CyberWire Daily - Servers seized, terrorists teased.
Episode Date: June 18, 2024Europol and partners shut down 13 terrorist websites. A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Fi...ve Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Selected Reading Europol Taken Down 13 Websites Linked to Terrorist Operations (GB Hackers) Los Angeles Public Health Department Discloses Large Data Breach (Infosecurity Magazine) New AI deepfake porn bill would require big tech to police and remove images (CNBC) Five Eyes' Critical 5 nations focus on adapting to evolving cyber threats to boost critical infrastructure security, resilience (Industrial Cyber) VMware by Broadcom warns of critical vCenter flaws (The Register) Empire Market owners charged for enabling $430M in dark web transactions (Bleeping Computer) From Clipboard to Compromise: A PowerShell Self-Pwn (Proofpoint US) Arm Memory Tag Extensions broken by speculative execution (The Register) Star ed-tech company discloses data breach (Cybernews) Clearview AI Is So Broke It’s Now Offering Lawsuits Plaintiffs A Cut Of Its Extremely Dubious Future Fortunes (Techdirt) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Thank you. The Take It Down Act targets deepfake porn. The Five Eyes Alliance update their strategies to protect critical infrastructure.
VMware has disclosed two critical rated vulnerabilities in vCenter server.
The alleged heads of the Empire Market dark web marketplace are charged in Chicago federal court.
A new malware campaign tricks users into running malicious PowerShell fixes.
Researchers thwart memory tagging extensions in ARM chips.
A major e-learning platform discloses a breach.
On our Industry Voices segment, we're joined by Guy Guzner, CEO and co-founder of Savvy,
to discuss reimagining app and identity security for SaaS.
And Clearview AI offers plaintiffs a piece of the pie.
It's Tuesday, June 18th, 2024. I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Europol and law enforcement from 10 countries have shut down 13 terrorist websites in Operation Hopper 2.
This operation targeted online platforms used by terrorist groups like ISIS and al-Qaeda
to spread propaganda and recruit members. Four servers in Romania, Ukraine, and Iceland were
seized, and the websites were removed. Coordinated by Europol's European Counterterrorism
Center, the operation involved authorities from several European countries. Europol's EU platform
on illicit content online, PERSI, facilitated the removal of terrorist content, showcasing the power
of international cooperation in combating online terrorist activities.
The Los Angeles County Department of Public Health reported a data breach affecting over 200,000 people. In February of this year, an attacker obtained the login credentials of 53
employees through a phishing email. Stolen data includes personal, medical, and financial information.
Impacted individuals are being notified by mail and offered a year of free identity monitoring.
The DPH has enhanced its security measures to prevent future attacks,
disable defected accounts, and reset devices.
Law enforcement and the U.S. Department of Health are involved in the investigation. The department advises individuals to verify their medical records for accuracy.
Lawmakers on Capitol Hill are urgently addressing the surge in deepfake AI porn
targeting celebrities and high school students. A new bill, the Take It Down Act, led by Senator
Ted Cruz, Republican from Texas, aims to hold social
media companies accountable for removing deepfake porn within 48 hours of a victim's request.
It would criminalize publishing or threatening to publish such content with enforcement by the
Federal Trade Commission. The bill will be introduced by a bipartisan group of senators supported by victims of deepfake porn.
Despite consensus on the issue, there are competing bills in the Senate.
Senator Dick Durbin, a Democrat from Illinois, proposed a bill allowing victims to sue those responsible,
but it was blocked for being overly broad.
The Take It Down Act focuses on social media platform responsibilities.
This all comes as Senate Majority Leader Chuck Schumer pushes for AI legislation
addressing non-consensual deepfake images. Cybersecurity agencies from the Five Eyes
Alliance have updated their strategies to protect critical infrastructure,
emphasizing the need for
international collaboration due to the interconnected nature of these systems. The critical five nations
Australia, Canada, New Zealand, the UK, and the US are enhancing security and resilience measures to
prevent disruptions from incidents. Key points include adoption of new policies and tools like Australia's
2023 Critical Infrastructure Resilience Strategy and the UK's Critical National Infrastructure
Knowledge Base, addressing cyber threats through updated national strategies such as the UK's
National Cyber Strategy and the US's National Security Memorandum, enhancing information-sharing mechanisms between governments and infrastructure operators.
