From the CloudCast Studios, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Wednesday, February 12th, 2025.

Headlines this week:

• Critical Remote Code Execution Vulnerability in Microsoft Outlook
• Ransomware Payments Decline by 35% in 2024
• GrubHub Discloses Data Breach Affecting Users and Partners
• Spyware Firm Cuts Ties with Italy Amid Targeting Allegations
• Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys
• Lazarus Group Targets Professionals with Job-Themed Malware
• SparkCat Malware Campaign Targets Cryptocurrency Wallets
• Silent Lynx Group Targets Central Asian Organizations
• Engineer IMI Suffers Cyberattack Following Similar Incident at Smiths Group
• Taiwan Bans DeepSeek AI Over National Security Concerns

Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• Taiwan Bans DeepSeek AI Over National Security Concerns: diesec.com
• Critical Remote Code Execution Vulnerability in Microsoft Outlook: diesec.com
• Ransomware Payments Decline by 35% in 2024: diesec.com
• GrubHub Discloses Data Breach Affecting Users and Partners: diesec.com
• Spyware Firm Cuts Ties with Italy Amid Targeting Allegations: diesec.com
• Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys: thehackernews.com
• Lazarus Group Targets Professionals with Job-Themed Malware: thehackernews.com
• SparkCat Malware Campaign Targets Cryptocurrency Wallets: thehackernews.com
• Silent Lynx Group Targets Central Asian Organizations: thehackernews.com
• Engineer IMI Suffers Cyberattack Following Similar Incident at Smiths Group: cybersecurity-review.com

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the CloudCast Studios, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Wednesday, February 12th, 2025.

A Critical Remote Code Execution Vulnerability Has Been Discovered in Microsoft Outlook: The Cybersecurity and Infrastructure Security Agency issued an urgent alert about an actively exploited vulnerability in Microsoft Outlook. Attackers can execute remote code by bypassing Outlook’s protections using a simple URL trick, endangering sensitive data. Federal agencies and private organizations are urged to apply patches promptly to mitigate this threat.

GrubHub Has Disclosed A Data Breach Affecting Users and Partners: Food delivery service GrubHub reported a data breach resulting from a compromised third-party service provider account. Exposed information includes names, emails, phone numbers, and partial payment details of some campus diners. GrubHub has terminated the unauthorized access, enhanced security measures, and advises users to maintain strong, unique passwords.

Paragon Solutions Cuts Ties with Italy Amid Targeting Allegations: Israeli spyware company Paragon Solutions has severed relationships with its Italian clients following allegations that its software was used to target government critics. A recent spyware campaign affected 90 users across 24 countries, including journalists and activists, prompting an investigation by Italian authorities into the misuse of surveillance tools.

Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys: Microsoft identified over 3,000 publicly disclosed ASP.NET machine keys that attackers are exploiting to inject and execute malicious code using the Godzilla post-exploitation framework. This technique, known as ViewState code injection, poses significant risks to web applications. Organizations are advised to review and secure their ASP.NET configurations to prevent such attacks.

Lazarus Group Is Targeting Professionals with Job-Themed Malware: The North Korean-linked Lazarus Group has launched a campaign using fake LinkedIn job offers in the cryptocurrency and travel sectors to distribute malware. The malicious code is capable of infecting Windows, macOS, and Linux systems, highlighting the group’s evolving tactics and the need for vigilance among professionals receiving unsolicited job communications.

SparkCat Malware Campaign Is Targeting Cryptocurrency Wallets: A new malware campaign dubbed SparkCat has been identified, leveraging fake apps on both Apple’s App Store and Google’s Play Store to steal mnemonic phrases associated with cryptocurrency wallets. Notably, this marks one of the first instances of a stealer with optical character recognition capabilities being discovered in the Apple App Store. The malicious apps have since been removed, but users are advised to remain cautious when downloading wallet-related applications.

Silent Lynx Group Is Targeting Central Asian Organizations: A previously unidentified hacking group, dubbed Silent Lynx, has been targeting entities in Kyrgyzstan and Turkmenistan, including embassies, legal firms, government-backed banks, and think tanks. The attackers deploy a PowerShell script that utilizes Telegram for command-and-control operations. Attribution points to a Kazakhstan-origin threat actor, with tactical overlaps observed with the YoroTrooper group.

IMI Suffers A Cyberattack Following A Similar Incident at Smiths Group: Engineering firm IMI confirmed a cyberattack affecting its global systems, occurring shortly after a similar breach at rival company Smiths Group. While specific data accessed remains undisclosed, the incident underscores the increasing targeting of engineering and manufacturing sectors by cybercriminals. Organizations in these industries are urged to bolster their cybersecurity defenses.

Taiwan Bans DeepSeek AI Over National Security Concerns: Taiwan has prohibited the use of DeepSeek, a Chinese-developed AI chatbot, citing risks of data leakage and potential censorship issues. This move aligns with actions taken by other countries concerned about the security implications of foreign AI technologies. The ban underscores the growing global apprehension regarding AI governance and data privacy.

And let’s end the week off with some positive news. Ransomware Payments Declined by 35% in 2024: Despite a record number of ransomware attacks in 2024, totaling 5,263 incidents, ransom payments decreased to $813.55 million—a 35% drop from the previous year. This decline is attributed to improved cybersecurity measures, robust backups, and intensified law enforcement actions against ransomware groups. The trend indicates a shift in how organizations are managing and responding to ransomware threats.

And those are your headlines for the week. Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or Cloudcast, please visit skyhighsecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the Skyhigh Studios, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Wednesday, February 5th, 2025.

Headlines this week:

• Android Users Urged to Update Devices Due to Critical Vulnerabilities
• Smiths Group Suffers Global Cyberattack
• TalkTalk Investigates Potential Data Breach
• Apple Releases Critical Security Updates
• Law Enforcement Shuts Down Illicit Cybercrime Services
• Google Blocks Over 2 Million Risky Android Apps in 2024
• UnitedHealth Discloses Massive Data Breach
• DeepSeek AI Chatbot’s Data Exposure & Proposed US Government Ban

Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• Android Users Urged to Update Devices Due to Critical Vulnerabilities: thesun.ie
• Smiths Group Suffers Global Cyberattack: thetimes.co.uk
• TalkTalk Investigates Potential Data Breach: thesun.ie
• Apple Releases Critical Security Updates: diesec.com
• Law Enforcement Shuts Down Illicit Cybercrime Services: thehackernews.com
• Google Blocks Over 2 Million Risky Android Apps in 2024: diesec.com
• United Health Discloses Massive Data Breach: diesec.com
• DeepSeek AI Chatbot’s Data Exposure: diesec.com
• Lawmakers Advocate for DeepSeek Ban on Government Devices: wsj.com

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

Google released a security update addressing nearly 50 flaws in the Android operating system, including a high-severity vulnerability that could allow attackers to install malware or steal files without user authentication. Users are strongly advised to update their devices promptly to mitigate these risks.

Smiths Group, a multinational engineering firm, experienced a cyberattack leading to unauthorized access to its systems. The company isolated the affected systems and is collaborating with cybersecurity experts to assess and recover from the incident. The breach resulted in a 1.7% drop in the company’s share price.

Telecom company TalkTalk is investigating claims of a data breach after a hacker alleged they were selling data from nearly 19 million of the company’s current and former customers. The breach reportedly involves customer names, emails, IP addresses, and phone numbers, though no financial information is believed to be at risk.

Apple issued updates to address a zero-day vulnerability (CVE-2025-24085) in its Core Media component, which could allow malicious applications to escalate privileges on affected devices. Users are advised to update their iPhones, Macs, and other Apple devices to the latest software versions to protect against potential exploits.

A series of law enforcement operations led to the takedown of online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender, which were involved in selling hacking tools, illegal goods, and crimeware solutions. These actions impacted millions of users and disrupted significant illegal activities.

Google reported that it blocked a record 2.3 million harmful Android apps from the Play Store in 2024, utilizing AI-powered reviews to detect threats more efficiently. Additionally, 158,000 developer accounts were banned for attempting to distribute malware, highlighting ongoing efforts to secure the app ecosystem.

