This week’s Cyber Security Headlines – Week in Review, Oct 4-8, is hosted by Rich Stroffolino with our guest, Adrian Ludwig, Chief Trust Officer, Atlassian

Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion.

Transnational fraud ring stole millions from Army members, veterans

Fredrick Brown, a former U.S. Army contractor, was sentenced yesterday to 151 months in prison after admitting to his role in a conspiracy that targeted thousands of U.S. service members and veterans and caused millions of dollars in losses. He harvested PII by taking photos of his screen while being logged into his Armed Forces Health Longitudinal Technology Application account. This allowed Brown and his accomplices to access U.S. military community benefits information via the Department of Defense portal and steal millions of dollars from veterans’ pension and disability benefits payments and U.S. military members’ bank accounts. Besides the 151-month prison term, Brown was also ordered to pay $2,331,639.85 in restitution and will be placed on supervised release for three years after being released from prison.

(Bleeping Computer)

Business leaders admit willingness to pay five-figure ransoms

Forty percent of business executives would be willing to pay at least a five-figure ransom to restore operations following an attack, this according to research conducted by security firm Arctic Wolf that polled 500 decision-makers from UK firms with over 1000 employees. The research also found that 20% of UK execs have previously concealed a cyber-attack to preserve their reputation, 67% of respondents believe their company is more vulnerable to attacks if staff work remotely or in a hybrid environment, and 62% are unsure whether IT teams can identify and detect some threats accurately.

(InfoSecurity Magazine)

Facebook whistleblower comes out of the shadows

The whistleblower who provided documents that served as the foundation for the Wall Street Journal’s Facebook Files series came forward as former Facebook product manager Frances Haugen. She worked at Facebook for almost two years before leaving in May 2021, working with the company’s Civic Integrity team. Following the breakup of the team on December 2, 2020, she contacted a Journal reporter. Documents leaked to the Journal came from Facebook Workplace and were open to all employees. She is scheduled to testify before Congress this week and filed with the SEC for federal whistleblower protections. While the reveal of the whistleblower doesn’t come with any new revelations about the company, it does reveal why she decided to go public with the information, saying that the Civic Integrity team ultimately felt like an understaffed cleanup crew.

(WSJ)

Facebook’s apps suffer massive outage

As Facebook was responding to the latest round of whistleblower releases, the company is also dealing with another issue, a massive outage of all its services! Facebook, Instagram, WhatsApp, Messenger, and Oculus VR are all currently down as of this recording, going offline around 12pm ET. According to Cloudflare, Facebook’s BGP routes have been “withdrawn from the internet.”  Since Facebook maintains its own BGP records, this indicates the change was made internally, not by outside interference. Facebook is showing a generic error message, while Instagram shows a 5xx Server Error message. This appears to be impacting internal Facebook services as well. Oculus users can play already loaded games, but social features and downloading new games is offline.

(The Verge)

Thanks to our episode sponsor, Votiro

Your users need to accept and open files to do their jobs. Keep them safe and productive with Votiro. With Votiro, your users can download and use any file instantly, from PDF to Autodesk CAD, with malicious code already removed—and full file usability intact. The signatureless, agentless file sanitization process happens in milliseconds without user friction. Visit Votiro.com and learn why millions of users trust Votiro to disarm billions of files each year.

Senate committee drops new FISMA reform bill

The Homeland Security and Governmental Affairs Committee has introduced a new bipartisan overhaul of the Federal Information Security Modernization Act which governs civilian federal cybersecurity. FISMA was last updated in 2014 which predates many significant cyber events. The new bill positions CISA and the new position of national cyber director to advise the Office of Management and Budget on information security policies and practices, conduct risk assessments of federal agencies, and coordinate cybersecurity activities across the federal government. The reform aims to address systemic security failures identified across government agencies earlier this year.

(SC Media)

The Telegraph exposes 10 TB database containing subscriber info

One of the UK’s largest newspapers and online media outlets, ‘The Telegraph,’ has leaked 10 TB of data after failing to properly secure one of its databases. Exposed information includes internal logs, full subscriber names, email addresses, device info, URL requests, IP addresses, authentication tokens, and unique reader identifiers. Researcher Bob Diachenko, who discovered issue on September 14, 2021, confirmed that at least 1,200 encrypted contacts were accessible without a password. The Telegraph was contacted about the exposure immediately, but it took them two days to secure the database. According to a statement from the company, only 600 individuals were affected, and the statement went on to assert that none of them are at risk since Diachenko was the first and last person to access the sensitive dataset. Nonetheless, affected users are encouraged to reset their passwords and remain vigilant against Phishing and other social engineering scams. 

(Bleeping Computer)

Ransomware hackers find vulnerable target in US grain supply

A third U.S. grain distributor has been infected with ransomware, raising concerns that hackers have found an easy target in a vital part of the US food supply chain. The largest of the three known victims, New Cooperative in Iowa, is still working to restore automated systems after being hacked in September. Crystal Valley in Minnesota was hit shortly afterwards, and now Farmers Cooperative Company, also in Iowa, has been hit, although it is declining comment, citing advice from the company’s lawyers. CISA representatives suggest that these three attacks do not represent a dedicated assault on the agricultural industry, but rather the outcome of opportunistic hackers exploiting whatever victims they could. But Allan Liska, a ransomware analyst at the cybersecurity firm Recorded Future, suggests there may be others that have been attacked but who have not yet come forward.

(NBC News)

(The Register)