Cyber Security Headlines: NewsCorp reveals attack, TELUS investigating leak, Dish goes offline

News Corp reveals that attackers remained on its network for two years

In February of last year, the media and publishing giant News Corp has revealed it was the victim of a cyberattack from an APT in January 2022. Investigation by Mandiant revealed that the attack was carried out by a nation-state actor which they believe to be a China-linked APT group. Now News Corp has revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. News Corp-owned Wall Street Journal reported that the attack affected a major portion of the news conglomerate, including itself and The New York Post.

(Security Affairs)

TELUS investigating leak of stolen source code, employee data

Canada’s second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently posted screenshots that apparently show private source code repositories and payroll records held by the company. The seller further boasts that the stolen source code contains the company’s “sim-swap-api” that will purportedly enable adversaries to carry out SIM swap attacks. TELUS has so far not found evidence of corporate or retail customer data being stolen and continues to monitor the potential incident.

(Bleeping Computer)

Dish Network goes offline after likely cyberattack, employees cut off

TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours. The widespread outage affects, Dish Anywhere app, as well as several websites and networks owned by the corporation. Customers also suggest the company’s call center phone numbers are unreachable. Customers are facing authentication issues when signing into TV channel apps such as MTV and Starz via their Dish credentials, and Dish Network’s remote employees have been cut off from accessing their work systems. A source in touch with a Dish Network employee told BleepingComputer that the network “has been hit” (by a cyber attack) with employees seeing “blank icons” on their desktop—something that typically occurs after a ransomware infection encrypts the victim’s files.

(Bleeping Computer)

At least one open source vulnerability found in 84% of code bases

At a time when almost all software contains open source code, at least one known open source vulnerability was detected in 84% of all commercial and proprietary code bases examined by researchers at application security company Synopsys. In addition, 48% of all code bases analyzed by Synopsys researchers contained high-risk vulnerabilities, which are those that have been actively exploited, already have documented proof-of-concept exploits, or are classified as remote code execution vulnerabilities. The vulnerability data — along with information on open source license compliance — was included in Synopsys’ 2023 Open Source Security and Risk Analysis (OSSRA) report, put together by the company’s Cybersecurity Research Center (CyRC).

(CSO Online)

Thanks to this week’s episode sponsor, Conveyor

AI can now literally answer any question on the internet in seconds, yet infosec teams are still living a nightmare manually filling out security questionnaires with existing tools. Get out of the questionnaire stone age with Conveyor’s new questionnaire eliminator tool powered by GPT-3. Go beyond re-writing mediocre matches, to getting your questionnaire auto-filled with the exact answers customers need in minutes. Join the top SaaS companies in the GPT-3 powered future by using Conveyor. Learn more at

White House cybersecurity strategy to force large companies to make systems secure by design

A forthcoming White House cybersecurity strategy document aims to force large companies to shoulder greater responsibility for designing secure products and to redesign digital ecosystems to be more secure, Camille Stewart Gloster, the deputy national cyber director for technology and ecosystem security, said at a CyberScoop event Thursday. According to an early draft of the document obtained by Slate — which White House officials have emphasized is not a final document — the strategy includes a wide range of mandatory regulations on American critical infrastructure companies to improve security, and authorizes law enforcement and intelligence agencies to take a more aggressive approach to hack into foreign networks to prevent attacks or retaliate after they have occurred.


Treasury Department hits Russian disinformation operators with sanctions

This announcement came on Friday, and applies sanctions on Russian companies including a handful of entities connected to cybersecurity and disinformation operations with links to Russia’s intelligence services. The move by the Office of Foreign Assets Control especially targets Russia’s mining and minerals sector, but also goes after a range of technology companies and executives, with some having direct links to the sorts of disinformation operations that have targeted U.S. elections. 

(The Record)

Big Tech ‘fair share’ debate set to dominate Barcelona mobile meet

A clash between Big Tech and European Union telecoms firms over who will underwrite network infrastructure is set to dominate discussion at the world’s largest telecoms conference this week. More than 80,000 people, including tech executives, innovators, and regulators, are set to descend on this year’s Mobile World Congress (MWC) in Barcelona. EU industry chief Thierry Breton on Thursday launched a 12-week consultation on its “fair share” proposals, under which Big Tech platforms would bear more of the costs of the systems which give them access to consumers. Representatives from companies including Alphabet, Meta, and Netflix are expected to use the conference as a platform to push back against the EU proposals.


 Rishi Sunak faces calls to ban TikTok use by government officials

In line with moves by the EU and US, British PM Rishi Sunak has been urged to ban government officials from using TikTok amid growing cybersecurity fears over China. However, the Prime Minister is currently resisting pressure to bar parliamentary staff and MPs from using TikTok, which has become increasingly popular among UK politicians. While one Conservative MP posted a 48-second video on the app, showing his 41,000-strong following what it is like going through security to get into No 10, others are urging “concerted action” against Chinese state threats including data harvesting.

(The Guardian)

Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.