This week’s Cyber Security Headlines – Week in Review, May 24-28, 2021, is hosted by Steve Prentice (@stevenprentice) with our guest, Jimmy Sanders (@jfireluv), CISO, Netflix DVD

Cyber Security Headlines – Week in Review is live every Thursday at 4pm PT/7pm ET. Join us each week by registering for the open discussion.

Air India hack covers ten years and three other airlines

The hack that is currently being attributed to Air India was apparently directed at Atlanta-based SITA Passenger Service System, a company that served Air India, airline representatives said in a statement Friday. The breach, which happened in February, gave attackers access to 10 years’ worth of data including names and passport and credit card information not just from Air India, but also from Singapore Airlines, New Zealand Air, and Lufthansa, potentially affecting 4.5 million passengers. Air India disclosed the scale of the breach nearly three months after it was first informed by the IT provider.

(Security Week)

DarkSide getting taken to ‘Hackers’ Court’ for not paying affiliates

A shadow court system for hackers shows how professional ransomware gangs have become. DarkSide is suspected as being responsible for the Colonial Pipeline attack. Cybercriminals who have worked as affiliates with them, and who are now having a tough time getting paid for their work, have taken Darkside to Hacker’s Court. John Hammond, a senior security researcher with Huntress, told Threatpost, “cybercrime groups have to be selective and handpick members of their cohorts – they take their work seriously, and obviously it can be a lucrative gig.” To this end, their reputations set the bar of behavior and aggrieved parties can now put these reputations – and potential for future collaboration on trial in front of a jury. 


SalesForce crash blamed on sole employee using emergency patch

The cause of global crash that affected Salesforce servers back on May 11 has now been pinned on a lone engineer who had been tasked with making a DNS configuration change to connect a new Salesforce Hyperforce environment in Australia. Rather than use a staggered rollout, the engineer instead decided to shortcut the normal procedures by using an Emergency Break-Fix (EBF) process. However the script used contained a bug which required a restart of the DNS servers which themselves were needed to implement the rollbacks and restarts, thus creating a circular dependency. Salesforce eventually got everything back online and has promised new safeguards for future changes. And the engineer in question? “We have taken action with that particular employee,” a representative said. 

(The Register)

Russia threatens to slow Google

The Russian communications watchdog Roskomnadzor previously placed a punitive slowdown on Twitter traffic in the country after the company refused to delete banned content, and now the regulator is threatening similar action against Google. The agency said it sent more than 26,000 requests for Google to remove illegal information, including videos with info on drugs, violence or materials from so-called extremist organizations. Google could be fined up to 10% of the company’s total annual revenue for repeat violation according to Russian law. Rozkomnadzor also accused Google of censorship for alleged YouTube restrictions on Russian media platforms RT and Sputnik. Court records show Google is suing regarding the demands to remove the banned comment. The regulator declined to comment when asked if Google could be banned outright in the country. 


Thanks to our episode sponsor, Sumo Logic

It’s time to rethink your security for digital transformation success. Register for Sumo Logic’s Modern SOC Summit June 8-9 to debate, discuss and share best practices for modernizing security operations for the rapidly evolving threat landscape. Reserve your spot for this virtual event at and click on the link at the top of the screen.

DHS to issue first-ever cybersecurity regulations for pipelines after Colonial hack

The Department of Homeland Security is moving to regulate cybersecurity in the pipeline industry for the first time in an effort to prevent a repeat of last month’s Colonial Pipeline incident. The Transportation Security Administration, a unit of the DHS, will issue a security directive this week requiring pipeline companies to report cyber incidents to federal authorities. It will follow up in coming weeks with a more robust set of mandatory rules for how pipeline companies must safeguard their systems against cyberattacks and the steps they should take if they are hacked, the officials said. The agency has offered only voluntary guidelines in the past.

(Washington Post)

Smart keyboards as the next frontier against insider threats

In an editorial posted to ThreatPost, Dale Ludwig from Cherry Americas, proposes that greater attention be given to smart, secure keyboards, a technology that he says is often overlooked in the race to deploy software-driven countermeasures to cyberattacks. Newer keyboard technologies now provide higher security through two-factor authentication using smart cards and contactless card reader, and can be partnered with new mouse technology, that uses fingertip sensors for user authentication, to greatly improve security. Full disclosure, Cherry Americas is a manufacturer of computer input devices, however, the article poses some good food for thought.


WhatsApp sues over Indian IT laws

These laws were originally passed in February and effective on May 26th. The law requires messages to be put in a “traceable database” to identify “unlawful” content. This would require WhatsApp to no longer offer end-to-end encrypted messaging in order to be compliant. WhatsApp said the laws are unconstitutional and a violation of citizen’s right to the preservation of privacy, comparing the traceability requirement of the law to mass surveillance.

(The Guardian)

Do bug bounties actually help security?

In a piece over at Dark Reading, Oleg Brodt wonders if the ecosystem around bug bounties is similar to the Cobra Effect seen in India under British Colonial rule, where a bounty on Cobras to reduce their population resulted in residents actively breeding them to cash in. While bug bounties cannot be bred in the same way, Oleg considers if bug bounties are just a way for vendors to transfer the liability of eliminating vulnerabilities in their products to bug hunters, rather than doing extensive secure-by-design development and testing. His point is not that there isn’t a role for bug bounties, but rather without addressing the source that creates these bugs, bounties themselves aren’t effective in reducing their number. 

(Dark Reading)