UnitedHealth revealed that a data breach in 2024 affected approximately 190 million Americans, making it the largest healthcare data breach in U.S. history. The compromised information includes personal and healthcare data, underscoring the critical need for robust data protection measures in the healthcare sector.

Our final stories this week focus on DeepSeek, the Chinese-developed AI chatbot, facing major security concerns. Released on January 10, 2025, for iOS and Android, it quickly became the most-downloaded free app on the U.S. iOS App Store by January 27, surpassing even ChatGPT. Researchers have recently discovered that the platform exposed over a million lines of sensitive data online, including software keys and user chat logs, raising serious privacy risks. U.S. lawmakers are now pushing to ban DeepSeek from government devices, citing fears that foreign governments could potentially access and misuse the data. This follows a growing trend of regulatory crackdowns on AI applications with potential national security implications. The situation highlights the ongoing debate around AI governance, data privacy, and the risks associated with rapidly developing AI models.

And those are your headlines for the week. Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or Cloudcast, please visit skyhighsecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, January 15, 2025, and these are your cybersecurity headlines.

Headlines this week:

• US Treasury Department Reports A Significant Data Breach
• China Protests US Sanctions Over Cyber Activities
• Bayview Asset Management Agrees to a $20 Million Settlement
• Apple Proposes a $95 Million Siri Privacy Settlement
• Sophisticated AI-Driven Phishing Scams Are Targeting Email Users
• Myanmar Enacts a Cybersecurity Law Enforcing Internet Censorship
• US Cybersecurity Experts Predict Increased Post-Election Cyber Attacks
• Former US Federal Officials Recommend Cybersecurity Policies for the Upcoming Trump Administration
• Project 2025’s Proposed Changes and Their Potential Impact on US Election Security
• And Concerns Over Quantum Computing’s Impact on Cybersecurity

Before diving into this week’s headlines, we want to take a moment to acknowledge the devastating wildfires currently impacting California. Our thoughts are with everyone affected, including those who have lost homes, loved ones, or are facing displacement. As always, we encourage listeners to support relief efforts if they’re able. Please visit Charity Navigator for a list of trusted organizations offering support.

Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• US Treasury Department Breach: US News
• China Protests US Sanctions Over Cyber Activities: US News
• Bayview Asset Management’s $20 Million Settlement: WSJ
• Apple’s $95 Million Siri Privacy Settlement: Vox
• AI-Driven Phishing Scams Targeting Email Users: New York Post
• Myanmar’s Cybersecurity Law Enforces Internet Censorship: AP News
• US Cybersecurity Experts Predict Increased Cyber Attacks Post-Election: The Australian
• Quantum Computing’s Impact on Cybersecurity: The Times
• Former Officials Recommend Cybersecurity Policies for Next Administration: POLITICO
• Project 2025’s Potential Impact on US Election Security: WIRED

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, and these are your cybersecurity headlines for the week of January 6th, 2025.

The U.S. Treasury Department reported a significant cyber incident attributed to Chinese state-backed hackers. Attackers remotely accessed employee workstations and unclassified documents, raising concerns about the security of federal systems. The Cybersecurity and Infrastructure Security Agency (CISA) stated there is no indication that other federal agencies were affected.

The U.S. Treasury Department imposed sanctions on Beijing-based Integrity Technology Group for its alleged involvement in hacking incidents targeting U.S. critical infrastructure. China condemned the sanctions, denying the allegations and accusing the U.S. of defamation. This development underscores escalating cyber tensions between the two nations.

Bayview Asset Management agreed to a $20 million settlement following a 2021 data breach that exposed personal information of 5.8 million customers. The firm faced criticism for inadequate cybersecurity measures and lack of cooperation with regulatory investigations. As part of the settlement, Bayview will enhance its cybersecurity protocols and undergo independent assessments.

Apple proposed a $95 million settlement in a class-action lawsuit alleging unlawful surveillance through Siri. The lawsuit followed revelations that Siri had inadvertently recorded private conversations. Affected users between 2014 and 2024 may be eligible for compensation, highlighting ongoing concerns about digital privacy and device eavesdropping.

Cybersecurity experts warned Gmail, Outlook, and Apple Mail users about sophisticated phishing scams utilizing artificial intelligence. These AI-generated emails are highly personalized, making them difficult to distinguish from legitimate correspondence. Users are advised to verify email senders, avoid clicking on suspicious links, and implement two-factor authentication to enhance security.

Myanmar’s military government enacted a new cybersecurity law extending its control over internet usage and information flow. The law targets communication methods like virtual private networks (VPNs) and imposes sanctions on digital platforms that fail to prevent the spread of “disinformation.” Non-compliance can result in fines, suspensions, and imprisonment, raising concerns about freedom of expression and digital rights.

Following Donald Trump’s presidential victory, cybersecurity experts anticipate a surge in cyber attacks from nations like China, Russia, North Korea, and Iran. The use of AI in cyber crimes is expected to escalate, making phishing emails and deepfake campaigns more convincing. Organizations are urged to adopt comprehensive cybersecurity measures to defend against these evolving threats.

A bipartisan group of former federal officials proposed around 40 recommendations for cybersecurity policies for the upcoming administration. The plan emphasizes integrating cyber regulations, addressing workforce gaps, enhancing public-private collaboration, and developing a continuity of the economy plan to prepare for major cyberattacks. The report also highlights the need to standardize cybersecurity for critical infrastructure and address outdated regulations.

Project 2025, developed by the Heritage Foundation, proposes significant reductions and changes to the Cybersecurity and Infrastructure Security Agency (CISA), a move that could jeopardize U.S. election security. The project criticizes CISA, particularly its efforts to combat misinformation, and suggests transferring some of its responsibilities to the military and intelligence community. Experts warn that the proposals could weaken CISA, undermine its critical functions, and create gaps in cybersecurity, leaving the nation vulnerable to misinformation and cyber threats.

The U.S. has initiated efforts for businesses to enhance their cybersecurity systems against potential quantum computer threats. The National Institute of Standards and Technology has approved three algorithms for post-quantum cryptography after eight years of research. Major tech firms like Google and Apple have already started incorporating the new algorithms into their products. While current quantum computers cannot break existing encryption, they might in the future, making immediate action critical.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 18th, 2024, and these are your cybersecurity headlines.

Headlines this week:

• Microsoft’s AI Tool Privacy Concerns
• North Korean IT Worker Indictments
• Mysterious Drone Sightings
• Sanctions on Chinese Hackers
• Apple Users Urged to Update Devices
• SEC Cybersecurity Enforcement
• UK’s Cybersecurity Concerns
• Game Freak Data Breach
• Geico and Travelers Fined for Data Breaches
• Krispy Kreme Cyberattack

Thank you again for listening to Skyhigh Cloudcast. This is our last episode of CloudCast for 2024. We sincerely hope you have a wonderful holiday break. We’ll be back in January and hope you will be too. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• Wired – Microsoft’s AI Tool Privacy Concerns and Mysterious Drone Sightings
• The Times (UK) – North Korean IT Worker Indictments and UK’s Cybersecurity Concerns
• Reuters – Sanctions on Chinese Hackers and SEC Cybersecurity Enforcement
• New York Post – Apple Users Urged to Update Devices
• The Scottish Sun – Game Freak Data Breach
• Wall Street Journal (WSJ) – Geico and Travelers Fined for Data Breaches
• MarketWatch – Krispy Kreme Cyberattack

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 4th, 2024, and these are your cybersecurity headlines.

Microsoft’s AI Tool Privacy Concerns: Microsoft’s AI tool, Recall, has been found capturing sensitive data, including credit card and Social Security numbers, every five seconds. Despite safeguards, this raises significant privacy and security concerns.

North Korean IT Worker Indictments: Fourteen North Koreans have been indicted for posing as IT workers to fund nuclear programs. They infiltrated American and Western IT companies, using sophisticated fake identities and VPNs to mimic legitimate employees. This highlights the geopolitical cyber risks posed by state-sponsored actors.

Mysterious Drone Sightings: Unexplained drone activity in New Jersey and neighboring states has triggered federal investigations into potential security threats. The drones have caused concern among authorities, leading to increased scrutiny and efforts to identify their origin and purpose.

