CyberWire Daily: Cisco Breach, SonicWall Ransomware Alert, Nvidia Vulns, and CISO Strategy
N2K NetworksAugust 5, 202532 min851 views
23 connections·40 entities in this video→Data Breaches and Vulnerabilities
- 🎣 Cisco disclosed a data breach impacting user profile data from cisco.com, stemming from a voice phishing scam targeting an employee and affecting a third-party CRM system.
- ⚠️ SonicWall issued a warning to disable SSLVPN services due to a suspected zero-day flaw being exploited by ransomware gangs, potentially bypassing MFA.
- 🐧 Researchers discovered Plague, a stealthy Linux backdoor that provides persistent SSH access by embedding itself as a malicious pluggable authentication module, evading detection and system authentication.
- 🤖 New vulnerabilities in Nvidia's Triton inference server were uncovered, posing a significant risk to AI systems and potentially allowing remote attackers to gain server control and expose sensitive data.
- ☁️ Cloudflare accused AI startup Perplexity of using stealthy methods to bypass web scraping restrictions, leading to Perplexity's bots being blocked.
- 📧 A malware campaign targets Microsoft 365 users with fake OneDrive emails, leading to the download of malicious installers that grant attackers full remote access.
- 💰 The US Treasury is warning of increased criminal activity involving cryptocurrency ATMs, which are being exploited for scams and money laundering, resulting in significant victim losses.
- 🌍 A global infostealer campaign has compromised over 4,000 victims across 62 countries, stealing a vast number of passwords, credit card numbers, and browser cookies.
Cybersecurity Strategy and Exercises
- 🤝 Marty Momdjian of Ready1 by Semperis discussed Operation Blind Spot, a tabletop exercise simulating a cyberattack on a critical infrastructure water treatment facility, focusing on real-time tactics of threat actors and defenders.
- 🎯 Nigel Hedges shared insights on how CISOs can shift cybersecurity from a technical problem to a business priority, emphasizing understanding business strategy and stakeholder needs.
- 📊 Hedges also advised on preparing for board-level presentations by focusing on materiality and business impact, cutting down information to essential points that connect to the organization's fiduciary duty.
- 💰 Prioritizing cybersecurity spending involves mapping proposed initiatives to business strategy and comparing spend against industry benchmarks, with transparency about resource limitations.
Unusual Data Mishandling
- 🏥 A major Thai hospital was fined after patient medical records were found used in snack bags, highlighting a severe lapse in document destruction protocols by an outsourced contractor.
Knowledge graph40 entities · 23 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover · drag to explore
40 entities
Chapters13 moments
Key Moments
Transcript116 segments
Full Transcript
Topics17 themes
What’s Discussed
Data BreachPhishingRansomwareZero-Day VulnerabilityLinux BackdoorNvidia TritonAI SecurityWeb ScrapingMalware CampaignMicrosoft 365Cryptocurrency ATMsInfostealerTabletop ExerciseCybersecurity StrategyCISOBusiness RiskData Privacy
Smart Objects40 · 23 links
Companies· 13
Events· 7
People· 7
Products· 6
Concepts· 6
Media· 1