These nations stress that evolving threats like cyberattacks and climate change necessitate continuous adaptation of infrastructure protection strategies.
Collaboration and shared knowledge remain vital for mitigating risks and ensuring the resilience of critical systems.
VMware by Broadcom has disclosed two critical-rated vulnerabilities in the DCE RPC protocol, potentially allowing remote code execution.
Despite no known exploitation in the wild, patched versions are available.
However, older versions like 6.5 and 6.7, no longer supported since October of 2022, may remain vulnerable.
Additionally, a third flaw, rated 7.8, allows local privilege escalation due to pseudo-misconfiguration.
VMware acknowledged Matei Mal Badenoir of Deloitte, Romania, for discovering the vulnerabilities.
of Deloitte, Romania for discovering the vulnerabilities.
Two men, Thomas Pavey and Rahim Hamilton, have been charged in Chicago federal court for operating Empire Market, a dark web marketplace that facilitated over $430 million in illegal
transactions from February 2018 through August 2020. Empire Market sold illegal drugs, counterfeit money, malware, and other illicit goods
using cryptocurrencies like Monero, Litecoin, and Bitcoin for payments.
The marketplace shut down abruptly in 2020 amid DDoS attacks,
leading to exit scam allegations.
The two faced charges for selling counterfeit currency, distributing
controlled substances, possessing unauthorized access devices, and money laundering. If convicted,
they could face life in prison and must forfeit crime proceeds, with $75 million in cryptocurrency,
cash, and precious metals already seized.
Researchers at Proofpoint document a new malware campaign that uses fake Google Chrome, Word,
and OneDrive errors to trick users into running malicious PowerShell fixes that install malware.
Multiple threat actors, including ClearFake, ClickFix, and TA571, are behind this campaign. These attacks involve fake browser update prompts and JavaScript and HTML attachments displaying false error
messages. Users are instructed to copy and run PowerShell scripts, leading to malware installations
like DarkGate, Matan Bukas, NetSupport, XMRig, and LumaStealer.
The campaign exploits user unawareness of PowerShell risks
and Windows' inability to detect malicious scripts.
Despite requiring significant user interaction,
the convincing social engineering increases the likelihood of successful infections.
In 2018, ARM introduced Memory Tagging Extensions, MTE,
to protect against memory safety bugs.
MTE, now in devices like Google's Pixel 8,
tags memory blocks to detect and prevent memory safety violations.
However, researchers from Seoul National University,
Samsung Research, and Georgia Tech found MTE can be bypassed via speculative execution attacks.
Their study, titled TICTAG, Breaking ARM's Memory Tagging Extension with Speculative Execution, shows that attackers can extract MTE tags with a 95% success rate in under four seconds.
Despite this, ARM maintains that MTE's value remains
and suggests mitigations to prevent these attacks.
The researchers' findings have prompted some responses from ARM and Google's Android security team,
although not all issues have been fully addressed.
Android security team, although not all issues have been fully addressed.
Learnocity, an e-learning platform with over 40 million learners, disclosed a cybersecurity incident on June 17. A phishing attack targeted HR staff, exposing an employee list but evidently
not downloading it. The affected employee lacked access to product or user data.
Learnocity has secured its systems and is investigating the incident,
offering 12 months of free credit monitoring to affected users.
Coming up after the break on our Industry Voices segment,
I speak with Guy Guzner, CEO and co-founder of Savvy.
We're discussing reimagining app and identity security for SaaS.
Stick around.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages,
it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30
frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. Thank you. Learn more at blackcloak.io. Guy Guzner is CEO and co-founder of Savvy.
And in today's sponsored Industry Voices segment,
we discuss reimagining app and identity security for SaaS.
I think that from one point of perspective,
things are great because SaaS has been a real transformation
of how we consume IT.
And there are thousands of different applications
to choose from that are driving productivity.
