This week’s Cyber Security Headlines – Week in Review, February 6-10, is hosted by Rich Stroffolino with our guest, Ed Covert, head of Cyber Risk Engineering, Bowhead Specialty
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Background check services confirm data breach
The firm PeopleConnect, which operates the background check services TruthFinder and Instate Checkmate, confirmed the incident. Threat actors exposed an April 2019 backup database with information on over 20 million customers across the two services last month. Information exposed impacted customers from 2011 to 2019, including emails, hashed passwords, names, and phone numbers. PeopleConnect began an investigation, but said it appears likely an “inadvertent leak or theft of a particular list.” A third-party audit found no signs of a network breach. Troy Hunt added the leaked list to Have I Been Pwned, and PeopleConnect warned to be on the lookout for phishing attempts.
Cyber insurer predicts a rise in critical CVEs
A new Cyber Threat Index from the insurance firm Coalition predicts 2023 will see an average of 1,900 monthly critical CVEs, up 13% on the year. Of these it forecasts 14% will be high-severity and 8% will be critical-severity. Coalition derived this estimate based on underwriting and claims data, internet scans, and its network of honeypots aggregated over the past ten years. The Index also found that 95% of organizations it scanned in 2022 exposed at least one unencrypted service to the internet. Remote Desktop Protocol remain the most scanned for protocol by attackers
FAA needs until 2030 to fix its safety system
On Tuesday, House lawmakers held a hearing on aviation safety to raise questions about the January 11 meltdown of the Federal Aviation Administration’s Notice to Air Missions system, or Notam. Notam produces safety bulletins for pilots flying in the US. While the FAA says it has fixed the root cause of last month’s failure, the system still has other issues. According to numerous sources, the system’s antiquated language and unnecessary info make its bulletins hard for pilots to interpret .Even though congress first ordered the FAA to begin updating Notam back in 2012, acting Administrator Billy Nolen informed lawmakers that fixes won’t be fully implemented until 2030.
(Slashdot)
Experts publish a list of proxy IPs used by the pro-Russia group Killnet
Researchers at SecurityScorecard published a list of proxy IPs used by the pro-Russia group Killnet with the intent to interfere with its operation and block its attacks. Killnet, which has been active since March 2022, has launched DDoS attacks against governments and critical infrastructure of countries that expressed support to Ukraine, including hospitals, airports and government agencies. The list of almost 18,000 proxy IPs was published on GitHub and also includes addresses used by other gangs. The intent of publication was to assist organizations in blacklisting them.
Thanks to today’s episode sponsor, CISO Series
The week that ChatGBT exploded
Bing’s success, Google’s stumble, the Chinese equivalents, its potential as an ally/foe for cybersecurity – also are people getting distracted and missing some of the other current threats?
Swatting the c-suite on the rise
CSO Online passed on a report from the digital executive protection company BlackCloak, which reports an increase in swatting and doxxing attacks against high profile positions in Fortune 500 companies. These include c-suite executive and board members. These attacks seem focused on healthcare, biomed, pharma, and esports industries. The company recommends removing personal information from data broker sites, sharing less personal information overall, making corporate About Us pages with executives more formal, and registering homes with either a trust of an LLC rather than in their name.
UK creates standalone tech regulator
In the UK, the Department for Digital, Culture, Media and Sport previously oversaw tech regulation in the country. However Prime Minister Rishi Sunak revealed the formation of new science, innovation and technology department that will now oversee the technology sector. The new department will be headed by former DCMS secretary Michelle Donelan. This comes as the government’s Online Safety Bill makes its way through Parliament, as well as the anticipated announcement of the UK’s broader strategy around semiconductors.
(Politico)
Orgs lack security architecture to support multi-cloud strategy
A new report from Valtix found that 28% of IT leaders strongly believe multi-cloud is a “bad idea,” citing (1) difficulty to consistently secure such environments (38%), lack of tooling (35%) and (3) lack of multi-cloud reference architectures (32%). Responding organizations also cited several ‘unintentional’ factors that have accelerated their multi-cloud journey, including (1) shadow IT (51%), (2) software vendors (ISVs) (48%), and (3) mergers and acquisitions (47%). While just 57% of IT leaders are sure that multi-cloud security is achievable, 95% admit they’ll still need to embrace it as a “strategic priority” this year.
Chinese phones collect PII
According to a new report from researchers at the University of Edinburgh and Trinity College Dublin, found that Chinese phone makers like Xiaomi, OnePlus, and Oppo’s RealMe collect extensive data on users without consent. This involves data directly from the OS as well as preinstalled apps. Personally identifiable information appears to go to both the phone vendor as well as service providers and network operators. Data sent includes phone numbers, IMEI and MAC addresses, geolocation data, contacts, and text metadata. The researchers found no way to opt-out of collection. Data collection also didn’t stop when leaving China, with devices sending information to carriers and vendors even when connected on Wi-Fi with no SIM card used.
(Gizmodo)