Cyber Security Headlines Week in Review: Critical CVEs predicted, FAA needs 7 years, background check breach 

This week’s Cyber Security Headlines – Week in Review, February 6-10, is hosted by Rich Stroffolino  with our guest, Ed Covert, head of Cyber Risk Engineering, Bowhead Specialty

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com

Background check services confirm data breach

The firm PeopleConnect, which operates the background check services TruthFinder and Instate Checkmate, confirmed the incident. Threat actors exposed an April 2019 backup database with information on over 20 million customers across the two services last month. Information exposed impacted customers from 2011 to 2019, including emails, hashed passwords, names, and phone numbers. PeopleConnect began an investigation, but said it appears likely an “inadvertent leak or theft of a particular list.” A third-party audit found no signs of a network breach. Troy Hunt added the leaked list to Have I Been Pwned, and PeopleConnect warned to be on the lookout for phishing attempts. 

(Bleeping Computer)

Cyber insurer predicts a rise in critical CVEs

A new Cyber Threat Index from the insurance firm Coalition predicts 2023 will see an average of 1,900 monthly critical CVEs, up 13% on the year. Of these it forecasts 14% will be high-severity and 8% will be critical-severity. Coalition derived this estimate based on underwriting and claims data, internet scans, and its network of honeypots aggregated over the past ten years. The Index also found that 95% of organizations it scanned in 2022 exposed at least one unencrypted service to the internet. Remote Desktop Protocol remain the most scanned for protocol by attackers 

(CSO Online)

FAA needs until 2030 to fix its safety system 

On Tuesday, House lawmakers held a hearing on aviation safety to raise questions about the January 11 meltdown of the Federal Aviation Administration’s Notice to Air Missions system, or Notam. Notam produces safety bulletins for pilots flying in the US. While the FAA says it has fixed the root cause of last month’s failure, the system still has other issues. According to numerous sources, the system’s antiquated language and unnecessary info make its bulletins hard for pilots to interpret .Even though congress first ordered the FAA to begin updating Notam back in 2012, acting Administrator Billy Nolen informed lawmakers that fixes won’t  be fully implemented until 2030. 

(Slashdot)

Experts publish a list of proxy IPs used by the pro-Russia group Killnet

Researchers at SecurityScorecard published a list of proxy IPs used by the pro-Russia group Killnet with the intent to interfere with its operation and block its attacks. Killnet, which has been active since March 2022, has launched DDoS attacks against governments and critical infrastructure of countries that expressed support to Ukraine, including hospitals, airports and government agencies. The list of almost 18,000 proxy IPs was published on GitHub and also includes addresses used by other gangs. The intent of publication was to assist organizations in blacklisting them.

(Security Affairs)

Thanks to today’s episode sponsor, CISO Series

“If it is important it will likely be in the Cyber Security Headlines update in the morning… And it allows me and my team to dig in a little more on aspects that might affect our technology stack,” said Shawn Bowen, CISO for World Fuel Services. Security leaders listen and make decisions based on what they hear on this very show. Do you have a solution that just needs to find the attention of the right audience of cyber professionals? If you’re interested in sponsorship, email us at info@cisoseries.com.

The week that ChatGBT exploded

Bing’s success, Google’s stumble, the Chinese equivalents, its potential as an ally/foe for cybersecurity – also are people getting distracted and missing some of the other current threats?

Swatting the c-suite on the rise

CSO Online passed on a report from the digital executive protection company BlackCloak, which reports an increase in swatting and doxxing attacks against high profile positions in Fortune 500 companies. These include c-suite executive and board members. These attacks seem focused on healthcare, biomed, pharma, and esports industries. The company recommends removing personal information from data broker sites, sharing less personal information overall, making corporate About Us pages with executives more formal, and registering homes with either a trust of an LLC rather than in their name. 

(CSO Online)

UK creates standalone tech regulator

In the UK, the Department for Digital, Culture, Media and Sport previously oversaw tech regulation in the country. However Prime Minister Rishi Sunak revealed the formation of new science, innovation and technology department that will now oversee the technology sector. The new department will be headed by former DCMS secretary Michelle Donelan. This comes as the government’s Online Safety Bill makes its way through Parliament, as well as the anticipated announcement of the UK’s broader strategy around semiconductors.  

(Politico)

Orgs lack security architecture to support multi-cloud strategy 

A new report from Valtix found that 28% of IT leaders strongly believe multi-cloud is a “bad idea,” citing (1) difficulty to consistently secure such environments (38%), lack of tooling (35%) and (3) lack of multi-cloud reference architectures (32%). Responding organizations also cited several ‘unintentional’ factors that have accelerated their multi-cloud journey, including (1) shadow IT (51%), (2) software vendors (ISVs) (48%), and (3) mergers and acquisitions (47%). While just 57% of IT leaders are sure that multi-cloud security is achievable, 95% admit they’ll still need to embrace it as a “strategic priority” this year.

(Dark Reading)

Chinese phones collect PII

According to a new report from researchers at the University of Edinburgh and Trinity College Dublin, found that Chinese phone makers like Xiaomi, OnePlus, and Oppo’s RealMe collect extensive data on users without consent. This involves data directly from the OS as well as preinstalled apps. Personally identifiable information appears to go to both the phone vendor as well as service providers and network operators. Data sent includes phone numbers, IMEI and MAC addresses, geolocation data, contacts, and text metadata. The researchers found no way to opt-out of collection. Data collection also didn’t stop when leaving China, with devices sending information to carriers and vendors even when connected on Wi-Fi with no SIM card used. 

(Gizmodo)

Steve Prentice
Author, speaker, expert in the area where people and technology crash into each other, viewed from the organizational psychology perspective. Host of many podcasts, voice actor and narrator for corporate media and audiobooks. Ghost-writer for busy executives.