And you got new technologies and services like generative
ai that improving productivity and that's great i mean if i compare this to the number of options
that we had 10 and more years ago it's just amazing and you can achieve so much.
And so I think that's, if we start, that's very positive.
The other things to consider is what is the price that we have to pay for that in terms
of security?
Well, I mean, let's dig into that.
What are some of the prices that we pay there?
Let's dig into that. What are some of the prices that we pay there?
Well, I think that first and foremost, identity has become a major challenge there. Because when you think about SaaS, the applications are just out there.
You consume them as a service.
are just out there. You consume them as a service.
You don't even know where they're
hosted in the public cloud or some servers somewhere.
You have no control into that.
And what happens is that, in many cases,
identity becomes the perimeter for SaaS apps,
because you no longer have your data centers and your perimeter and your traditional access controls.
So the only thing that stands between someone having access to your SaaS applications that may contain sensitive data is just the identity.
What about things like shadow IT?
I mean, folks have a tendency to just want to get their work done.
And if they need to do that, they'll quite often go around some of the roadblocks that security has put up for them, the perceived roadblocks, I suppose.
Yeah, I think that's the expectations of all of us today, that if we need to get our work done and there is something
that helps us to do it, we will do it regardless of what is the security policy and guidance of
the organization. There was a Gartner survey just recently that found out that 69% of employees bypassed security organizations' guidance knowingly,
that they knew that that's a violation.
And 74% of them said that they will be willing to bypass that again
if it helps them to achieve a business objective.
So we know that people will do anything to get work done. And I think that you mentioned shadow
IT. I think that today we need to realize that
it's no longer in the shadows. This is becoming
the way of how people are consuming IT and expect
to continue to doing so.
Well, so in your view, what is the appropriate approach here to SaaS?
Well, I think the appropriate approach is that we need to embrace change and we need
to understand that this is not going away and businesses and companies that embrace
that and embrace the new productivity opportunities that
it offers will offer them business advantages over time. So you can't fight this anymore.
I need you to understand that this is the new reality and then is how do you allow the business and the workforce
to achieve the business goals that they have,
but provide some kind of guidance
or some kind of guardrails on how to do this.
So it's no longer about having those block
or allow policy that, you know, we'll say,
oh, we'll block just all of shadow IT.
It's about how do we enable them to use those applications
but guide them in a way that prevent them to do
all the violations that we were talking about earlier.
Well, can we dig into some of the details here?
I mean, are there some specific steps that you would recommend?
Well, I think that like a lot of things in cybersecurity,
the first step is about visibility.
It's about understanding what is the exposure
of those different applications
and different identities that people are using.
And in many cases, a lot of the traditional controls
will only tell you the things that you already know about,
but won't tell you about things that people onboarded by themselves
or didn't go through IT or through the normal processes.
And then once you get that full visibility,
you have something that you can
start to manage. But then the next resource, and that's the second step, is how do you take all of
this data, which could be overwhelming, and then normally, you know, all security teams, you know,
are short on staff and resources, is how do you prioritize and how do you find the most things
that are important?
That if you find some toxic
combinations of risk that if they are exploited will put
the company in a material risk, how do you
address them? And then the next steps is to have action plans and be able to implement that in real time to engage end users and drive usage and risk reduction in the organization.
One of the things that you and your colleagues there at Savvy emphasize is timing.
You have this phrase I like, you call it just-in-time security guardrails.
Can you describe for us what that means?
Sure, absolutely. is that the workforce, the users have a lot of power and a lot of freedom to choose from different SaaS platforms.
And this is also where they create the violation.
And the traditional way to affect the decisions of what people were doing was, let's train them.
Let's do some education.
Let's have a security awareness program.
But what we've noticed is that those programs where you train people are not necessarily effective when they make their day-to-day decisions.
Because most times people are just doing this for compliance and they hate this.
And like I said, people want to get stuff done.
They don't care about security.
So then we said, well, let's create a solution that is able to find those situations where someone is about to make decisions that has a security impact in real time and then affect that as it happens.
impact in real time and then affect that as it happens.
And then it has the effect of also preventing the situation in real time when it's happening. But this is also a learning opportunity for the actual user to learn something in real
time.
