something new? Actually, it is. Business analysis
is a new core concept in the CAPM 7th edition, and the reason why business analysis is so important
is that it helps when creating or improving products, identifying and translating
requirements, solving problems, determining solutions, and assessing stakeholder needs.
Ah, great. Thanks for that clarification. The other one I have is that goals and objectives
seem to be closely related. Are they defined differently according to the PMI standards?
Great question. So, they are defined differently, and these
definitions come from a combination of PMI sources for the exam, so I'm paraphrasing,
but a goal is defined as what an organization wants to achieve or accomplish, whereas an
objective is defined as more of a quantifiable outcome that's required from a product, service,
or result. Basically, broad and overarching versus specific and measurable.
And PMI's Business Analysis for Practitioners,
a practice guide,
has a great section about goal models
and business objectives
if our listeners would like to learn more.
Well, thank you so much
for being my project management test subject today, Dan.
Well, thank you very much.
I really appreciate the opportunity to be here.
Absolutely.
And for you project managers out there, in case you haven't heard, Well, thank you very much. I really appreciate the opportunity to be here. Absolutely.
And for you project managers out there, in case you haven't heard, the next PMI major update is going to be the PMI-ACP, which is the Agile Certified Practitioner Exam.
And PMI will be releasing that in November of this year.
And N2K will have a practice test ready shortly thereafter.
And thank you for joining me for this week's CertByte.
If you're actively studying for this certification's CertByte. If you're
actively studying for this certification and have any questions about study tips or even future
certification questions you'd like to see, please feel free to email me at certbyte at n2k.com.
That's C-E-R-T-B-Y-T-E at n number 2k dot com. If you'd like to learn more about N2K's practice
tests, visit our website at n2k.com forward slash cert'd like to learn more about N2K's practice tests, visit our website at
n2k.com forward slash certify. For more resources, including our new N2K Pro offerings,
check out the cyberwire.com forward slash pro. For sources and citations for this question,
please check out our showK's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com slash certified.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, in a tale of digital mischief gone too far,
a former Disney worker, Michael Schur,
allegedly hacked into Disney's proprietary menu software after being let go.
According to a federal complaint,
Schur allegedly used old login credentials to access the menu system,
sneaking in changes that included turning fonts to wingdings,
slipping profanity onto menus,
and, most dangerously, mislabeling peanut allergenic foods as safe.
Thankfully, Disney caught the altered menus before they reached customers.
But Sure didn't stop there. He reportedly hijacked QR
codes on outdoor menus to redirect to boycott websites, locked employees out of their accounts
with endless login attempts, and even showed up at one ex-colleague's home. The DOJ and Disney
remain mum on the specifics, but Schuer's alleged antics are a reminder that grudges
and digital footprints can lead to more than a slap on the wrist.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. We're privileged that
N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the
public and private sector, from the Fortune 500 to many of the world's preeminent intelligence
and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment,
your people. We make you smarter about your teams while making your team smarter. Learn how at n2k.com. This episode was
produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot
Peltzman. Our executive producer is Jennifer Iben. Our executive editor is Brandon Karp.
Simone Petrella is our president. Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. are not only ambitious, but also practical and adaptable. That's where Domo's AI and data
products platform comes in. With Domo, you can channel AI and data into innovative uses that
deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.