🚨 Cyber News: CISA 2024 Priorities, ExpressVPN User Data Exposed, Ivanti Exploit, Azure Hijacking, FCC Order

CyberHub Podcast

1×

0:00

Current time: 0:00 / Total time: -14:22

-14:22

🚨 Cyber News: CISA 2024 Priorities, ExpressVPN User Data Exposed, Ivanti Exploit, Azure Hijacking, FCC Order

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines

James Azar

Feb 13, 2024

Transcript

Detailed News Summary: CyberHub Podcast Highlights

Revamping the Kill Chain & Ivanti's Downfall: Upcoming Insights

Exciting Developments in Security Operations: Host James Azar discusses upcoming Substack articles, including a fresh take on the kill chain concept and the challenges facing security vendors, notably Ivanti's recent struggles. These pieces aim to enhance security practices and offer guidance on vetting security vendors.

Microsoft Azure Phishing Campaign Exposes Executive Accounts

Sophisticated Phishing Tactics: A phishing campaign detected in late November has compromised hundreds of Microsoft Azure user accounts, targeting senior executives to access confidential information and conduct fraudulent transactions. Proofpoint's Cloud Security Response Team issued an alert, recommending targeted self-defense measures to combat these threats.

CISA's 2024 Priorities for Joint Cyber Defense Collaborative

Strengthening Cyber Defense: CISA outlines its 2024 priorities, focusing on defending against APT operations from global threats, raising cybersecurity baselines to prevent intrusions, and anticipating emerging risks. This initiative emphasizes the importance of government and private sector collaboration in enhancing national cybersecurity.

Ivanti Faces Exploited Vulnerability

Security Challenges for Ivanti: Hackers exploit a server-side request forgery vulnerability in Ivanti's products, deploying the DS log backdoor on affected devices. This incident highlights ongoing security issues for Ivanti, adding to the company's recent difficulties.

ExpressVPN Addresses DNS Request Leak

Bug Fix in VPN Service: ExpressVPN disables split tunneling on its Windows client to address a bug that caused unprotected DNS requests, potentially exposing user activities to ISPs. The issue, present in versions since May 2022, underscores the challenges in ensuring VPN security.

Bank of America Customer Data Breach Alert

Service Provider Hack Impacts Customers: Bank of America warns customers of a data breach resulting from a hack on its service provider, exposing sensitive personal information. The breach's scale is yet to be disclosed, but it signifies the risks associated with third-party vendors in the financial sector.

FCC Tightens Data Breach Reporting Rules for Telecoms

Enhanced Accountability Measures: The FCC updates its data breach reporting rules, requiring telecommunication companies to report customer PII breaches within 30 days. This move aims to strengthen the protection of sensitive customer information and hold telecom providers accountable.

UN Investigates North Korea's Crypto Cyberattacks

Global Security Concerns: The United Nations plans to investigate North Korea-sponsored cyberattacks on cryptocurrency companies, which have allegedly funded the country's nuclear program. This investigation highlights the ongoing challenges in curbing illicit cyber activities by sanctioned nations.

Podcast Conclusion

Stay Informed and Secure: The podcast wraps up with a call to action for listeners to stay informed and prioritize cybersecurity in their daily lives. The humorous take on the UN's efforts against North Korea's cyber activities serves as a light-hearted end to a content-rich episode.

Discussion about this podcast

CyberHub Podcast

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.

Listen on