Podcasts
CyberWire Daily
Ep 2181
The CyberWire Daily Podcast 10.31.24
Ep 2181 | 10.31.24

Guarding the Vote

Show Notes
Transcript

CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data.

Today is Thursday October 31st 2024. I’m Dave Bittner. And this is your spooky CyberWire Intel Briefing.

CISA spins up an election operations war room. 

The Cybersecurity and Infrastructure Security Agency (CISA), led by Jen Easterly, has launched an election operations war room to assist election officials and counter threats ahead of the 2024 U.S. presidential election. This temporary office aims to coordinate national support and deploy resources where needed, as cyber and physical threats rise. Easterly noted that misinformation is a growing challenge, often spread by foreign adversaries to undermine public trust in the electoral process.

Incidents have already been reported, including attempted foreign interference and attacks on campaign data. CISA, working with federal agencies and private sector partners, has intensified its security efforts to protect election infrastructure. Congress has raised concerns over a separate hacking incident linked to Chinese telecoms, targeting U.S. communications infrastructure, which authorities are now investigating.

Despite the tense security landscape, Easterly reassured voters, stating that U.S. election security has been significantly strengthened to ensure the integrity of each vote.

As federal agencies prepare to submit updated zero-trust implementation plans, CISA’s Shelly Hartsook reports significant progress since OMB’s 2022 zero-trust mandate. Speaking at the CyberTalks event in Washington DC yesterday, Hartsook noted improvements in multifactor authentication (MFA) implementation across agencies, with standard MFA use rising from 53% to 80% and phishing-resistant MFA increasing from 46% to 71%. CISA has strengthened its support, holding numerous training workshops and partnering with the Cloud Security Alliance for further training on micro-segmentation and zero-trust for operational tech.

Microsoft neglected to restrict access to gender-detecting AI. 

In 2022, Microsoft pledged to phase out its AI tools for detecting age, emotion, and gender, citing ethical concerns and risks to marginalized groups, especially transgender individuals. However, recent findings reveal that Microsoft’s gender detection tool remained accessible to some users. The artist Ada Ada Ada discovered she could still use the older version (3.2) of Microsoft’s Image Analysis API to classify age and gender, despite Microsoft’s announcement to retire these capabilities.

Microsoft attributed this oversight to an error allowing limited, unintended access, which it says has now been corrected. Critics argue this reflects a broader trend in “ethical AI” where commitments to responsible practices are inconsistently enforced.

Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. 

Yahoo’s vulnerability research team, which goes by the name Paranoid, uncovered 11 vulnerabilities in OpenText’s NetIQ iManager, a tool for secure enterprise directory management. These flaws, if exploited together, could allow remote code execution, file upload, and privilege escalation, among other risks. Four vulnerabilities, including CVE-2024-3487 (authentication bypass) and CVE-2024-3483 (command injection), were detailed as particularly severe. Attackers could exploit these by tricking users into accessing malicious websites, potentially gaining administrator credentials and control over downstream directory services, which store sensitive user account data. Patches were released in April.

QNAP issues urgent patches for its NAS devices. 

QNAP has issued urgent patches for critical vulnerabilities in its NAS devices, including a severe SQL injection flaw (CVE-2024-50387) that allowed researchers at Pwn2Own Ireland 2024 to gain root access on a QNAP TS-464 model. Another zero-day vulnerability in QNAP’s HBS 3 Hybrid Backup Sync was also patched after enabling arbitrary command execution. Given QNAP’s attractiveness for ransomware due to its sensitive data storage, users should immediately update their devices via the App Center to secure against these risks.

DHL’s delivery tracking systems are disrupted following a cyberattack. 

DHL’s delivery tracking systems have been disrupted globally following a cyberattack on Microlise, a tech firm providing the tracking solution, according to Nisa, a UK-based retail association.  Nisa alerted retailers that the incident has left DHL without visibility into delivery progress. Although reported as global, the impact on DHL appears more limited. Microlise is working to isolate and recover affected systems, but until then, retailers won’t receive delivery updates. DHL and Microlise have yet to comment publicly on the incident.

Sysdig uncovers Emerald Whale. 

