This week’s Cyber Security Headlines – Week in Review, February 27-March 3, is hosted by Rich Stroffolino with our guest, Nick Vigier, CISO, Talend
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
White House gets tough with new National Cyber Strategy
The White House unveiled its long-awaited National Cybersecurity Strategy yesterday, laying out a holistic approach to improving digital security across the country. The plan is built around five basic pillars:
- Minimum cybersecurity requirements for critical infrastructure
- Offensive cyber actions against hackers and nation states
- Shifting liability onto software manufacturers
- Diversifying and expanding the cyber workforce
- Continuing to build international partnerships.
As we reported on Monday, the strategy places greater responsibility on larger organizations, and stresses robust collaboration, particularly between the public and private sectors.
CISA says to stop passing the security buck
At a recent event at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency director Jen Easterly called on technology companies to “fundamentally shift” product design around security. She said frequently tech companies shift the burden of security to consumers, ending up where “we’ve unwittingly come to accept as normal that such technology is dangerous by design.” Easterly questions why companies get blamed for data breaches when they run unpatched software, but questions why no blame falls on the manufacturer that “required too many patches.” She pointed to memory safe languages, transparent disclosure policies, and secure coding practices as ways vendors can improve.
News Corp reveals that attackers remained on its network for two years
In February 2022, the American media and publishing giant News Corp revealed it was the victim of a cyberattack from an advanced persistent threat actor that took place in January 2022. Investigation by Mandiant revealed that the attack was carried out by a nation-state actor which they believe to be a China-linked APT group. Now News Corp has revealed that the threat actor behind the security breach first gained a foothold in the company infrastructure in February 2020. News Corp-owned Wall Street Journal reported that the attack affected a major portion of the news conglomerate, including itself and The New York Post.
DISH outages caused by confirmed ransomware attack
On Tuesday, satellite broadcast giant DISH reported that a ransomware attack was to blame for “system issues” that occurred over the weekend. DISH said that, “certain data was extracted from the Corporation’s IT systems as part of this incident.” DISH’s internal communications, customer call centers and websites have been affected. However, DISH, Sling and wireless and data networks remain operational. The company hired an incident response firm to assist with the ongoing investigation and will contact customers in the event that their data was compromised during the attack.
Thanks to today’s episode sponsor, Conveyor
Some more bad news for LastPass
LastPass said Monday that the same attacker that stole partially encrypted login data back in August, hacked into an employee’s home computer shortly thereafter. The threat actor was able to exploit a vulnerable third-party media software package on a senior DevOps engineer’s computer to load keylogger and steal their credentials. They then used the stolen creds to break into the corporate vault which contained encryption keys for customer vault backups stored in Amazon S3 buckets. The engineer was one of only four LastPass employees with access to the corporate vault. Amazon notified LastPass of the incident after identifying the threat actor trying to use Cloud Identity and Access Management (IAM) roles to perform unauthorized activity.
GitHub expands secret scanning
Back in December, GitHub introduced a beta for a free secret scanning feature on public repositories. Within that test, 70,000 public repositor.ies enabled it. Now GitHub announced the service became publicly available. This will look for API keys, passwords, tokens, and other confidential information left in code. As part of this, GitHub will also notify its service partners if it detects their secrets left in public code, letting them revoke tokens and notify impacted customers. Admins need to opt-in to the feature, available in the Settings tab.
How to integrate Gen Z into a security program
We know there is a glaring cybersecurity skills shortage, so bringing young people into the field remains a known problem. CSO Online’s Maril Vernon recently looked at how organizations can better work with this younger generation. One of the things the report found was that Gen Z employees can be eager to learn new skills, but also want to move forward quickly to new challenges. Employers should lean into that to help deal with the fast changing threats in cyber security. These younger employees also greatly prefer electronic communications, even when in speaking distance. It recommends using this to promote create tight-knit highly dispersed teams.
Canadian book giant says employee data was stolen during ransomware attack
In a parallel story, Canadian bookseller Indigo denied that any customer data was stolen last month during a ransomware attack that took down its website. However it now says that employee data was involved in the attack. The Toronto-based company did not respond to requests for comment about how many people were affected. It has more than 8,000 current employees at more than 160 stores across Canada. The LockBit cybercrime gang has claimed responsibility for the attack on Tuesday..