And this is more effective than just training them once a year or something like that about this.
And I suppose, I mean, the user experience is really important here as well, because
you, you know, you say you have an opportunity to educate, but you also don't want to annoy.
Yeah.
And I think that this is also something that I'll say collectively,
the security industry didn't tend to put user experience as a top priority.
It was always about security.
And maybe in the past, you know, it was good.
Okay, we'll just block you and we don't give you any other alternatives.
But in today's day and age, when people expect the productivity, you need to think about
the user experience.
And like there was the research I mentioned earlier, that people will circumvent security
if it's just too hard.
And they have different ways of doing this.
I mean, today people have their own personal device.
They have other ways to achieve what they're doing.
So one of the important things is how do you do this in a way
that doesn't antagonize the end user?
And this is actually where when we started Savvy, we started from the psychological aspects of how do you affect human behavior. psychologist to help us as security people
understand on how do we engage people, how do we
nudge them to the right behavior, how we provide them
something that allows them to be productive
but in the same way be secure.
That's Guy Guzner, CEO and co-founder of Savvy.
Cyber threats are evolving every second,
and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly
and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company And finally, for a while there, Clearview AI was riding high.
The company's facial recognition technology could search millions and eventually billions of images
to find a match for any uploaded photo.
The catch was, all those images and data had been scraped from the web without the consent
of the millions of people involved. Clearview's ambitions grew, and the company began courting
governments and law enforcement agencies. The problem with this strategy is that it leaves a
paper trail, accessible through public records requests. This was the beginning of the end.
public records requests. This was the beginning of the end. Kashmir Hill's expose for the New York Times revealed Clearview's existence, its web-scraping tactics, and its aggressive
marketing efforts. The fallout was swift, lawsuits piled up, and foreign governments
issued bans and hefty fines for violating privacy laws. But Clearview's troubles weren't confined to Europe.
In the U.S., lawsuits over privacy violations
proved successful.
One significant case involved alleged breaches
of Illinois privacy laws,
resulting in a class action lawsuit.
This case is now concluding,
but the settlement is unique.
Instead of a cash payout,
plaintiffs will receive a 23% stake in Clearview,
valued at about $52 million.
Here's Kashmir Hill with the latest for the New York Times.
Quote, anyone in the United States
who has a photo of themselves posted publicly online,
so almost everybody,
could be considered a member of the class.
The settlement would collectively give the members a 23% stake in Clearview AI,
which is valued at $225 million according to court filings. 23% of the company's current value would
be about $52 million. Plaintiffs can cash out if the company goes public or gets acquired, or they can sell
their stake. Alternatively, after two years, they can collect 17% of Clearview's revenue.
Clearview's lawyer, Jim Thompson, told the New York Times the company was pleased with the
agreement, suggesting a bleak outlook for its future. If Clearview expected to thrive,
suggesting a bleak outlook for its future.
If Clearview expected to thrive,
it likely wouldn't have agreed to give away nearly a quarter of its value.
But anticipating financial struggles,
handing out a significant IOU to plaintiffs,
is a clever way to preserve cash and stop the legal hemorrhaging.
So, Clearview may have lost the larger battle for privacy and reputation,
but it managed to dodge a financial bullet with this settlement.
By delaying cash payments and giving away a speculative stake in its uncertain future,
Clearview has bought itself some time.
Given its ongoing issues worldwide,
it's doubtful there will be much cash available to pay out in the future either.
Clearview may have lost the war, but it seems to have won this particular battle.
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com. We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine
of the most influential leaders and operators
in the public and private sector,
from the Fortune 500
to many of the world's preeminent
intelligence and law enforcement agencies.
N2K makes it easy for companies
to optimize your biggest investment,
your people.
We make you smarter about your teams
while making your teams smarter.
Learn how at N2K.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Parf.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Ramon Petrella is our president, Peter Kilby is our publisher, and I'm Dave Bittner.
Tomorrow is Juneteenth here in the United States, so we will be taking off that federal holiday.
We'll see you back here Thursday. Thank you. but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.