Top cybersecurity stories for the week of 01-15-24 to 01-19-24

Below are some of the stories we’ve been reporting this week on Cyber Security Headlines.

If you’d like to watch and participate in a discussion about them, the CISO Series does a live 20-minute show every Friday at 12:30pm PT/3:30pm ET. Each week we welcome a different cyber practitioner to offer some color to the week's stories. Our guest this week is Jerich Beason, CISO, WM.

To get involved you can watch live and participate in the discussion on YouTube Live
https://www.youtube.com/watch?v=haDriC-qOLA or you can subscribe to the Cyber Security Headlines podcast and get it into your feed.

Here are the stories we plan to cover, time permitting:

SEC says X account breach did not lead to further breaches
According to Reuters, the U.S. Securities and Exchange Commission stated on Friday that said there was “no evidence to suggest the breach of its X account earlier this week also involved a breach of the agency’s systems, devices, data, or other social media accounts.” CISA, the FBI, and the SEC’s own Inspector General continue to investigate the breach, which a representative from X (formerly Twitter), has said resulted from “an unidentified individual obtaining control of a phone number.”
(Reuters)

Have I Been Pwned adds “statistically significant” data leak
Troy Hunt and his leak alert site Have I Been Pwned have seen a lot of leaks, so when he describes one as “statistically significant” you should take notice. The site recently added the Naz.API dataset, which includes 104 gigabytes of data, including 70.8 million unique email addresses with associated plaintext passwords. In sampling, Hunt found that over a third of listed emails were net new to Have I Been Pwned, something very rare in leak datasets. This dataset appeared on hacker forums four months ago, seemingly coming from “stealer logs” on compromised machines, mixed with much older data from previous leaks.
(Troy Hunt)

Cyberattack on Ukraine’s largest telecom provider comes at a heavy cost
Following up on a story we brought you in mid-December, it is estimated that the cost of a major cyberattack on Ukraine’s largest telecom operator, Kyivstar, will cost its parent company, Netherlands-based Veon, almost $100 million, this according to a statement the company released Monday. Veon is focusing on “an impact on its consolidated revenue results for 2024 associated with the revenue loss arising from the customer loyalty measures.” According to The Record, the financial impact is not due to the cost of repair and restoration, but in large part is due to subscribers immediately switching to SIM based connectivity through local operators — Vodafone and Lifecell. The attack itself is believed to have been the work of the Russian Sandworm operation.
(The Record and Veon)

End-of-life Cisco routers targeted by Chinese espionage group
According to SecurityScorecard a group named Volt Typhoon, identified as a Chinese government espionage unit, is exploiting Cisco RV320/325 devices, which were discontinued by Cisco in 2019, with service and support intended to be terminated on January 31, 2025. The hackers are exploiting two vulnerabilities, CVE-2019-1653 and CVE-2019-1652, which are also listed on CISA’s Known Exploited Vulnerabilities list for 2019. SecurityScorecard says 30% of the RV320/325 devices may have been compromised, a statement based on its observation of frequent connections between the devices and known Volt Typhoon infrastructure.
(The Record)

OpenAI publishes election guidance
The AI giant announced some steps it's taking to prevent people using its models to spread election misinformation. This includes controls in custom GPTs that prevent them from acting as real people or institutions and don’t deter people from the democratic process. ChatGPT will also direct uses to election resource links directly when asked and have access to real-time election information with supporting links. For DALL-E image generation, OpenAI will implement digital cryptographic credentials from the Coalition for Content Provenance and Authenticity to images. This will come “early this year.” The company also said it will keep monitoring how people use its tools and make adjustments as needed in the election season.
(OpenAI)

PixieFail could spell trouble for cloud providers
Researchers at the security firm Quarkslab documented nine vulnerabilities in the open source UEFI specification TianoCore EDK II. These vulnerabilities relate to IPv6 and can be executed in the Preboot Execution Environment frequently used in large data centers, but generally off by default on consumer machines. The vulnerabilities impact motherboards from Arm Ltd., Insyde, AMI, Phoenix Technologies, and Microsoft. Attackers could use these flaws to download malicious firmware to a server by capturing local traffic. The researchers contacted the impacted companies, although any fix would need to roll out from them to customers to implement.
(Ars Technica)

Reddit upvotes an IPO in March
The social media platform is looking to move ahead with it’s long-planned IPO, with a public filing in late February, and the IPO completed in late March, at which point it seeks to sell around 10 percent of its shares. According to Reuters, quoting co-founder Steve Huffman’s Reddit post from last June, the company generates revenue primarily through advertising, along with premium access for a $5.99 monthly fee, but has yet to turn a profit. It would be the first IPO of a major social media company since Pinterest in 2019.
(Reuters) submitted by /u/CISO_Series_Producer
[link] [comments]


http://dlvr.it/T1cSgh