Cyber Security Headlines – Week in Review – Apr 4-8, 2022

This week’s Cyber Security Headlines – Week in Review, Apr 4-8, is hosted by Rich Stroffolino with our guest, Brett Conlon, CISO, American Century Investments

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

National Security Agency employee indicted for ‘leaking top secret info’

The United States Department of Justice (DoJ) has accused an NSA employee of sharing top-secret national security information with an unnamed person who worked in the private sector. According to a DoJ announcement and the indictment, an NSA staffer named Mark Unkenholz “held a TOP SECRET/Sensitive Compartmented Information (SCI) clearance and had lawful access to classified information relating to the national defense.” The indictment alleges that on 13 occasions between 2018 and 2020, Unkenholz shared some of that information with a woman identified only as “RF” who was not entitled to see it. The indictment and announcement allege Unkenholz used his personal email address to send material to RF.

(The Register)

Companies going to greater lengths to hire cybersecurity staff

According to an article in Dark Reading, employers are desperately seeking to fill cybersecurity positions. The number of available cybersecurity jobs coupled with accelerated attrition due to the Great Resignation has led to companies offering ridiculously high salaries, a bevy of benefits, and free training and certifications to woo candidates. Even so, the candidate pool is limited. Employers are exploring ways to help applicants fill in the gaps in their experience so that they can be hired. “The No. 1 thing anyone interested in cybersecurity careers should do is apply,” says Justine Fox, principal product manager, technical, at NuData Security, a Mastercard company. “There is no faster way to learn the role’s required skills than in the role. Whether you are self-taught or formally educated, I encourage folks to apply.” Mitch Ashley, principal at Techstrong Research, suggests cyber leaders must “widen the net” to bring in “talents beyond only traditional cybersecurity domains,” he adds, and managers “must think more like software leaders and less like network engineers.”

(Dark Reading)

Cadbury scam is anything but sweet

Users on Facebook and WhatsApp report a new scam attempting to lure users with a promise of a free easter basket of Cadbury Eggs. Cadbury confirmed its aware of the scam and is taking action to resolve the issue. Clicking on the link to claim your free basket takes you to a page where you’re asked to share personal information. It does not appear that the page installs any malware directly, but it’s probably not a good idea to share anything you don’t have to with people operating a scam. 

(InfoSecurity Magazine)

Russians increasing turning to Western news

Cloudflare published data showing that people inside Russia are increasingly circumventing domestic blocking to get news from Western sources. Russia has blocked direct access to Western media and social networks, but has not isolated the country from the global internet. In March the most downloaded mobile apps in Russia include VPN tools, the secure messaging app Telegram, and Cloudflare’s DNS resolver WARP. By looking at WARP data, Cloudflare saw a precipitous rise in Russia-based use, with most DNS lookups involving large French, British, and U.S.-based newspapers.

(Bleeping Computer)

Thanks to our sponsor, Code42

It’s not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network.
 
Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme.

MailChimp hit with breach

We reported yesterday on Trezor wallet owners receiving phishing emails. Now we know the actors obtain those emails. Over the weekend the email marketing firm disclosed that hackers gained access to internal customer support and management tools through social engineering, obtaining personal information that was subsequently used in phishing attacks. Overall 319 accounts were accessed with audience data exported. API keys were also obtained for an unknown number of users, which have since been disabled. Customers in the cryptocurrency and finance sectors were targeted.

(Bleeping Computer)

US disrupted Russian botnet

Attorney General Merrick Garland announced that government officials disrupted a botnet built by the Sandworm hacking group linked to Russia’s GRU intelligence agency. Sandworm had previously been blamed for attacks against Ukraine’s electric grid in 2015 and the NotPetya attacks in 2017. This botnet used “Cyclops Blink” code to target WatchGuard Technologies’ Firebox firewall hardware and was also able to infect some Asus network hardware. Garland said the government believed it was taken down before it could be weaponized to perform any malicious activity. 

(CyberScoop, TechCrunch)

Twitter shadowbans Russian government accounts

The social network announced that it will “drastically” reduce the chances of people seeing posts from accounts belonging to the Russian government as part of further measures to limit Russia’s ability to leverage the platform. This means these accounts won’t be suggested to follow or appear in Search or Explore pages. In an effort not to spread content that risks violating the Geneva Conventions, Twitter will also “require the removal of Tweets posted by government or state-affiliated media accounts” that contain media showing prisoners of war from Russia’s invasion of Ukraine. Twitter’s head of site integrity, Yeol Roth, said there are exceptions to this policy for media that is “compelling public interest or newsworthy POW content.” Twitter will also remove any content showing PoWs with “abusive intent” across all accounts. 

(The Verge)

Amazon secures rockets for broadband project

Over the next five years, three new heavy-lift rockets will put thousands of satellites into low earth orbit as part of Amazon’s Project Kuiper. The project aims to provide broadband connections using a constellation of 3,236 satellites. Rival Starlink is said to have more than 2,300 satellites in orbit already. The rockets will be made by Arianespace, Blue Origin – which was founded by Amazon owner Jeff Bezos – and United Launch Alliance. Amazon says Project Kuiper aims to provide high-speed, low-latency broadband to customers including households, businesses, government agencies, disaster relief operations, mobile operators, and other organizations “working in places without reliable internet connectivity”. Like Elon Musk’s Starlink, users will connect to the internet via a terminal that communicates with the satellites. Amazon says its experience in shipping and making products like Echo and Kindle will be useful in producing and distributing these.

(BBC News)


Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.