Sanctions on Chinese Hackers: The U.S. has sanctioned Chinese cybersecurity company Sichuan Silence Information Technology for deploying ransomware that posed significant risks to human life. In April 2020, the company used malicious software on over 80,000 firewalls globally, including critical infrastructure, leading to data theft and network disruptions.

Apple Users Urged to Update Devices: Cybersecurity experts are urging Apple users to update their iPhones to iOS 18 to avoid a data-stealing bug capable of bypassing safeguards. Concerns over Apple’s AI program have led to hesitancy in updating, leaving devices vulnerable to attackers who can access sensitive data without user notification.

SEC Cybersecurity Enforcement: The Securities and Exchange Commission (SEC) announced four settled enforcement orders against issuers for materially misleading disclosures following the 2020 SolarWinds cybersecurity incident. These settlements underscore the SEC’s focus on accurate and timely disclosure of cyber incidents.

UK’s Cybersecurity Concerns: Britain is increasingly vulnerable to cyberattacks and complacent about the threats posed by hackers, warns Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC). Recent cyberattacks have disrupted services at Liverpool hospitals and impacted the grocery and prison transport sectors. The NCSC emphasizes the urgency of closing the gap between threats and cyber-resilience across critical infrastructure and the economy.

Game Freak Data Breach: Game Freak, the developer behind Pokémon, confirmed a security breach that resulted in the leak of employee details and codenames for upcoming 10th generation Pokémon games. The breach also exposed information about the anticipated Nintendo Switch 2 console. This incident is considered one of the largest in gaming history.

Geico and Travelers Fined for Data Breaches: New York State fined auto insurers Geico and Travelers Indemnity a total of $11.3 million due to cybersecurity lapses that led to data breaches affecting 120,000 individuals during the Covid-19 pandemic. The breaches contributed to a larger hacking campaign that exploited personal information for various frauds, including fraudulent unemployment claims.

Krispy Kreme Cyberattack: Krispy Kreme reported an IT systems breach, causing significant impacts on its business operations and a 2% drop in its stock. The cyberattack disrupted online ordering in parts of the U.S., though physical stores remain open. The company is working with cybersecurity experts to investigate and contain the breach.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee, and today we’re counting down the top 10 cybersecurity headlines of 2024.

The Top Headlines for 2024:

• RockYou2024: 10 billion passwords leaked in the largest compilation of all time
• Microsoft Falls Victim to Russia-Backed ‘Midnight Blizzard’ Cyberattack
• UnitedHealth says Change Healthcare hack affects over 100 million, the largest-ever US healthcare data breach
• National Public Data breach publishes private data of 2.9B people
• Hackers steal “significant volume” of data from hundreds of Snowflake customers
• Notorious hacking group responsible for Ticketmaster data breach
• Crooks Steal Phone, SMS Records for Nearly All AT&T Customers
• Ascension hacked after employee downloaded malicious file
• CDK Global outage caused by BlackSuit ransomware attack
• Widespread IT Outage Due to CrowdStrike Update

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite podcast platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources: Wikipedia · Krebs On Security · CyberNews · Dark Reading · TechCrunch · Microsoft · ARS Technica · Ticketmaster · HIPPA Journal · Bleeping Computer

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Thursday, December 12th, 2024, and today, we’re counting down the top 10 cybersecurity headlines of 2024. This year brought no shortage of challenges—from healthcare breaches exposing millions of records, to CrowdStrike’s worldwide outage that disrupted businesses across the globe, and even one breach that cascaded from one company to another. These stories reflect the ever-evolving threats we face and some of the critical lessons learned along the way. And now, in no particular order, let’s dive into the year that was, in cybersecurity.”

In July 2024, a massive compilation of nearly 10 billion unique plaintext passwords, dubbed “RockYou2024,” was leaked on a popular hacking forum. This dataset amalgamated passwords from thousands of previous breaches, both old and recent, creating an unprecedented repository of compromised credentials. The leak significantly heightened the risk of credential stuffing attacks, where cybercriminals exploit reused passwords to gain unauthorized access to various accounts. Security experts urged individuals to immediately reset compromised passwords, adopt strong and unique passwords for each account, utilize password managers, and enable multi-factor authentication to mitigate potential threats.

In January 2024, Microsoft revealed that the Russian state-sponsored group Midnight Blizzard (also known as APT29 or Nobelium) had infiltrated its corporate email systems. The attackers employed a password spray attack to compromise a legacy non-production test account lacking multi-factor authentication. This initial breach allowed them to escalate privileges and access a small percentage of corporate email accounts, including those of senior leadership and cybersecurity personnel. The group exfiltrated emails and attachments, aiming to gather intelligence on Microsoft’s knowledge of their operations. Microsoft has since implemented enhanced security measures across its environments to prevent similar future incidents.

In February 2024, Change Healthcare, a subsidiary of UnitedHealth Group, suffered a ransomware attack by the ALPHV/BlackCat group, compromising the personal and health information of over 100 million individuals—the largest healthcare data breach in U.S. history. The stolen data included names, contact details, Social Security numbers, medical records, and financial information. The breach disrupted healthcare services nationwide, affecting claims processing and patient care. UnitedHealth paid a $22 million ransom to the attackers and has been notifying affected individuals, offering two years of free credit monitoring and identity protection services.

In April 2024, National Public Data, a background check company, suffered a massive data breach that exposed approximately 2.9 billion records, affecting up to 170 million individuals across the U.S., U.K., and Canada. The compromised data included full names, Social Security numbers, mailing addresses, email addresses, and phone numbers. The breach was attributed to a third-party hacker who gained access to the company’s systems in December 2023, with data leaks occurring from April through the summer of 2024. This incident led to multiple class-action lawsuits and significant reputational damage, ultimately resulting in National Public Data filing for Chapter 11 bankruptcy in October 2024.

In mid-2024, a cybercriminal group identified as UNC5537 executed a series of attacks targeting customers of Snowflake, a prominent cloud data platform. By exploiting credentials harvested through infostealer malware, the attackers accessed approximately 165 customer accounts lacking multi-factor authentication (MFA), leading to the exfiltration of substantial volumes of sensitive data. Notable victims included Ticketmaster, Santander Bank, and AT&T, with the latter’s breach exposing call records of over 100 million customers. The attackers attempted to extort affected organizations, demanding ransoms to prevent the public release of stolen data. In response, Snowflake collaborated with cybersecurity firm Mandiant to investigate the breaches and has since initiated plans to mandate MFA for all user accounts to enhance security.

In May 2024, Ticketmaster experienced a significant data breach that exposed personal information of approximately 560 million customers worldwide. The hacking group ShinyHunters claimed responsibility, offering 1.3 terabytes of stolen data—including names, addresses, phone numbers, and partial credit card details—for $500,000 on the dark web. Ticketmaster detected unauthorized activity on May 20 and has since collaborated with law enforcement and cybersecurity experts to investigate the breach. The company assured customers that their accounts remain secure and offered affected individuals 12 months of free identity monitoring services. Customers are advised to monitor their financial accounts for suspicious activity and be vigilant against potential phishing attempts.

In July 2024, AT&T disclosed a significant data breach that compromised the call and text records of nearly all its wireless customers. The breach affected approximately 110 million individuals, exposing metadata such as phone numbers, call durations, and associated cell tower locations. While the content of communications and sensitive personal information like Social Security numbers were not included, the exposed data could still be exploited for targeted phishing attacks and other malicious activities. AT&T has since secured the breach, notified affected customers, and is collaborating with law enforcement, resulting in at least one arrest related to the incident.

In May 2024, Ascension, a major U.S. healthcare system, suffered a ransomware attack initiated by an employee inadvertently downloading a malicious file. The Russian-linked Black Basta group was identified as the perpetrator. The breach disrupted operations across Ascension’s 140 hospitals, leading to ambulance diversions, postponed medical procedures, and a six-week outage of electronic health records (EHR). Financially, the attack contributed to a $1.1 billion net loss for the fiscal year ending June 30, 2024, due to delays in revenue cycle processes and increased remediation costs. Ascension has since restored EHR access and is collaborating with cybersecurity experts to strengthen its defenses and prevent future incidents.

