This week’s Cyber Security Headlines – Week in Review, April 10-14, is hosted by Rich Stroffolino with our guest, Dmitriy Sokolovskiy, CISO, Avid
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Tracing leaked Pentagon documents
Aric Toler of Bellingcat traced the leak of US Justice Department and Pentagon documents online, some of which the government designated Top Secret, with some involving the invasion of Ukraine. Toler found evidence these documents were first posted as early as January on a Discord server, but may have appeared online before that. Toler spoke with some on the Discord server that the documents were originally posted on a now deleted server earlier, but could not confirm. From there the documents spread to 4Chan. In March they made their way to Telegram channels and Twitter, where the New York Times and other media outlets picked them up.
Over 40% of cybersecurity teams told to keep breaches confidential
A new report from Bitdefender suggests that 42% of the total IT/security professionals surveyed said they have been told to keep a breach confidential when they knew it should be reported and 30% said they have kept a breach confidential. The U.S. had the highest rate with 71% of IT/security professionals being told to keep quiet, followed by the U.K. at 44%, Italy, Germany, and Spain in the mid 30 percents. In addition, 52% of global respondents said they have experienced a data breach or data leak in the last 12 months.
Cisco to air-gap Webex
The networking giant announced plans to offer an air-gapped version of its Webex cloud collaboration system, designed to cater to companies in highly controlled industries, think national security and defense. Cisco will introduce Air-Gapped Trusted Cloud next year. Like other similar services, servers on the service will be air-gapped from public networks, operated in the US, and staffed with properly cleared local staff. The company claims this will meet US security standards across industries without sacrificing user experience.
Netherlands to adopt RPKI
The Dutch government plans to transition to Resource Public Key Infrastructure standards by the end of 2024 in an effort to improve the security of its internet routing. This will use digital certificates to secure BGP, protecting against malicious or accidental rerouting of network traffic. The country’s Standardization Forum mandated all communication devices managed by the government must make the transition by the end of next year. 77.9% of Dutch government sites already use RPKI. According to NIST however, global adoption lags behind, with only 41% of verifiable IPv4 prefix-origin pairs complying. For some context, that marks an increase from 33.5% at the start of 2022.
Thanks to today’s episode sponsor, AppOmni
EU sets up ChatGPT task force
When Italy dropped the hammer on OpenAI, it remained an open question how other data regulators in the EU would react. Now we have an indication. The European Data Protection Board announced it set up a ChatGPT task force. This body will “foster cooperation and to exchange information on possible enforcement actions conducted by data protection authorities.” Reuter’s sources say the body will try to align regulators across the block on policy positions with generative AI in general, and will not seek to make rules specifically to target OpenAI. Outside of Italy, regulators in Spain and Germany also announced investigations into OpenAI.
(Reuters)
Hikvision flaw exposes video data
The surveillance company confirmed an “access control issue” on its Hybrid SAN and cluster storage portfolio could allow an attacker with network access to obtain admin access to these devices and gain access to stored video security data. These devices are often exposed to the internet, opening the door to a large attack surface.In its advisory, the company stated it did not find evidence of active exploitation. Security researchers at Redinent reported the flaw in December, with Hikvision issuing a patch on April 10th.
Cisco to air-gap WebEx
The networking giant announced plans to offer an air-gapped version of its WebEx cloud collaboration system, designed to cater to companies in hight controlled industries, think national security and defense. Cisco will introduce Air-Gapped Trusted Cloud next year. Like other similar services, servers on the service will be air-gapped from public networks, operated in the US, and staffed with properly cleared local staff. The company claims this will meet US security standards across industries without sacrificing user experience.
Western Digital attackers say they have customer data
Earlier this month, the storage giant Western Digital confirmed it experienced a “network security incident” that saw data exfiltration across its systems. It remains cagey on specifics of what the attackers actually obtained. Well the attackers aren’t being mum about it. Speaking to TechCrunch one of their representatives said it obtained roughly 10 terabytes of data in the attack, including customer information. It shared a file it created signed by WD’s certificate and shared executives’ phone numbers. The attackers say they performed the attack for financial gain.