Skip to main content

CyberWire Daily: Cisco Breach, SonicWall Ransomware Alert, Nvidia Vulns, and CISO Strategy

N2K NetworksAugust 5, 202532 min851 views
23 connections·40 entities in this video

Data Breaches and Vulnerabilities

  • 🎣 Cisco disclosed a data breach impacting user profile data from cisco.com, stemming from a voice phishing scam targeting an employee and affecting a third-party CRM system.
  • ⚠️ SonicWall issued a warning to disable SSLVPN services due to a suspected zero-day flaw being exploited by ransomware gangs, potentially bypassing MFA.
  • 🐧 Researchers discovered Plague, a stealthy Linux backdoor that provides persistent SSH access by embedding itself as a malicious pluggable authentication module, evading detection and system authentication.
  • 🤖 New vulnerabilities in Nvidia's Triton inference server were uncovered, posing a significant risk to AI systems and potentially allowing remote attackers to gain server control and expose sensitive data.
  • ☁️ Cloudflare accused AI startup Perplexity of using stealthy methods to bypass web scraping restrictions, leading to Perplexity's bots being blocked.
  • 📧 A malware campaign targets Microsoft 365 users with fake OneDrive emails, leading to the download of malicious installers that grant attackers full remote access.
  • 💰 The US Treasury is warning of increased criminal activity involving cryptocurrency ATMs, which are being exploited for scams and money laundering, resulting in significant victim losses.
  • 🌍 A global infostealer campaign has compromised over 4,000 victims across 62 countries, stealing a vast number of passwords, credit card numbers, and browser cookies.

Cybersecurity Strategy and Exercises

  • 🤝 Marty Momdjian of Ready1 by Semperis discussed Operation Blind Spot, a tabletop exercise simulating a cyberattack on a critical infrastructure water treatment facility, focusing on real-time tactics of threat actors and defenders.
  • 🎯 Nigel Hedges shared insights on how CISOs can shift cybersecurity from a technical problem to a business priority, emphasizing understanding business strategy and stakeholder needs.
  • 📊 Hedges also advised on preparing for board-level presentations by focusing on materiality and business impact, cutting down information to essential points that connect to the organization's fiduciary duty.
  • 💰 Prioritizing cybersecurity spending involves mapping proposed initiatives to business strategy and comparing spend against industry benchmarks, with transparency about resource limitations.

Unusual Data Mishandling

  • 🏥 A major Thai hospital was fined after patient medical records were found used in snack bags, highlighting a severe lapse in document destruction protocols by an outsourced contractor.
Knowledge graph40 entities · 23 connections

How they connect

An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.

Hover · drag to explore
40 entities
Chapters13 moments

Key Moments

Transcript116 segments

Full Transcript

Topics17 themes

What’s Discussed

Data BreachPhishingRansomwareZero-Day VulnerabilityLinux BackdoorNvidia TritonAI SecurityWeb ScrapingMalware CampaignMicrosoft 365Cryptocurrency ATMsInfostealerTabletop ExerciseCybersecurity StrategyCISOBusiness RiskData Privacy
Smart Objects40 · 23 links
Companies· 13
Events· 7
People· 7
Products· 6
Concepts· 6
Media· 1