In June 2024, CDK Global, a leading software provider for automotive dealerships, fell victim to a ransomware attack by the BlackSuit group, causing widespread operational disruptions across approximately 15,000 dealerships in North America. The breach forced many dealerships to revert to manual processes, significantly slowing down sales and service operations. To expedite system restoration, CDK Global reportedly paid a $25 million ransom to the attackers. The incident not only highlighted vulnerabilities within the automotive sector’s digital infrastructure but also underscored the substantial financial and operational risks associated with cyberattacks.

In July 2024, a defective software update from cybersecurity firm CrowdStrike caused a global IT outage, disrupting numerous industries. The faulty update led to widespread system crashes, notably displaying the “blue screen of death” on Windows devices. This incident affected over 8.5 million devices worldwide, grounding thousands of flights, halting financial transactions, and impairing healthcare services. The recovery process was complex, requiring manual interventions and system reboots, which prolonged downtime for many organizations. The outage highlighted the critical need for robust software testing and the vulnerabilities inherent in centralized cybersecurity solutions.

And those are your top headlines for the year of 2024. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite podcast platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Wednesday, December 4, 2024.

Headlines this week:

• The White House Struggles to Contain Massive Chinese Telco Hacks
• Americans to Receive Up to $5,000 from $1.6 Million Data Breach Settlement
• New York State Fines Geico and Travelers $11.3 Million for Data Breaches
• Britain Now Worse at Dealing with Cyberattackers, GCHQ Says
• CrowdStrike Raises Annual Forecast on Steady Cybersecurity Demand
• Google Chrome Users Warned to Avoid Scam Websites
• Smartphone Users Urged to Delete 15 Malicious ‘SpyLoan’ Apps
• Netflix Subscribers Targeted by Phishing Scam
• Interpol takes down over 1,000 cybercrime suspects in Africa

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite podcast platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources: Politico · The Sun · Wall Street Journal · The Times · Reuters · New York Post · New York Post · New York Post · Reuters · AP News

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, December 4th, 2024, and these are your cybersecurity headlines.

President Joe Biden’s administration is intensively addressing breaches of multiple U.S. telecommunications providers by the China-backed hacking group, Salt Typhoon. Despite daily meetings of a special White House response group and collaboration with affected telecoms, the hackers remain entrenched, leaving many Americans vulnerable to surveillance. The intrusion, which began in the spring and was publicly acknowledged in October, has targeted high-profile individuals and accessed extensive communications data. The administration emphasizes the need for collaboration between telecoms, cybersecurity firms, and international partners to mitigate further damage and suggests that new security mandates may be necessary to prevent future breaches.

Individuals affected by a data breach at Hilb Group can claim up to $5,000 from a $1.6 million settlement by providing proof of losses, such as receipts. The breach, occurring between December 1, 2022, and January 12, 2023, exposed sensitive information, including Social Security numbers and financial data. Hilb Group denies wrongdoing but agreed to the settlement. Claimants must file by December 13, 2024.

New York State imposed fines totaling $11.3 million on auto insurers Geico and Travelers Indemnity for cybersecurity lapses that led to data breaches affecting 120,000 individuals during the COVID-19 pandemic. Hackers accessed Geico’s online quoting tool, stealing personal data of approximately 116,000 people starting in 2020. In a separate incident, hackers infiltrated Travelers’ quoting tool, exposing data of around 4,000 people over seven months in 2021. Both companies violated the Department of Financial Services’ cybersecurity regulations and are mandated to implement cybersecurity improvements.

Richard Horne, CEO of the UK’s National Cyber Security Centre (NCSC), warned that Britain is increasingly vulnerable to cyberattacks and complacent about threats from hackers. National defenses have not kept pace with rising hostile activities from countries like Russia and China. Organizations have largely failed to follow NCSC guidance, widening the gap between threats and defenses. Recent cyberattacks have disrupted services in sectors such as healthcare and transportation, with most incidents being ransomware attacks dominated by Russian groups.

Cybersecurity firm CrowdStrike increased its annual revenue and profit forecasts due to growing demand for cybersecurity services amid rising online threats. After surpassing third-quarter revenue expectations, CrowdStrike anticipates annual revenues between $3.92 and $3.93 billion, exceeding previous estimates. The company also expects adjusted annual earnings per share to reach between $3.74 and $3.76. Despite a slight dip in stock prices due to quarterly revenue projections, CrowdStrike’s customer engagement packages have strengthened client relationships.

Google Chrome users are being cautioned about the prevalence of scam websites appearing in search results. Google is developing an AI-powered tool called “Store Reviews” to provide summaries of third-party reviews from cybersecurity companies, aiding in the identification of fraudulent sites. In the meantime, users are advised to be vigilant by not clicking on suspicious links, verifying website URLs, checking for “https,” researching ads before clicking, and avoiding “Sponsored” listings that might be scam fronts. Common scams include non-delivery, non-payment, auction fraud, and gift card fraud.

Cybersecurity firm McAfee has identified 15 malicious apps, collectively downloaded by at least 8 million Android users, which pose significant security threats. These “SpyLoan” apps entice users with promises of quick loans but instead extract sensitive information and gain access to other apps on the device, leading to potential extortion, harassment, and financial loss. Despite some apps being removed from the Google Play Store, developers have updated others, allowing them to persist. Users are advised to delete these apps, scrutinize app developers, review permissions, and read user reviews before downloading new applications.

Netflix users are being warned about a cyber scam involving fraudulent messages that aim to steal financial information. Scammers send fake SMS texts claiming issues with Netflix accounts, directing recipients to confirm their details via a phishing website. These messages are designed to collect personal information, including login credentials and credit card details, which are then sold on the dark web. Users are advised to be cautious, as Netflix does not contact customers via text with verification links, and to avoid clicking on suspicious links, instead manually entering website URLs.

Interpol, in collaboration with Afripol, conducted Operation Serengeti from September 2 to October 31, 2024, across 19 African countries, resulting in the arrest of 1,006 individuals involved in cybercrimes such as ransomware, business email compromise, digital extortion, and online scams. The operation identified over 35,000 victims and linked the criminal activities to nearly $193 million in financial losses worldwide. This coordinated effort underscores the increasing volume and sophistication of cybercrime attacks and highlights the importance of international cooperation in combating such threats.

And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite podcast platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Wednesday, November 20, 2024.

Headlines this week:

• Trump’s Second Term Expected to Bring Big Changes to U.S. Cyber Agency
• The DHS issues recommendations for AI in critical infrastructure.
• New York Department of Financial Services Issues AI Cybersecurity Guidance
• The EPA Reports Cybersecurity Concerns Related to Drinking Water Systems
• Chinese Hackers Target Tibetan Websites in Malware Attack
• Bitfinex Hacker Sentenced to 5 Years for $10 Billion Bitcoin Heist
• U.S. Introduces New Data Rules to Combat Cybercrime
• Bitdefender Releases Free Decryptor for ShrinkLocker Ransomware
• Microsoft Releases November 2024 Security Updates
• ESET Research Analyzes RedLine Stealer’s Backend Modules

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources: The Wall Street Journal · The Australian · AP News · Wired · Wired · Reuters · World Economic Forum · The Hacker News · CISA · We Live Security

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

Trump’s Second Term Expected to Bring Big Changes to U.S. Cyber Agency, The DHS issues recommendations for AI in critical infrastructure, New York Department of Financial Services Issues AI Cybersecurity Guidance, The EPA Reports Cybersecurity Concerns Related to Drinking Water Systems, Chinese Hackers Target Tibetan Websites in Malware Attack, Bitfinex Hacker Sentenced to 5 Years for $10 Billion Bitcoin Heist, U.S. Introduces New Data Rules to Combat Cybercrime, Bitdefender Releases Free Decryptor for ShrinkLocker Ransomware, Microsoft Releases November 2024 Security Updates, and ESET Research Analyzes RedLine Stealer’s Backend Modules.

From the Skyhigh Studios at Skyhigh Security, I’m Scott Schlee, it’s Wednesday, November 20th, and these are your cybersecurity headlines.

