Cybersecurity News Update - 6\/25\/2024

Introduction

Today we talk about an end to digital privacy, NSA at ChatGPT, Kaspersky anti-virus software banned in the US, thousands of car dealers disabled by a cyber attack, Brian Krebs threatened with a lawsuit, and production of Tesla's Cyber Trucks halted!

6/18 - Hackers Obtain Amtrak Account Info in Breach

Reports say the said attackers used previously compromised credentials to crack accounts and access a lot of personal data.

Amtrak stressed in the breach notice that there was no hack of Amtrak systems

6/18 - The End of End-to-End Encryption?

A controversial proposal put forth by the European Union to scan users' private messages for detection child sexual abuse material (CSAM) poses severe risks to end-to-end encryption (E2EE), warned Meredith Whittaker, president of the Signal Foundation, which maintains the privacy-focused messaging service called Signal. Where do you stand on this issue - is it okay for encrypted private messages to be monitored in the name of protecting children?

6/18 - ChatGPT creator OpenAI appoints former NSA Director to board

New board member Paul Nakasone also lead the military's cybersecurity focused Cyber Command unit. Edward Snowden warns everyone to not trust ChatGPT

A John Hopkins University cryptography professor believes the biggest application of AI is going to be mass population surveillance

6/19 - Mandiant and Snowflake published a 66 page threat hunting guide

This is to help orgs look for unauthorized activity in their Snowflake environments, in light of the recent security incidents.

6/20 - Biden administration bans sale of Kaspersky software in the US

This is after it was already banned by most public civilian agencies years ago, they've also sanctioned 12 of their lab execs, meaning their assets in the US are frozen until the sanctions are lifted.

6/20 - Thousands of car dealerships are dealing with a massive software outage

The outage affects their DMS Dealer Mgmt Software after provider CDK Global suffered at least 2 cyber incidents, prompting them to shut down most of their systems as a precaution

Dealer that are able to are doing business the old fashioned way with paper

The attackers are demanding millions in ransom, which the IL-based firm CDK, is planning to PAY

Guys - this is terrible - the reason we keep seeing ransomware and ransom based attacks is they work some of the time, which is all they need

Backup your stuff, hire a CIR firm to figure out what happened so you can prevent it, and have a snapshot-based DR strategy so you can roll back to a previous version and resume business

6/20 - KrebsOnSecurity Threatened with Defamation Lawsuit

Lawsuit involves Fake Radaris CEO - the longtime cybersecurity journalist, ran a story last week showing how the original owners are two men in Massachusetts who operated multiple Russian language dating services and affiliate programs, and a whole pile of people-search websites.

6/20 - Google-owned Mandiant research reported an espionage group tied to China

The group is exploiting zero-day vulnerabilities in Fortinet, Ivanti, and VMware to maintain access and evade detection, using rootkits REPTILE and MEDUSA. They recommend patching right away any vulnerabilities used by UNC3886

6/20 - Threat actors have published nearly 400GB of health data

This data was stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports. Synnovis supplies blood tests, swabs and bowel tests in the greater London area

OTHER NEWS

2 AI tools I just found out about - Perplexity, like google search but provides a nice answer and all the sources, also features a great iphone app

PI from InflectionAI, which is the most conversational LLM - Language Learning Model, which has access to the internet , also featuring an iphone app. You can talk to it about current events, news, and more.

Tesla Cybertrucks - the extremely noticeable new trucks you may have seen on the roads lately - new deliveries have been cancelled after their gigantic windshield wipers start failing

That's all for this update, have a great week and STAY SAFE OUT THERE!

-Kramer