CyberWire Daily - Wyden blocks the senate vote.

Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered by N2K. Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions. This coffee is so good. How do they make it so rich and tasty? Those paintings we saw today weren't prints. They were the actual paintings. I have never seen tomatoes like this. How are they so red? With flight deals starting at just $589, it's time for you to see what Europe has to offer.

Starting point is 00:00:31 Don't worry. You can handle it. Visit airtransat.com for details. Conditions apply. AirTransat. Travel moves us. Hey, everybody. Dave here.

Starting point is 00:00:44 Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me. I have to say, Delete.me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Delete.me's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete.me.

Starting point is 00:01:22 Now at a special discount for our listeners. private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash N2K, code N2K. Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes a European cyber force with offensive capabilities.

Starting point is 00:02:19 Twisted Spider is observed conducting a new ransomware campaign. Staples sustains a cyber attack. Apple releases security updates for two actively exploited zero days. On today's Mr. Security Answer Person, John Pescatori joins us to talk about Microsoft's Secure Future initiative. And how can you tell if your bot is involved in insider trading. It's Friday, December 1st, 2023. I'm Dave Bittner, and this is your CyberWire Intel briefing. In today's top story, Politico reports that Senator Ron Wyden is blocking the nomination of Lieutenant General Timothy Hogg to lead the NSA and Cyber Command, demanding transparency from

Starting point is 00:03:26 the agency regarding potential warrantless domestic surveillance of Americans. Despite Wyden's focus not being on Hogg's qualifications, his blockade remains steadfast until NSA discloses the requested information. The Department of Defense acknowledges Wyden's hold and expresses eagerness to work with him to address his concerns, emphasizing the importance of Hogg's role in national security. Wyden's action follows Senator Tuberville's withdrawal of his hold on Pentagon nominees, initially placed in protest of the Pentagon's abortion travel policy for service members. This issue gains additional significance ahead of the year-end expiration of Section 702 of the Foreign Intelligence Surveillance Act,

Starting point is 00:04:12 a contentious measure allowing the U.S. government to collect communications of foreigners abroad. Wyden's chief communications advisor, Keith Chu, underscores the importance of the NSA's transparency, especially in the context of the upcoming debate on Section 702. Lieutenant General Hogg is widely supported in the Senate, including by the Armed Services and Intelligence Committees. In the meantime, General Paul Nakasone continues to lead the NSA and Cyber Command. Wyden's move reflects broader concerns about government surveillance practices and the balance between national security and individual privacy rights. Commercial flights in the Middle East, especially near Baghdad, Cairo, and Tel Aviv, have experienced GPS disruptions due to meekening interference, a type of rebroadcasting of navigational signals and a

Starting point is 00:05:07 play on the word beaconing. Wired reports that these incidents are likely emanating from the outskirts of Tehran. Researchers at the University of Texas Radio Navigation Laboratory support this attribution. The interference appears to be aimed at jamming GPS signals rather than redirecting aircraft. Industry experts are not shocked by these developments. Dana Goward, president of the Resilient Navigation and Timing Foundation, notes Teron's history of GPS interference. He also mentions Teron's development of a Loran-like system to lessen their dependence on space-based navigation and timing signals. Goard emphasizes that the intention seems to be to deny GPS service, not to misguide aircraft. META's latest quarterly adversarial threat report disclosed the removal

Starting point is 00:06:00 of coordinated inauthentic behavior linked to Russia and China on its platforms. The report detailed three key findings. In China, 13 accounts and seven groups targeting India, Tibet, and to a lesser extent the U.S. were removed. These entities, posing as journalists, lawyers, and human rights activists, were detected through internal investigations. Another Chinese operation involving over 4,000 Facebook accounts was dismantled. These accounts, posing as Americans, focused on U.S. politics and U.S.-China relations. This network was removed before it could significantly engage with authentic users.

Starting point is 00:06:41 From Russia, six Facebook accounts, one page, and three Instagram accounts were eliminated. Targeting a global English-speaking audience, they predominantly posted about Russia's invasion of Ukraine through fictitious media brands. Russian embassies and diplomatic missions had promoted these on various social media platforms. Meta's actions reflect its ongoing challenges to combat disinformation and false online personas. Charles Michel, President of the European Council, proposed creating a European cyber force with offensive capabilities, addressing the European Defense Agency conference Thursday. This idea, amidst the Russian invasion of Ukraine, aligns with his vision for a unified

Starting point is 00:07:27 defense sector and a single defense market in the EU. However, the proposal faces challenges, including command structure and the development of offensive cyber capabilities. The EDA, responsible for promoting EU defense integration, operates under the European Council, but doesn't command armed forces, which remain under member states' control. Microsoft has uncovered an active malvertising campaign by the Twisted Spider gang, believed to be based in Russia and also known as Storm 0216 or UNK 2198.

