This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Rusty Waldron, chief business security officer, ADP
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Replay attacks bypass deepfake detection
A new paper from Resemble AI and a team of European academic researchers shows a new method for getting around existing audio deepfake detectors, dubbed a replay attack. This involves generating synthetic speech, playing it over speakers, and rerecording it with actual background noise. On top performing deepfake detection models, this approach increased error rates from 4.7% to 18.2%. Retraining the models based on a specific room tone helped a little, with an 11% error rate. The researchers believe this re-recording removed key artifacts that detection models rely on.
Fire panel security flaws could put OT systems in hot water
Consilium Safety makes fire- and gas-detection systems used across various sectors with an estimated installed base of 85,000. CISA issued an advisory about two flaws impacting its CS5000 Fire Panel. One flaw allows for a device takeover using a default account preinstalled. While owners can change this account over SSH, CISA found “t has remained unchanged on every installed system observed.” The other flaw comes from a hardcoded password that runs on a VNC server, which is, you know, bad. Consilium said it was aware of the flaws but chose not to mitigate them. Instead, it recommended that customers upgrade to its newer line of products.
Senators ask for reinstatement of cyber review board to work on Salt Typhoon investigation
Four Senate Democrats have sent a letter to Homeland Security Secretary Kristi Noem asking her to reestablish the Cyber Safety Review Board (CSRB) whose 20 board members were dismissed days after the President’s inauguration in January. The senators’ letter describes the dismissal as “depriving the public of a fuller accounting of the origin, scope, scale, and severity of” the Salt Typhoon compromises. They add that the dismissals are “particularly confounding in light of the administration’s repeated insistence… on the need to leverage private sector and external expertise in government.”
Huge thanks to our sponsor, Conveyor
What are you going to do?
Here’s a better question: what would Sue do?
Sue is Conveyor’s new AI Agent for Customer Trust. She handles the entire security review process like answering every customer request from sales, completing every questionnaire or executing every communications and coordination task in-between.
No more manual work. Just a quick review when she’s done.
Ready to let Sue take the reins? Learn more at www.conveyor.com.
Sean Cairncross has policy coordination in mind
At his Senate confirmation hearing, Sean Cairncross outlined his vision for leading the Office of the National Cyber Director, emphasizing the need for interagency coordination and alignment with administration policy. While acknowledging his lack of technical cyber expertise, Cairncross highlighted his leadership experience in managing large organizations and responding to cyberattacks during his tenure at the Republican National Committee. He avoided directly addressing concerns about potential cuts to CISA but stressed a proactive stance against foreign threats. Citing recent attacks by Chinese hacking groups, he identified China as the top cybersecurity threat facing the U.S.
Microsoft and CrowdStrike partner to link hacking group names
As quoted in BleepingComputer, “Microsoft and CrowdStrike announced today that they’ve partnered to connect the aliases used for specific threat groups without actually using a single naming standard. As the two companies explained on Monday, this will be done by mapping (or linking) the different names their security analysts use for each group they track. Microsoft has updated its threat actor reference guide with a list of common hacking groups tracked by CrowdStrike and Redmond, all mapped using each company’s naming systems. Google/Mandiant and Palo Alto Networks’ Unit 42 will also be contributing their own information to make attribution faster and clearer, with other cybersecurity companies likely to join this initiative in the future.
The UK Brings Cyberwarfare Out of the Closet
The UK published its 2025 Strategic Defence Review on June 2nd, openly committing for the first time to cyberwarfare as part of integrated military operations. The review proposes a centralized CyberEM command to coordinate cyber, AI, and electromagnetic capabilities across land, sea, air, and digital domains, citing 90,000 gray zone cyberattacks on UK military networks over the past two years. It also introduces the “targeting web,” a new AI-driven system for rapid, cross-domain decision-making and attacks, inspired by lessons from the war in Ukraine.