President-elect Donald Trump’s upcoming administration is anticipated to significantly alter the focus and structure of the Cybersecurity and Infrastructure Security Agency. Critics argue that CISA’s mission has expanded beyond its core responsibilities, prompting discussions about refocusing on federal and critical infrastructure protection. The appointment of Elon Musk and Vivek Ramaswamy to lead a government restructuring initiative may impact CISA’s funding and operations. Despite potential changes, experts believe the agency’s dissolution is unlikely due to bipartisan support for its mission.

The Department of Homeland Security has issued new recommendations for integrating artificial intelligence into critical infrastructure sectors to enhance security and operational efficiency. These guidelines aim to balance innovation with risk management, focusing on protecting against AI-driven threats while leveraging its capabilities for improved threat detection and response. Key recommendations include establishing robust AI governance frameworks, conducting regular risk assessments, and implementing transparency measures to ensure trust in AI applications. The DHS emphasizes collaboration between public and private sectors to secure critical systems and safeguard national resilience in an increasingly AI-driven world.

On October 16th, 2024, the New York State Department of Financial Services released new guidance for financial institutions to mitigate cybersecurity risks associated with AI. This guidance complements existing cybersecurity regulations and emphasizes the need for updated risk assessments, incident response plans, and monitoring of AI-related threats. Specific actions include annual risk assessments, implementation of multi-factor authentication by November 2025, and robust management of third-party service providers. Financial institutions are advised to align their cybersecurity programs with this guidance to ensure compliance and effectively manage AI-related risks.

The U.S. Environmental Protection Agency’s Office of Inspector General released a report highlighting significant cybersecurity vulnerabilities in the nation’s drinking water systems. The assessment, which examined 1,062 systems serving over 193 million people, identified that 97 systems, accounting for approximately 26.6 million users, had critical or high-risk vulnerabilities. Additionally, 211 systems serving over 82.7 million people were found to have medium and low-risk issues, such as externally visible open portals. These vulnerabilities could potentially be exploited by malicious actors to disrupt services or cause physical damage to water infrastructure. The report also noted that the EPA lacks a dedicated cybersecurity incident reporting system for water and wastewater systems, relying instead on the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency for such notifications.

The cybersecurity firm Insikt Group reports that a Chinese state-sponsored hacking group, TAG-112, compromised Tibetan community websites to distribute malware. Visitors to these sites were prompted to download a malicious file disguised as a security certificate, leading to the installation of espionage tools. This tactic mirrors previous methods used by other Chinese advanced persistent threat groups. The Chinese Foreign Ministry has denied involvement in the attacks.

Ilya Lichtenstein, involved in the 2016 Bitfinex cryptocurrency exchange hack, has been sentenced to five years in prison for stealing and laundering bitcoin valued at $10 billion. His wife, Heather Morgan, was also implicated in the scheme. This case highlights the ongoing challenges in securing digital assets and the legal repercussions of cybercrimes in the cryptocurrency sector. The sentencing serves as a deterrent to potential cybercriminals targeting financial platforms.

The U.S. government has introduced new regulations aimed at curbing cybercrime, which reached a financial impact of $12.5 billion last year. The rules include a ban on transferring geolocation data of over 1,000 U.S. devices to countries of concern, such as China, Russia, Iran, Venezuela, Cuba, and North Korea. These measures target data brokers who might sell sensitive information to foreign adversaries. The initiative underscores the government’s commitment to protecting national security and personal privacy in the digital age.

Romanian cybersecurity company Bitdefender has released a free decryptor tool to assist victims of the ShrinkLocker ransomware. ShrinkLocker, identified earlier this year, exploits Microsoft’s BitLocker utility to encrypt files in extortion attacks targeting entities in Mexico, Indonesia, and Jordan. The decryptor enables affected users to recover their data without paying the ransom, highlighting the importance of collaborative efforts in combating ransomware threats.

On November 12, 2024, Microsoft issued security updates addressing vulnerabilities across multiple products. These updates aim to prevent cyber threat actors from exploiting these vulnerabilities to gain control over affected systems. Users and administrators are encouraged to review the Microsoft Security Update Guide for November and apply the necessary updates to maintain system security.

ESET researchers have conducted an in-depth analysis of the backend modules of RedLine Stealer, a notorious infostealer malware. Following international authorities’ takedown of RedLine Stealer, ESET’s research provides insights into the malware’s operations and infrastructure. This analysis aids cybersecurity professionals in understanding and mitigating threats posed by similar malware. The findings underscore the ongoing need for vigilance and advanced threat detection in the cybersecurity landscape.

And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Tuesday, November 6, 2024.

Headlines this week:

Fortinet Flaw Exploited
AWS CDK Vulnerability Patched
SEC Charges Over SolarWinds Disclosures
REvil Members Sentenced in Russia
Meta’s WhatsApp Security Update
CISA and FBI Probe China-Linked Hacks
Change Healthcare Data Breach
Delta Sues CrowdStrike Over Outage

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the CloudCast Studios at Skyhigh Security, I’m Scott Schlee, and these are your Cybersecurity Headlines for the week of Tuesday, November 6th, 2024.

Fortinet recently disclosed a critical flaw in its FortiManager software, which has been actively exploited in zero-day attacks to compromise systems. This vulnerability, known as an out-of-bounds write, allows remote attackers to execute arbitrary code, giving them unauthorized control over affected systems and the ability to steal sensitive data. Organizations using Fortinet products have been strongly urged to apply patches immediately to mitigate potential risks.

Critical vulnerability in Amazon’s cloud development kit allowed potential account takeovers, exposing users to security risks. This flaw, if exploited, could enable attackers to gain full control over AWS accounts through improperly secured S3 bucket configurations. Amazon has since released a patch for the CDK urging all users to update to the latest version to secure their cloud environments against this risk.

The SEC has charged four companies, including Unisys and Avaya, for misleading disclosures regarding their cybersecurity practices following the 2020 SolarWinds cyberattack. These firms allegedly failed to adequately inform investors about the extent of their exposure to cybersecurity risks, instead providing only generic or incomplete risk information. As a result, fines totaling $6 million have been imposed on the companies, with Unisys paying the largest penalty of $4 million.

Four members of the notorious REvil Ransomware group were sentenced by the St. Petersburg Garrison Military Court to several years in prison. These individuals were found guilty of crimes related to the illegal circulation of payment methods, marking a rare sentencing for cybercriminals within Russia. This group, linked to high-profile ransomware attacks had been apprehended in 2022, and this verdict signals a significant stance by Russian authorities against certain cybercrime activities.

Meta recently introduced an enhanced security feature for WhatsApp known as Identity Proof Linked Storage, IPLS, which provides encrypted storage for user contacts. This new update aims to improve user privacy by safeguarding contact data within WhatsApp, ensuring that only the user can access their stored information. In addition, WhatsApp continues to rely on end-to-end encryption to secure messages, calls, and other media shared through the app, reinforcing its commitment to user privacy.

The FBI and CISA are investigating a series of cyber intrusions allegedly orchestrated by Chinese state-sponsored actors targeting U.S. telecommunication networks. Reports indicate that high-profile political figures, including former President Donald Trump and Vice President Kamala Harris, were those affected by these attacks. Breaches raise concerns about potential compromises in national security, and U.S. agencies are urging organizations to remain vigilant and report suspicious activity.

In February 2024, Change Healthcare, a leading healthcare payment processing company, experienced a significant ransomware attack compromising the personal and health information of approximately 100 million individuals. This breach affected sensitive data including medical records and financial details, leading to heightened privacy concerns across the healthcare industry. In response, Change Healthcare has offered impacted individuals two years of free credit monitoring and identity theft protection to mitigate potential fallout from the data exposure.

And finally, Delta Airlines has recently filed a lawsuit against CrowdStrike, a prominent cybersecurity firm following a major system outage in July 2024 that led to significant operational disruptions. Delta alleges that CrowdStrike’s cybersecurity solutions failed to protect its systems effectively, resulting in the costly outage and downtime. The lawsuit highlights concerns about accountability and service reliability and partnerships between large corporations and cybersecurity providers, especially in the aviation industry, where such outages have far-reaching impacts. CrowdStrike, known for its high-profile cybersecurity clients, is expected to defend against these claims, which could set a precedent for similar cases in the industry.

And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Tuesday, September 17, 2024.

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the CloudCast Studios at Skyhigh Security, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Tuesday, September 17th, 2024.

