Cyber Security Headlines

Widespread Microsoft Entra lockouts cause by new security feature rollout Malware delivered through diplomatic wine-tasting invites British companies told to hold in-person interviews to thwart North Korea job scammers Huge thanks to our sponsor, Dropzone AI Growing your MSSP client roster while your alerts are multiplying? Dropzone AI works alongside your team, investigating alerts just like your best human analysts would. Our AI SOC Analyst cuts investigation time from an hour to minutes while handling five times more alerts per analyst. Unlike complex SOAR solutions, Dropzone deploys quickly and adapts to your environment without the need for playbooks or coding. Eliminate backlogs, reduce false positives, and deliver the detailed investigations your clients expect. Ready to scale your MSSP without scaling your team? Meet us at booth ESE-60 at RSA. Find the stories behind the headlines at CISOseries.com.

Link to episode page This week’s Cyber Security Headlines – Week in Review is hosted by David Spark with guest Trina Ford, CISO, iHeartMedia Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that’s…a new way to GRC. Get started at Vanta.com/headlines. All links and the video of this episode can be found on CISO Series.com

A bipartisan initiative aims to renew a vital cyberthreat sharing law for better collaboration between businesses and the government. State-sponsored hackers have taken a liking to the ClickFix technique. GoDaddy's miscommunication led to a significant 90-minute Zoom service disruption. The discussion also highlights critical vulnerabilities, including risks linked to SonicWall's SMA-100 series and the activities of the Mustang Panda APT. Stay informed on the latest cybersecurity threats and how to mitigate them.

MITRE receives a crucial bailout from CISA just in time. The cybersecurity landscape shifts as Krebs departs SentinelOne after his security clearance is revoked. Apple steps up by patching two zero-day vulnerabilities that targeted iPhones. Meanwhile, a significant data breach involving Oracle raises alarms, prompting CISA to issue crucial recommendations for organizations at risk.

CISA has extended funding for the Common Vulnerabilities and Exposures (CVE) program, which was facing expiration. This crucial decision ensures uninterrupted CVE services, enabling organizations to stay vigilant against emerging threats. The discussion highlights the importance of ongoing support in the cybersecurity landscape and hints at future updates that may come as a result of this funding extension.

Funding for the CVE database is set to expire, raising concerns about cybersecurity resources. Meanwhile, 4chan experiences downtime after an alleged hacking incident. Tensions escalate as China accuses the U.S. of sophisticated cyberattacks, naming alleged NSA agents. The shift in tactics among cyber groups reveals a rise in AI-driven threats, while vulnerabilities in platforms like Clio lead to significant data breaches, impacting customer privacy. Overall, the cybersecurity landscape is evolving with new challenges.

The podcast dives into the alarming risks of 'slop squatting' and its impact on software safety. It reveals a significant data breach involving Morocco's National Social Security Fund. The European Commission is ramping up security measures for U.S.-bound staff, responding to rising threats. Listeners learn about AI-driven tax scams and a serious ransomware attack on a healthcare provider. There are also insights into new malware targeting healthcare and challenges in assessing a CISO's performance amidst evolving cybersecurity landscapes.

CISA is planning significant workforce cuts, raising concerns about cybersecurity preparedness. Microsoft warns users about the dangers of deleting the ‘inetpub’ folder on Windows. A massive data breach at a testing lab has compromised the personal information of 1.6 million individuals. Additionally, 21 countries have signed a new cybersecurity code of practice to combat emerging threats. Recent developments include the Tycoon 2FA phishing kit and a military malware attack linked to Russian hackers.

Carla Sweeney, SVP of InfoSec at Red Ventures, dives into the alarming capabilities of AI like ChatGPT to create fake passports, raising concerns about identity theft. The discussion highlights Apple's legal challenges over encryption vs. security and Oracle's cloud security breaches. Sweeney also addresses the corporate communication dilemma during data breaches and the evolving cyber threats, emphasizing the need for robust defense strategies. Her insights illuminate the delicate balance between privacy, transparency, and the fight against sophisticated cyber threats.

The podcast dives into the abrupt sacking of former CISA Director Chris Krebs and the subsequent investigation. It reveals alarming vulnerabilities in Nissan Leaf cars that could allow for remote spying and control. Experts discuss the potential backlash from China related to tariffs, highlighting rising cybersecurity threats amid geopolitical tensions. The conversation also touches on various ransomware incidents, ongoing vulnerabilities in critical infrastructure, and new efforts to enhance cyber awareness in the community.