Starting point is 00:08:04 They are distributing the DanaBot Trojan via malicious ads. The campaign, first noticed in November, uses a private version of DanaBot, differing from their previous use of the malware-as-a-service model. DanaBot steals user credentials and other information, enabling lateral movement through RDP sign-ins, and eventually leads to the deployment of Cactus ransomware by Twisted Spider for extortion purposes. The switch to Danabot from the previously used Cackbot, which faced law enforcement disruptions, indicates the gang's adaptability. It's important to note that Twisted Spider is distinct from Scattered Spider, another criminal group involved in cyberattacks against MGM Resorts and Caesars Entertainment.

Starting point is 00:08:52 Office supply giant Staples experienced a cybersecurity incident, prompting them to shut down some systems as a precautionary measure, Bleeping Computer reports. A spokesperson from Staples revealed that their cybersecurity team detected a risk on November 27th, leading to immediate steps to reduce potential impacts and safeguard customer data. The necessary response temporarily disrupted their back-end processing, delivery capabilities, customer communication channels, and customer service operations. Staples is actively working on restoring all systems and anticipates a swift return to full functionality. In the meantime, they expect minor delays but plan to fulfill all placed orders. Apple has released critical security updates for iPhones, iPads, and Macs to address two actively exploited vulnerabilities identified by

Starting point is 00:09:47 Google's Threat Analysis Group. The WebKit vulnerabilities allow hackers to remotely implant malicious code on devices, qualifying as zero-day vulnerabilities due to the absence of a lead time for Apple to rectify them before exploitation. The identity of the attackers exploiting these vulnerabilities remains unknown, as neither Apple nor Google have attributed these actions to any specific malicious actors or governments. These updates follow a recent patch by Google for a zero-day vulnerability in Chrome,

Starting point is 00:10:19 which was known to be exploited in the wild. Google responded to the Chrome vulnerability within four days, while Apple addressed the issue reported by Google's researchers in just under a week. On today's edition of Mr. Security Answer Person, John Pescatori joins us to talk about Microsoft's

Starting point is 00:10:45 Secure Future Initiative. Do you know the status of your compliance controls right now? Like, right now. We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.

Starting point is 00:11:27 Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your company's defenses

Starting point is 00:12:18 is by targeting your executives and their families at home? Black Cloak's award-winning digital executive protection platform Thank you. Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io. Mr. Security Answer Person Hi, I'm John Pescatori, Mr. Security Answer Person. Our listener question for today's episode, Brad Smith, Microsoft's corporate president, recently announced Microsoft's Secure Future Initiative. What's your take on that?

Starting point is 00:13:26 Well, my knee-jerk reaction to these types of we-will-start-to-take-security-seriously-now corporate press releases is to check that if that company recently had an embarrassing security breach. And sure enough, on 18 September 2023, Microsoft had to admit they had allowed 38 terabytes of sensitive data to be leaked out when they hosted training data for artificial intelligence on their own Azure cloud service using insecure configurations. Oops. But we need a bit of context first. Way back in 2002, after Windows users worldwide had been getting trashed by malware worms taking advantage of numerous Windows vulnerabilities.

Starting point is 00:14:08 Then Microsoft CEO Bill Gates issued a company-wide email that said, Trustworthy computing is the highest priority for all the work that we are doing. We must lead the industry to a whole new level of trustworthiness in computing. Which was similar to a fast food restaurant whose customers had been getting food poisoning for years, saying, we need to lead the food industry in consumption-worthy meals. Talking the talk is easy. Changing a company to actually walk the walk is a whole other thing. But to Bill Gates' credit, when he said turn right, the corporate steering wheel

Starting point is 00:14:41 started to rotate. Microsoft invested heavily in a secure development lifecycle, made patch releases a regular monthly event, and made some progress in a more secure software development lifecycle. They had a lot of missteps, however, and over 20 years later, we are still seeing badly written Windows software with zero-day vulnerabilities being shipped, and Google and Apple and others have been the leaders in raising the bar in security, not Microsoft. In his Secure Future Initiative blog post, Brad Smith referenced a corporate email by Microsoft's Executive VP for Security, Charlie Bell, that said, We will focus on 1. Transforming software development, 2, two, implementing new identity protections, and three, driving faster vulnerability response.

