The CyberWire Daily Podcast 8.26.24
Ep 2137 | 8.26.24

From secret chats to public spats.

Transcript

Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Pig Butchering devastates a small town bank.

Today is Monday August 26th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Telegram’s CEO is arrested by French police, perhaps over moderation failures. 

Over the weekend, Telegram CEO Pavel Durov, a dual citizen of the UAE and France, was arrested by French police at Le Bourget Airport. Durov, who founded Telegram in 2013, was detained under a warrant related to the app’s moderation failures, including accusations of not curbing criminal activities on the platform. Telegram, popular in Russia and former Soviet states, has faced criticism for weak moderation of extremist content. The arrest has sparked controversy, with some accusing the West of double standards on free speech.

Much of the coverage of Durov’s arrest points to the popularity of Telegram as an “encrypted messaging app.” But is it really? Johns Hopkins University professor and cryptographer Matthew Green addressed this question in a blog post. 

As Green points out, Telegram does offer encryption, but not by default. Unlike industry-standard messaging apps that use end-to-end encryption (E2EE) for all conversations, Telegram requires users to manually activate its “Secret Chats” feature to enable E2EE. This feature is only available for one-on-one chats and not for group conversations. The process to start a Secret Chat is cumbersome, making it difficult for non-experts to use. As a result, most Telegram conversations are not end-to-end encrypted, leaving them potentially visible to Telegram servers and vulnerable to unauthorized access. Despite these limitations, Telegram markets itself as a secure messaging app, which has led to criticism. Additionally, while encryption is important for privacy, metadata—such as who is communicating with whom and when—is not protected by E2EE and can still be collected by Telegram, posing another privacy concern.

A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle over the weekend. 

A cyberattack disrupted websites, email, and phone services at Seattle-Tacoma International Airport and the Port of Seattle over the weekend, impacting travel plans. The attack, which began Saturday and continued into Sunday, led to manual baggage sorting for over 7,000 bags, delayed flights, and caused some airlines to handwrite boarding passes. The FBI and federal agencies are investigating the incident, but the attackers’ intentions and whether any personal data was compromised remain unclear. Despite the disruptions, security operations continued, and most flights were unaffected. This incident follows previous warnings about the growing vulnerability of airline operations to cyberattacks due to increased reliance on interconnected systems.

A non-password-protected database containing 31.5 million files is discovered online. 

A non-password-protected database containing 31.5 million files (2.68 TB) was discovered by security researcher Jeremiah Fowler, exposing business records from 2012 onward, including contracts, invoices, and personal data. The documents belonged to ServiceBridge, a franchise management software by GPS Insight. Sensitive information such as PII, medical records, and site audit reports were accessible, posing significant security and privacy risks. After a responsible disclosure, the database was restricted, but it’s unclear how long it was exposed or if others accessed it. The incident highlights the dangers of inadequate data protection and the potential for invoice fraud, especially affecting small businesses. The importance of encryption, access control, and secure data storage is emphasized to prevent such exposures. Fowler says he does not imply any wrongdoing by ServiceBridge or GPS Insight but aims to raise awareness of cybersecurity best practices.

SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash.

SonicWall has warned customers of a critical vulnerability, CVE-2024-40766, in its SonicOS operating system that could lead to unauthorized access or a firewall crash. The flaw affects SonicWall Gen 5, Gen 6, and Gen 7 firewalls. Updates are available to fix the issue, and customers are urged to patch their systems promptly. Although no in-the-wild exploitation has been reported, similar vulnerabilities in SonicWall products have been exploited before. Around 650,000 SonicWall firewalls are internet-exposed, with over 400,000 in the U.S.

Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. 

Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers when transferring their data to U.S. servers. The data included sensitive information such as account details, licenses, location data, and even criminal and medical records. The fine follows a collective complaint from over 170 drivers, with Dutch authorities leading the investigation due to Uber’s EU headquarters in the Netherlands. Uber, previously fined €10 million for GDPR breaches, plans to appeal, calling the decision unjustified. The company argued that its data transfer process complied with GDPR during a period of legal uncertainty between the EU and U.S. The fine highlights ongoing challenges in cross-border data transfers, despite the new Data Privacy Framework established last year.

Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. 

Microsoft will host a cybersecurity conference on September 10th in Redmond, Washington, following a disastrous CrowdStrike software update in July that caused millions of Windows computers to crash, disrupting industries like airlines and logistics. The conference will gather cybersecurity firms, including CrowdStrike, to discuss preventing such incidents. Topics will include reducing reliance on kernel mode, which caused the widespread crashes, and exploring user mode, which offers more isolation. The summit will also address adopting eBPF technology and memory-safe programming languages like Rust. 

Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election. 

Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election through sophisticated campaigns involving hackers, phishing attacks, and AI-generated content on websites. Iran’s  goal is to fuel distrust in the U.S. democratic system and deepen social divisions. Iranian hackers have targeted the email accounts of both Trump and Harris, with the suspected involvement of the Islamic Revolutionary Guards Corps (IRGC). Additionally, an Iranian network known as “Storm-2035” operates multiple inauthentic news sites aimed at polarizing U.S. voters. These efforts mirror Russian tactics from the 2016 election and are intended to disrupt the election process and undermine its integrity. While both Republican and Democratic campaigns are targeted, experts suggest Iran may have a particular interest in preventing a second Trump term. The full impact of these actions remains unclear as the election approaches.

The Office of the Inspector General (OIG) found “significant weaknesses” in the FBI’s management and disposal of electronic storage media containing sensitive and classified information. 

An audit by the Department of Justice’s Office of the Inspector General (OIG) found “significant weaknesses” in the FBI’s management and disposal of electronic storage media containing sensitive and classified information. Key issues include inadequate tracking of storage media, inconsistent labeling of classification levels, and insufficient physical security during media destruction. The OIG recommended revising procedures to ensure proper tracking, labeling, and security of these materials. The FBI acknowledged the issues and is developing a new directive to address them, including plans to install protective cages and improve surveillance at storage facilities. The FBI is expected to provide updates on its corrective actions within 90 days.

Up next, we’ve got N2K’s Brandon Karpf speaking with AWS’ Danielle Ruderman and Texas A&M’s Adam Mikeal about CISO Circles, security challenges faced in higher education, and fostering the culture of security. We’ll be right back.

Welcome back

Pig Butchering devastates a small town bank. 

And finally, our Gordon Gecko desk tells us the sad tale of the former CEO of a small Kansas bank, Shan Hanes, who was sentenced to over 24 years in prison for embezzling $47 million—all of which he sent to scammers in a “pig butchering” crypto scheme. Hanes was so dazzled by the prospect of quick riches that he drained the bank, a local church, an investment club, and even his daughter’s college fund, only to lose everything to the scam. His reckless wire transfers led to the collapse of Heartland Tri-State Bank, leaving a small town reeling and shareholders wiped out. At his sentencing, Hanes offered a half-hearted apology, but the judge and his victims were unimpressed. Despite being duped, Hanes believed until the end that he could recover the money if only given more time—highlighting just how deep he was in over his head. The judge delivered a harsh sentence, reflecting the devastating impact of Hanes’ actions on his community.

It’s a good reminder that scams can happen to anyone: Hanes’ story is a cautionary tale that even those in positions of power and knowledge can fall victim to scams.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.