This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest George Finney, CISO, The University of Texas System – check out George’s new book plus all his other achievements at his website, WellAwareSecurity.
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Defendnot tool can disable Microsoft Defender
The tool, built by a developer who goes by the handle es3n1n, can disable Microsoft Defender on Windows devices simply by registering a fake antivirus product, even when no real AV is installed. As reported in BleepingComputer, the tool “utilizes an undocumented Windows Security Center (WSC) API that antivirus software uses to tell Windows it is installed and is now managing the real-time protection for the device.” When this happens, Windows automatically disables Microsoft Defender to avoid conflicts from running multiple security applications on the same device. Microsoft has since taken steps to detect and quarantine the tool.
(BleepingComputer and es3n1n blog)
Rogue devices found in Chinese-made power inverters
U.S. security experts have discovered hidden “kill switches” and undocumented cellular radios in Chinese-made power inverters used in U.S. and European solar farms. These rogue devices could allow Beijing to remotely disable parts of the power grid during a conflict, raising serious national security concerns. While inverters typically allow remote access for maintenance, experts found covert communication hardware not listed in product documentation. Over the past nine months, similar devices were found in batteries from multiple Chinese suppliers. The presence of such hidden systems suggests a potential for remote sabotage of critical energy infrastructure by foreign actors.
Bipartisan bill for federal cyber workforce training
Representatives Pat Fallon and Marcy Kaptur introduced the Federal Cyber Workforce Training Act in the House. This bill calls on the National Cyber Director to plan for the creation of a centralized training center for federal cyber workforce development. This center would focus on setting cybersecurity standards for new Federal employees at the start of onboarding, specifically for entry-level workers with role-specific training developed in cooperation with relevant federal agencies. The bill also proposes the idea of specialized training for federal HR officials to better recruit personnel for the federal cyber workforce.
Huge thanks to our sponsor, Conveyor
Conveyor’s AI doesn’t need hand-holding and gets you accurate answers every time with limited knowledge base maintenance.
It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center.
You don’t maintain a knowledge base. You connect to one.
And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com
Vulnerability Exploitation Probability Metric Proposed by NIST, CISA Researchers
NIST and CISA have developed Likely Exploited Vulnerabilities (LEV), a new metric using mathematical equations to predict vulnerability exploitation probability. This complements KEV and EPSS to improve patching prioritization by identifying potential overlooked threats. NIST is currently seeking industry partners to evaluate LEV’s real-world impact.
Federal agencies impacted by “major lapse” at Opexus
The Thomas Bravo-owned company Opexus provides digital tools that federal government agencies use to process electronic records. According to documents seen by Bloomberg News, an insider threat attack from two employees, twin brothers Suhaib and Muneeb Akhter, improperly accessed sensitive documents and deleted over 30 databases, including those with data from the IRS and General Services Administration. The two previously pleaded guilty to wire fraud and hacking charges in 2015, involving a scheme to install a device that would give them remote access to State Department systems to create and sell fake passports and visas. When Opexus officials held a virtual human resources meeting with the brothers to terminate them after getting flagged by the FDIC for their previous exploits, they deleted and exfiltrated data while on the call and within an hour of being released.
SK Telecom says malware breach lasted 3 years, impacted 27 million numbers
South Korea’s SK Telecom reported a nearly three-year-long undetected malware breach, beginning June 2022, which compromised sensitive SIM data of nearly 27 million customers, including authentication keys and contact information, elevating SIM-swapping risks. The company is replacing SIMs, blocking unauthorized device changes, and accepting responsibility for resulting damages. Investigations identified 25 malware types on 23 servers, but the full scope of data loss is uncertain due to limited early logging.