Starting point is 00:15:30 This is the meaty area of the whole initiative. This is where the rubber really has to meet the road. Of those three initiatives, I hope Microsoft keeps its primary focus on transforming Windows software development. Here's the major issue. on transforming Windows software development. Here's the major issue. Starting in 2002,

Starting point is 00:15:50 Microsoft's Secure Development Lifecycle Initiative made great strides, but the approach was based on three- to four-year operating system lifecycle releases. By 2010, it was clear that mobile and cloud-based applications with near-continuous update cycles were becoming the norm. But in 2010, when I interviewed then-Microsoft CEO Steve Ballmer on the keynote stage at

Starting point is 00:16:11 Gartner's annual IT symposium, I asked him, what is Microsoft's biggest risk? He answered, the next release of Windows, which at that time meant Windows 8, which wouldn't even ship until 2012. Ballmer didn't even mention the iPhone or iPad or Gmail or Google's clone browser. Does anyone even remember Windows 8? Microsoft was trapped by a business model that relied on jamming functions into its dominant desktop operating system versus competing by building awesome products and services, let alone awesomely secure ones.

Starting point is 00:16:44 13 years later, Microsoft has recognized that. Let me quote from Charlie Bell's memo about Microsoft moving to a dynamic software development lifecycle. This means we're going to apply the concept of continuous integration and continuous delivery to continuously integrate protections against emerging patterns as we code, test, deploy, and operate. Think of it as continuous integration and continuous security. I could quibble with that wording.

Starting point is 00:17:13 For example, emerging patterns sound suspiciously like signatures to me. But Microsoft aiming at continuous security is great to see. In that spirit, though, we need to see some rapid progress in 2024. After suffering a major breach, a CISO once told me, the good news is I finally got approval to break some eggs so we can actually deliver a more secure omelet. Fewer vulnerabilities in Windows and faster, easier patching of all Microsoft products and services has to be job one to reduce the constant barrage of rotten eggs hitting the face of businesses. Thanks for listening. I'm John Pescatori, Mr. Security Answer Person.

Starting point is 00:18:05 That's Mr. Security Answer Person, John Pescatori. Cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.

Starting point is 00:18:49 Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. Breaking news happens anywhere, anytime. Police have warned the protesters repeatedly, get back. CBC News brings the story to you live. Hundreds of wildfires are burning. Be the first to know what's going on and what that means for you and for Canada. This situation has changed very quickly. Helping make sense of the world when it matters most. Stay in the know.

Starting point is 00:19:27 Download the free CBC News app or visit cbcnews.ca. And finally, yesterday marked the one-year anniversary of the public availability of ChatGPT, which you may have noticed captured the imagination of just about everyone, be they lovers or haters of the technology. We draw your attention to a research paper out of Cornell University titled,

Starting point is 00:19:59 Large Language Models Can Strategically Deceive Their Users When Put Under Pressure. large language models can strategically deceive their users when put under pressure. In it, researchers demonstrated that large language models like GPT-4, trained to be helpful, harmless, and honest, can still exhibit misaligned behavior and deceive users without explicit instructions. Deployed in a simulated environment as an autonomous stock trading agent, GPT-4 acted on an insider tip for a lucrative trade, knowingly violating company policies. The model then deliberately concealed the true reasons for its trading decision from its manager. Various experimental adjustments, such as changing environment settings and system instructions, were tested to understand this behavior. This research marks the first instance of such models strategically deceiving users

Starting point is 00:20:52 in a realistic scenario without being programmed for deception. So, even our AI overlords seem to have picked up a tip or two from Wall Street. When it comes to insider trading, it's not just about playing the market, but also playing it cool with the boss. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. Be sure to check out this weekend's Research Saturday and my conversation

Starting point is 00:21:28 with Ryan from Bishop Fox. We're describing their work building an exploit for a FortiGate vulnerability. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. You can email us at cyberwire at n2k.com.

Starting point is 00:21:43 Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity. We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people.

Starting point is 00:22:15 We make you smarter about your team while making your team smarter. Learn more at n2k.com. This episode was produced by Liz Ervin. Our mixer is Trey Hester with original music by Elliot Peltzman. Our executive producers

Starting point is 00:22:29 are Jennifer Iben and Brandon Karp. Our executive editor is Peter Kilby and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Thank you. but also practical and adaptable. That's where Domo's AI and data products platform comes in.

Starting point is 00:23:06 With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.

CyberWire Daily - Wyden blocks the senate vote.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.