U.S. authorities, including the FBI, CISA, and other agencies, have issued a joint advisory warning about the increasing threat of the RansomHub ransomware gang. The group has already targeted over 200 victims across critical sectors like healthcare, manufacturing, and government services. The advisory emphasizes the importance of implementing phishing resistant, multi factor authentication, prompt software updates, and phishing awareness training to mitigate ransomware risks.

RansomHub’s efficient ransomware as a service model has made it a prominent player in the ransomware landscape. The group has claimed responsibility for last week’s attack on Planned Parenthood, threatening to leak sensitive data, including 93 gigs of confidential patient and organizational information, and is threatening to publicly leak the data unless a ransom is paid. This attack is part of RansomHub’s broader campaign against healthcare organizations, marking a significant escalation in their ransomware activities.

In its September 24th patch, Tuesday, Microsoft addressed 79 security vulnerabilities, including four actively exploited zero days. Most critical flaws involve remote code execution and privilege escalation vulnerabilities affecting Windows Installer, Publisher, and Windows Update, among others. Microsoft is urging users to apply the patches immediately as some of these vulnerabilities could allow attackers to take full control of systems, compromising confidentiality and security. The patch releases a crucial update for both enterprise and individual users to safeguard against ongoing cyber threats.

Ivanti has released urgent security updates to address critical vulnerabilities in its Endpoint Manager software. Including a remote code execution flaw with a maximum severity score of 10. These vulnerabilities, if left unpatched, could allow attackers to execute arbitrary code and take control of affected systems. The company is urging users to apply the patches immediately. as there are reports of active exploitation of these vulnerabilities. Ivanti’s swift response aims to prevent further attacks and protect enterprise environments from these high-risk threats.

The Port of Seattle, which manages Seattle Tacoma International Airport, confirmed that an August 2024 outage was the result of a ransomware attack. This breach compromised sensitive data related to airport operations, with attackers potentially accessing critical system information. While the full extent of the breach is still under investigation, the incident highlights the vulnerability of critical infrastructure to cyberattacks. Authorities are working to mitigate the impact and strengthen defenses against future threats.

Google has introduced a new air gapped backup vault as part of its cloud backup and disaster recovery service to combat ransomware attacks. This feature offers immutable and indelible backups, meaning the stored data cannot be modified or deleted. Even by attackers who gain system access. The vault is designed to protect organizations from ransomware that targets backup data, ensuring that they have a secure, untouchable copy for recovery in case of an attack.

The U. S. based Free Russia Foundation suffered a cyberattack linked to Cold River, a Kremlin affiliated hacker group. Thousands of sensitive emails and documents were leaked online, potentially impacting the nonprofits pro-democracy efforts.

And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

Today, I’m joined by Sekhar Sarukkai, technologist, entrepreneur, educator, and advisor to Skyhigh Security to explore how companies can leverage artificial intelligence to drive productivity and boost their security measures against evolving cyber threats. We’ll discuss practical strategies and the evolving landscape of AI that can help organizations stay ahead in this rapidly changing world.

You can find Sekhar Sarukkai on his LinkedIn page here.

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

Scott Schlee:
It’s September 11th, 2024. I’m your host, Scott Schlee, and you’re listening to Skyhigh Security Cloudcast. Today, I’m joined by Sekhar Sarukkai, technologist, entrepreneur, educator, and advisor to Skyhigh Security to explore how companies can leverage artificial intelligence to drive productivity and boost their security measures against evolving cyber threats.

We’ll discuss practical strategies and the evolving landscape of AI that can help organizations stay ahead in this rapidly changing world. Sekhar, thank you for joining us today. How are you?

Sekhar Sarukkai:
Oh, I’m great. Thank you so much, Scott, for having me here.

Scott Schlee:
Sekhar, can you tell me your position within Skyhigh Security?

Sekhar Sarukkai:
Yeah, it’s it’s an interesting one. I, as you may know, I was one of the Sekhar of Skyhigh Networks. And then after it got acquired by McAfee, I was there with McAfee for a couple of years, and then I left to do other things like teach, which I do cybersecurity at UC Berkeley, and I’ve worked with a lot of VCs and stuff.

But recently, when Vishal, the new CEO came aboard he had reached out to see if there’s some consulting, more like helping with some of the trends and newer issues to deal with, in the industry. And that’s how I’m engaged with Skyhigh now, purely as a, on a consultative basis as an advisor, essentially.

Scott Schlee:
I know we’re very happy to have you as a part of the team, and more I’m happy to have you today joining us to talk about AI, future trends, what Skyhigh Security is doing with AI, and so I was hoping maybe we could spend a few minutes just talking about, first, What are some emerging AI technologies that are likely to shape the future of cybersecurity?

Sekhar Sarukkai:
That’s such a loaded question that can be in our conversation, but all of us, I think the world, literally the IT world, at least transformed a couple of years ago when ChatGPT just took off, right? It’s there’s something there where people felt in their gut that it is different and there’s a lot of different uses of it, which have sprouted, incredible amount of innovation in the space.

And I think that will continue to grow. There are some key areas where I think which are stable and people know where it’s going to evolve, like the foundation models. But what what open AI and. Bunch of others are doing. I think it’s got a steady path. There’s a lot of interesting work around multimodal, which is not just text, which is where it’s generated, but with audio video images.

Fascinating how much it’s changed. Today you can give a prompt. And outcomes, a video clip of an imagined space, right? Which looks pretty realistic. And so there’s a lot of work in that area, I think, which will evolve. And as deep fake is one of those. Bad uses of that technology where I can make it look like I’m used God is saying something which he never did and it’s going to be very challenging to discern that from reality So that’s that whole multi modal ai is has a lot of cool things you can do but also has You know security issues which come with it the other big area I would say is It is getting attention recently in the last, I would say, couple of quarters is around agentic AI, which is, if you go to ChatGPT, you ask it to summarize a document or a movie, maybe it does a great job of it, but if you want to ask it to go book a ticket for your to go to a movie, coordinate calendars with your friends to go watch it.

It’s not going to be able to do that. And so there’s this new evolution of extending LLMs and AI to actually take action. So these are large action models. And there’s a lot of enterprise use. Or use cases of that which sort of feed into where I think the big value for all these AI technologies may evolve into.

And this is, what some people call the next generation of SaaS, right? Today, if you, if anybody talks about SaaS, it’s like Office 365 or Salesforce or the world. It’s basically software as a service. Anything which was previously had to, download or deploy in your servers, you actually consume it as a service.

What the next generation of that, which agentic systems and others will evolve to help is to create what’s called, what can be thought of, as service as software, which is, if you look at what a sales guy does today, but Salesforce has They use salesforce as a way to make them more productive and going and closing a deal or running a campaign or whatever it may be what the next generation would do is take the next step, which is not.

Just to be almost like a Copilot, but to make it an autopilot where you can actually get a virtual sales agent, right? So rather than helping some human complete their task better, this is going to basically be able to do what the human does, right? And that’s the automation. That’s the task analysis.

And there’s obviously good and bad to it. I don’t know where it’s going to end up in terms of. Society and jobs and people, but, the motion towards saying, okay, I have I want to accomplish something, give it a goal and being able to decompose that into tasks which need to be completed and actually go and execute it.

And complete the tasks is something which has evolved quite rapidly. I would say there’s some fascinating demos that you can see online. There’s one of a developer a developer agent, if you will. And this is you can search for a video, in YouTube for Devin. Devin is The persona of a developer, but it’s fascinating to see it work in real time, where it generates code.

And then if there is some exception or an error, it actually goes and searches. All the watering holes for developers sub stacks or wherever else it may go find it and go fix the problem and read on it and deployed all of that. So that whole notion of being able to get to that automation is something which is real and can have profound impact for enterprises.

Scott Schlee:
And I guess a lot of people, developers such as myself, will look at that and take it one of two ways, be afraid that this is going to somehow take my job away, or do I look at it as this is going to be an assistant for me to be more efficient in my work?

Sekhar Sarukkai:
Yeah, and that’s the million dollar question, right?

I don’t know where it’s going to end and some, you see some demos, you say, you know what, that’s not true. That can’t, really do what an expert programmer would do. And then you see a next demo where it’s wow, that’s doing it. Yeah. Or you don’t need, 20 people in a team, maybe there’s a one person developer.