The Sysdig Threat Research Team (TRT) recently uncovered “EMERALDWHALE,” a global campaign targeting exposed Git configuration files, resulting in the theft of over 15,000 cloud service credentials. Attackers exploited these misconfigurations to access and clone private repositories, extracting sensitive information and storing it in a publicly accessible S3 bucket. The stolen credentials, primarily from Cloud Service Providers, are likely used for phishing, SPAM, and resale. EMERALDWHALE automated scanning to locate vulnerable repositories, focusing on Git config and Laravel .env files, which often contain sensitive data. Tools like MZR V2 and Seyzo-v2 facilitated the operation, while credential sets fetched high prices on underground marketplaces. Sysdig reminds users this incident highlights the need for vigilant exposure management and continuous monitoring, as secret management alone is insufficient for comprehensive security.

A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. 

A malvertising campaign is exploiting Meta’s ad platform to spread the SYS01 infostealer, targeting men over 45 with fake ads for popular software. The malware steals Facebook credentials, especially from users managing business pages, and uses these compromised accounts to create new malicious ads, thus fueling a self-sustaining cycle. The attack disguises itself through a wide range of trusted brands, from Office 365 to Netflix, and relies on an Electron app to evade detection. Impacting users globally, the malware poses significant risks, especially in the EU and North America.

Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. 

In an exclusive for CyberScoop, Tim Starks reports that Senator Ron Wyden has urged the U.S. Commerce Department to tighten proposed rules aimed at preventing U.S. technologies from reaching repressive regimes that could misuse them for surveillance and human rights abuses. The 2022 law behind these rules expanded controls to foreign police and intelligence, inspired by a UAE case where former U.S. operatives allegedly used cyber tools against targets, including Americans. Wyden argues the rules should cover more countries beyond the current list of 23 nations, specifically naming countries with poor human rights records, like Egypt, Saudi Arabia, and the UAE.

He also advocates closing a loophole allowing foreign companies to bypass restrictions by not disclosing client lists and recommends extending controls to all biometric technologies, not just facial recognition. This proposal aligns with the Biden administration’s new restrictions on investments in sensitive tech that could strengthen China’s military and cyber capabilities.

Researchers use AI to uncover an IoT zero-day. 

Researchers at GreyNoise have used AI to uncover zero-day vulnerabilities in IoT-connected live streaming cameras deployed in critical sectors like healthcare, industry, and houses of worship. The discovery followed an automated exploit attempt detected by GreyNoise’s honeypot, where AI flagged the unusual activity. Analysis showed attackers could gain full control of the cameras, manipulate video feeds, disable operations, or use the devices in botnet attacks. This case highlights AI’s potential in accelerating zero-day detection, allowing GreyNoise to intercept and report the vulnerabilities before widespread exploitation.

Sophos reveals a five year battle with firewall hackers. 

Wired’s Andy Greenberg chronicles a five-year battle between Sophos and a group of hackers exploiting vulnerabilities in its firewall products, leading to a detailed report highlighting the cybersecurity industry’s struggle with inherent risks in network security devices. Sophos tracked the attacks to a network of vulnerability researchers in Chengdu, China, linked to state-aligned groups like APT41. The hackers initially launched widespread attacks before transitioning to more targeted efforts against critical sectors, including military, government, and energy facilities in Asia and beyond.

To counter the attackers, Sophos deployed surveillance implants on the hackers’ test devices and preempted further attacks by intercepting malware samples. However, as hacking techniques evolved, Sophos observed the attackers exploiting outdated, unsupported devices. The report underlines the risk of unpatched “end-of-life” devices as entry points and calls for transparency and rigorous end-of-support policies within the industry, emphasizing the need for ongoing vigilance as the threat landscape continues to shift.

Coming up, we’ve got Axonius’ Frederico Hakamine talking about how threats both overlap and differ across individuals and critical infrastructure. We’ll be right back.

Welcome back.

Be afraid of spooky data. 

In an article on LinkedIn, Simson Garfinkel, chief scientist at BasisTech, shares a Halloween-themed essay on “spooky data” that draws a parallel between quantum entanglement and data privacy. Just as entangled particles influence each other at a distance, “spooky data” connects seemingly separate data points, affecting one when the other changes. In cybersecurity, public and private keys act as an entangled pair, where deleting a private key enhances a server’s security without changing the server itself.

A relatable example of “spooky data” involves data de-identification. Suppose a teacher shares a seemingly anonymized class average. Knowing one student’s grade, however, can reveal all other students’ scores—demonstrating how partial data disclosure can expose private information. This is a risk explained by the “Fundamental Law of Information Recovery,” highlighting that without differential privacy (DP), releasing statistical information can compromise data privacy. DP adds randomization to mask exact values, though occasionally resulting in surprising figures, like a class average above 100, thus preserving privacy while keeping data largely accurate.

Just when you thought your data was safe, along comes spooky entanglement with a ghostly surprise!

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.