Who can build a startup from scratch and develop the code as well with some of this technology,

Scott Schlee:
I know that the saying is that today’s AI is the dumbest it’s ever going to be It’s only gonna get smarter and better. So I’ve seen just in the past three years, six months to a year, we’ve all seen AI progressing dramatically leaps and bounds from where it was, at its infancy.

Sekhar Sarukkai:
Absolutely, Scott. And I think that’s also depending on which side of the bed you get up, I think it’s either a huge opportunity or a big concern.

Scott Schlee:
So how are these advancements in gen AI? We’re talking like open AIs out there so anybody can get their hands on it and actually use it for good or nefarious purposes.

How are those advancements going to impact cyber security in terms of threats and defenses?

Sekhar Sarukkai:
Yeah, this is again It’s so rapidly evolving that you’ve already seen issues you would have not thought was a real issue just two years ago. And I think as cybersecurity practitioners The job is just going to get harder.

I think it’s because of a lot of things. Today, if you look at, if you ask people about security with, in the GNI context, there’s a lot of startups and, even established companies like Skyhigh, you’re looking in, into what does it mean to secure LLM itself, right? There’s this notion of jailbreaking, or, how can you actually coax the model to give out an answer which is not appropriate, things like that.

There’s also concerns around data leakage, there’s a classic example with the Fortune 100 company where the the salary of the CEO was exposed by the chatbot, which had been created on top of a JNI platform. Things like that, which are, very important and something which A lot of people are working on and that it will continue to be either augmented into platforms like Skyhigh SSE or partnerships with, emerging startups to help fill that natural gap.

But there are other issues which come out from from the offensive side, right? So this is a classic case of where the bad actors are faster in adapting to some of these changes, right? So I’ll give you a classic. We talked about Devin, right? So let me use that example. So Devin, when it finds an issue it can go to one of these watering holes.

stack overflow to see, okay, why did I get this error? And what is the fix for it? And it’ll look at, comments by various developers and choose the right one and implement that fix. Now, what it turned out actually this was published a couple of months ago, actually, was there’s a bad actor.

I think it’s a state sponsored actor who are doing something very, Interesting. They were actually publishing backdoored malicious Python libraries in Stack Overflow and not just publishing it. Publishing in GitHub, talking about it in Stack Overflow. And

Scott Schlee:
As a solution for a problem.

Sekhar Sarukkai:
To that, exception or whatever.

And so imagine if you are a human and if it’s a Copilot, like GitHub Copilot, which tells me to go fix this, but I would go to stack overflow, find it. Take that, use my judgment to say, you know what, this sounds like something I may not use or whatever, right? And it’s up to me to decide whether to update with that new Python library.

But if it is agentic like Devin, what are the controls and how, because it’s all about speed and efficiency and how quickly and cool cool ways it can solve it. And I don’t even know if there is a quantitative way in which you can judge whether those comments in Stack Overflow should be ignored or not.

So the risk of essentially a data supply chain attack in this case, right? So is very real for AI because I’m talking about In this example, in, at inference time, at time when you’re actually using the model. There’s a lot of these kinds of issues around the data supply chain, which is around what data was actually used to train the model itself.

And there’s definitely questions around, malware and malicious data, but there’s also fundamental questions around data ownership, copyright issues, things like that. And these may become increasingly challenging for enterprises who may be held liable for breaking a copyright. whether or not it was generated by Gen AI for them, right?

If they use it in something which is of value to them or it’s public somebody can sue them for it. So there’s definitely those kinds of issues, which I think will need to be thought out further. And I think fundamentally, finally, I would say. Because there is this strong move towards an agentic world and this automation of things and replacing people and the choices we make by AI, A bad actor’s campaign may not even touch a human because it happens at the speed of AI.

So there is a bad actor who would launch an attack, which is based purely on AI because the AI finds a vulnerability in your environment and launches the attack. Like Devin did for good reasons to create code, a bad actor can use it to penetrate a network, right? To exfiltrate data. And If that happens, reacting to it at the speed of humans is not going to help because humans will have to then, like today’s world, you’d create a, it goes to the sock and you create a ticket and somebody needs to figure out who owns it, finds an issue.

That’s, that’s not going to work.

Scott Schlee:
Hours to days before it gets addressed.

Sekhar Sarukkai:
And so you need, it’s almost like these comics, which used to be there, I’m dating myself. I was growing up, which is a spy was a spy, it’s the same kind of thing, which is AI versus AI, right? That’s where I think the real cybersecurity action would be over time.

Scott Schlee:
That’s an interesting concept that I know a lot of people have, theorized how that would work out AI versus AI and. In more of a Wild West scenario, you just really have to prepare for the worst.

Sekhar Sarukkai:
Yeah, no, actually the way I think about it is Skyhigh is one of the pioneers in CASB, Skyhigh, when Skyhigh was Skyhigh’s network and then it morphed to Skyhigh Security.

And the domain itself, Gartner’s Lingo, it’s morphed from CASB to SSE Secure Service Edge, and it has CASB, it has SWG, RBI, a bunch of other features, but where I think Skyhigh is going, and I think it’s Natural extension of the SSC platform is to address AI holistically, because if you think about enterprises the way and we’ve looked at in Skyhigh has looked at enterprise data, and I believe they’re going to publish this report on some very fascinating data, which I’m sure you’ll do another podcast on it.

And at some point not to reveal too much of the data, but Some of the interesting findings are that a lot of enterprises, they really are embracing gen AI, but a lot of the big enterprises are actually blocking ChatGPT because it’s a, it’s almost like a contradictory perspective, but really what they’re saying is it’s so important.

And there’s so many unknowns that I want to deploy in my own private instance. Rather than use ChatGPT as a SASS, right? So they don’t allow their employees to make queries to ChatGPT, but they’ll have their own enterprise instance of it. Where you can, the employees can go and ask those queries because they’re worried that data could, Be leaked into this fast based ChatGPT environment and they’re OK to get the value. If it’s internal.

Scott Schlee:
As long as they’ve set up the guardrails that they’ve approved.

Sekhar Sarukkai:
Yeah, no, not only that, they actually in almost all of these cases, they use like Azure AI, they’re it’s a pass deployment on a public infrastructure, but within their VPC, essentially only their employee employees are using that instance of GPT.

Either through API or through the UI, which is a ChatGPT, and similarly with AWS, all of these public cloud environments have grown some Pretty healthy business around that. So the first step is really to get visibility into what Gen AI is being used. This is almost the shadow IT of 10 years ago when cloud was being used by all businesses.

Now a lot of the CISOs want to know what are the AI, which is being used by my enterprise, which lines of business, is it risky or not? There’s some LLMs, which are okay. Some which are suspect because you don’t want to, maybe it’s more amenable to malware attacks and jailbreaking, which could impact, employees or the customer’s perception of this this enterprise.

So that, that level of visibility. And with attributes which are specific to JNI and LLM is something which sky has being one of the first, if not the first SSE vendor to bring to market, right? Which is to be able to not just discover. And report on what A. I. Is being used by an enterprise, but also have a risk based view into which ones are risky, which ones are not and so on.

But then it goes beyond that, I think, because I think the Skyhigh platform as we all know, right? It’s actually very strong in data security. It’s the CASB roots there in data security as well. A lot of the concerns which customers have is around data leakage, right? And that’s why they even block ChatGPT, but they enable, the private use and so on.

And there’s a big use case for SSEs around Office 365. And the other interesting finding, which you will see in the SkyHive report as well, is that There’s one LLM or Gen AI, which is really, which really stands out in enterprise usage compared to anything else, by orders of magnitude, like three orders of magnitude.

And that is the use of Office 365 Copilot. It’s the Microsoft Copilot and Copilots are built on top of, your Gen AI foundational models. OpenAI’s GPT 4. 0, or maybe it’s a LLAMA model or, a bunch of others. Anthropic, whatever it may be. But basically Microsoft uses OpenAI, but they created this Microsoft Office 365 Copilot, which is an add on to Office 365.

And what it does is it not only Allows their users of Office 365 to have a free form interaction like you do a ChatGPT, but also contextualizes it to all of the enterprise data, which Office 365 has visibility into. And if you think about a large enterprise, they’re all standardized on Office 365, right?

They all have SharePoint, OneDrive Microsoft Teams, all of the email, everything which a business and you, employees in the business use today to interact and be productive and create value is in a Microsoft platform, is stored somewhere in Microsoft platform. And the Microsoft Copilot actually indexes All of that.

And they have some controls to say which ones you don’t want to index and so on. But because of the fact that it’s bundled in or it’s an add on to Office 365, the adoption of Microsoft Copilot is really, head and shoulders above anything else. And that may pull in the usage of OpenAI and stuff, but Because employees are using Office 365, because they interact with the Copilot, because a lot of sensitive data is in the Microsoft environment, I think the data protection, natural natural extensions of Sky has data protection.

Into the Copilot world are can be humongously valuable for customers. There’s a lot of issues around that. I know that Microsoft has some baseline controls, but just SSE is needed for some of these larger enterprises, I think, with Copilots, it becomes even more important.

There are classic examples with Microsoft Copilot, for example there’s applications which can actually connect to Copilot through APIs. And so they, that becomes a vector of exfiltration of data potentially. There’s use, situations where there may be there’s some very interesting attacks, which were presented for Copilot in the recent Black Hat conference, you should, if somebody’s interested, they should search for Copilot and you’ll see some attack vectors, which try to do to craft, as an example, craft a spear phishing attack using the intelligence, which is there in the Microsoft Copilots platform.

You can actually coax the Copilot to respond to who all were in a meeting or what’s the email address of somebody you communicated with the most. And what’s. What did you talk about last with that person? And then get, extract enough information from this interaction with Copilot and then craft a message to ask this person to do something, which

Scott Schlee:
To members as a group, from your CEO

Sekhar Sarukkai:
Exactly.

Scott Schlee: Shaker, what AI solutions does Skyhigh Security have and how are we preparing for the future?

Sekhar Sarukkai:
I think customers are asking for. a better way to manage Copilot deployments today. And what I’ve, so it’s not as much in the future as much as it’s a need, right? And Skyhigh I know is positioned to take the strength in data protection for Office 365 environments and apply it To Copilot basically by doing the same DLP kind of test, right?

For example, Skyhigh already has capabilities to say, and if I’m collaborating with you on a document and suddenly I, and let’s say I’m a contractor. Or let’s say I’m an advisor in this case, Scott, you’re sharing something with me and you’re about to share something very sensitive, which is not amenable for non employees or non executives or whatever.

We already SkyHive already has an ability to say, okay stop collaboration on something which has changed in terms of the content is more sensitive than it should be allowed to be shared, right? So that’s the same kind of thing. With Copilot being able to say, as you as you’re generating content, if there’s something sensitive, which is more at a sensitive sensitivity, sorry, level more than I have, they should be able to block it.

So sky can potentially help with that. Sky is actually working with some AI, a specific AI startup, which is focused on creating guardrails. This is a startup called Encrypt which we did integrate for the risk scoring from the red teaming perspective, but we’re also integrating them for guardrails, right?

So the same guardrails you have for ChatGPT to say, you shouldn’t jailbreak is important for Office 365 as well, right? So you don’t want to have Office 365 spit out something. Inappropriate so being able to address that is something which Skyhigh can help customers with.

I think being able to understand sensitivity. Of the document being able to protect it, but in terms of collaboration, in terms of who can see that and being able to remediate it in near real time either through our API integrations, which we have with Office 365 already, or through our proxy, either a forward or reverse proxy our approaches, which I think are being considered and being worked on right now.

Scott Schlee:
I really appreciate you coming on and clarifying quite a lot of this, because I know it is, like I said before, it’s the wild west right now with AI and There’s a lot of conflicting information out there. Some people just don’t fully grasp where the AI is, where it’s going, and how to protect your sensitive data.

I really hope we can talk again very soon because I’m sure within three months, everything’s going to be completely different. So I would love to have you on again for an update.

Sekhar Sarukkai:
Absolutely, Scott. My pleasure. And I’d be glad to jump on. There’s a lot of interesting topics around this and we’re covering that.

And I think there’s a lot, there’s a need for enterprises to some visibility into how the industry is thinking about. This evolution of the space and, some of the questions you asked around the relevance of Gen AI. To security and the security of Jenny, I both are super important, and this is going to be a longer conversation for sure.

Scott Schlee:
That is true. Shaker. How can people reach out to you if they want to find you online?

Sekhar Sarukkai:
I think the best way is through LinkedIn to search for shaker. So okay and let’s get connected and love to get everybody’s perspective on this emerging area. Which is of utmost importance.

Scott Schlee: Very good.

And his information will be in the show notes. I will have a quick link for you there and. Feel free to reach out to him, to me, to Skyhigh Security. We’d love to talk to you about the future of AI and how we can help out.

Sekhar Sarukkai:
Thank you.

Scott Schlee:
Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update.

If you liked the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or Cloudcast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

From the CloudCast Studios at Skyhigh Security, I’m your host Scott Schlee and these are your Cybersecurity Headlines for the week of Tuesday, September 10, 2024.

Thank you for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

It’s September 10th, 2024, and you’re listening to Skyhigh CloudCast. I’m your host, Scott Schlee, and these are your cybersecurity headlines.

Overall increase in malware attacks being reported. Several cybersecurity firms have reported an increase in malware attacks across various sectors. There’s been a significant increase in malware attacks globally with various regions experiencing sharp rises. In 2022, Europe, Latin America, and Asia recorded malware attack increases of 10%, 17%, and 38% respectively. While ransomware attacks involving public extortion saw a 13% year-over-year increase in Q2 2024, totaling about 1,200 incidents. This upward trend underscores the growing threat landscape and the need for enhanced cybersecurity measures.

Attacks linked to NATO and EU cyber-attacks. German intelligence has linked a series of cyber-attacks on NATO and EU organizations to Russia’s GRU, highlighting ongoing geopolitical tensions in cyberspace.

A Wisconsin insurer discloses major data breach. Wisconsin Physicians Service Insurance Corporation, WPS, has disclosed a major data breach affecting 950,000 individuals. The breach occurred due to the Move It hack last year, which resulted in the theft of personal information such as names, social security numbers, and medical data. This incident underscores the ongoing risks associated with cyber threats targeting sensitive data in the insurance sector.

Leaked Disney data reveals financial and strategy secrets. The leaked Disney data reveals detailed financial and strategic information about the company, including revenue figures for Disney Plus and ESPN Plus, and specific pricing strategies for Disney’s theme parks. The data provides insights into Disney’s business performance and internal strategies that are typically kept confidential.

Russia’s RT seeking to push U.S. voters toward Trump, U.S. intelligence officials say. Russian state media outlet RT is actively attempting to influence U.S. voters to support Donald Trump in the upcoming 2024 presidential election. U.S. intelligence officials report that RT is using American and international personalities to promote content that favors Trump, reflecting a broader strategy by Russia to sway the election in favor of the Republican candidate.

Russian hackers exploit U.S. government contractors. Russian state-sponsored hackers have breached multiple US defense contractors to gather sensitive information on the development and deployment of American weapons systems. The attacks, which began in early 2020 and continued through 2022, involved leveraging access to contractor networks to collect intelligence. These breaches have exposed critical supply chain vulnerabilities within US Defense infrastructure, enhanced cybersecurity measures and contractor operations.

Australian government tightened cybersecurity regulations. In response to rising threats, the Australian government has introduced stricter cybersecurity regulations, focusing on protecting critical infrastructure and sensitive data.

And in education news, the US government is removing four-year degree requirements for federal cyber jobs. The U.S. government is removing the four-year degree requirements for many federal cybersecurity positions to attract a wider range of talent and address the critical need for cybersecurity professionals. This initiative, part of a broader shift towards skills-based hiring, aims to provide more opportunities for individuals with practical experience and certifications rather than traditional educational backgrounds. The move is expected to boost the federal cyber workforce by making it easier to hire qualified candidates who possess relevant skills but may lack a formal degree.

And those are your headlines for the week. Thank you again for listening to Skyhigh CloudCast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast.

For more information about Skyhigh Security or CloudCast, please visit SkyhighSecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.