Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key. CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail. In our 'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here.
Selected Reading
Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge)
Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer)
NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York)
Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google)
‘Poseidon’ Mac stealer distributed via Google ads (Malwarebytes)
Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek)
Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online)
CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek)
Metallica’s X account hacked to promote crypto token (Cointelegraph)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
(music) You're listening to the Cyberwire Network, powered by N2K. (music) (music) Identity architects and engineers simplify your identity management with Strata. Securely integrate non-standard apps with any IDP, apply modern MFA, and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress-free identity management and join industry leaders in transforming their identity architecture with Strata. Visit strata.io/cyberwire, share your identity challenge, and get a free set of AirPods Pro. Revolutionize your identity infrastructure now. Visit strata.io/cyberwire and our thanks to Strata for being a longtime friend and supporter of this podcast. (music) (music) (music) (music) (music) Arkin saw Sue's temu over privacy issues. Polyfill returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the Dragon Bridge. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs? Microsoft warns of an AI jailbreak called Skeleton Key. SISA tracks exploited vulnerabilities in GeoServer, the Linux kernel and RoundCube web mail. In our threat vector segment, Dave Molten speaks with Jim Foot, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer to leading a biotech company utilizing AI to personalized cancer treatments. And Metallica is not talking metal crypto. It's Thursday, June 27, 2024. I'm Dave Fittner and this is your Cyberwire Intel Briefing. Arkin saw Attorney General Tim Griffin has filed a lawsuit against e-commerce app Temu, alleging it violates state law by engaging in deceptive trade practices. Griffin claims Temu, which is the top free shopping app on the Apple App Store and Google Play Store, operates as malware, accessing nearly all data on users' phones. The lawsuit connects these allegations to past concerns with Pin Duo Duo, another app by Temu's owner, PDD Holdings, which faced security issues on the Google Play Store in 2023. The suit argues Temu collects excessive data, including sensitive information and misleads users about its permissions. Temu, Google, and Apple have yet to respond for inquiries for comments. Following up on a story we covered yesterday, the owners of polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down for delivering malicious code to over 100,000 websites. They claim the service was maliciously defamed and deny any app supply chain risks, stating their services are cached by CloudFlare. Despite relaunching on polyfill.com, security experts advise against using the service due to previous issues. Sansec researchers identified the attack and CloudFlare confirmed unauthorized use of its branding. Google has warned advertisers about the malicious code. Developers are advised to seek alternatives from CloudFlare and Fastly. A public database tracking NYPD officer profiles had security flaws that allowed potential data manipulation and malicious file insertion. Launched after 2020 police reforms, the database includes disciplinary records and other officer information. Independent researcher Jason Parker discovered these vulnerabilities and reported them. The NYPD has since secured the system blocking access to the exploit points. Developed by Rock Daisy, the database faced criticism for its security lapses. Despite claims of resolution, experts advise caution. The NYPD has not clarified if the database is used internally. Google's Threat Analysis Group has published insights on Dragon Bridge, a spammy influence network linked to the PRC, known as Spamaflage Dragon. Despite prolific content production, Dragon Bridge gets minimal engagement on YouTube and Blogger. Most content is low quality and non-political, but some supports pro-PRC views on various current events, including the Taiwan elections and the Israel-Hamas War. In 2023, Google disrupted over 65,000 instances of Dragon Bridge activity, and over 10,000 in early 2024, totalling over 175,000 disruptions. Despite efforts, their content sees practically no organic engagement with interactions mostly from inauthentic accounts. Dragon Bridge continues to adapt using generative AI tools and focusing on U.S. political and social issues. On June 24, a new campaign was detected targeting Mac users with a stealer via malicious Google ads for the Arc browser. This marks the second recent use of Arc as a lure. The Mac OS stealer, dubbed Poseidon, is an evolved version of the OS 10 dot rod stealer by threat actor Rodrigo 4, adding features like VPN configuration theft. The campaign uses fake ads and websites to distribute the malware. The stealer collects various sensitive data, including files and crypto wallet information. Malwarebytes has flagged this campaign and recommends using web protection tools to block ads and malicious sites. Security Farm Clarity revealed several vulnerabilities in gas chromatograph devices manufactured by Emerson. The units are critical for chemical analysis in hospitals and environmental facilities. Vulnerabilities include a critical command injection allowing unauthenticated remote command execution with root privileges and a high severity issue enabling admin access. Medium severity issues could lead to sensitive information disclosure or denial of service conditions. Clarity warns that compromising these devices could severely impact industries like food processing and healthcare. Emerson and SISA have advised on firmware updates and best practices to mitigate these risks. Microsoft has issued a warning about a new AI jailbreak attack called Skeleton Key. This attack allows generative AI models to bypass their safeguards and produce harmful or unsanctioned content. Skeleton Key works by altering the model's behavior guidelines prompting it to issue warnings rather than refuse harmful requests. It affects various AI models including those by Meta, Google, and OpenAI. Microsoft has shared these findings with other AI providers and updated its Azure AI models to detect and block such attacks using prompt shields. They recommend filtering inputs and outputs, monitoring for abuse, and updating algorithms to prevent inappropriate prompts. Security experts warn that continuous vigilance and information sharing are crucial to countering these evolving threats. SISA has warned about threat actors exploiting vulnerabilities in GeoServer, the Linux kernel, and RoundCube webmail. The GeoServer flaw is a code injection issue on the high EXT project patched in April 2022. The Linux kernel flaw is a use after free issue in NFT tables demonstrated at Pwn to Own Vancouver and patched in August of 2022. The RoundCube webmail flaw is a cross-site scripting vulnerability patched in June of 2020. SISA added these vulnerabilities to its known exploited vulnerabilities catalog, urging federal agencies to apply mitigations by June 17. All organizations using these products are advised to address these issues promptly. Coming up after the break on our threat vector segment, David Molten speaks with Jim Foot, CEO of First Ascent Biomedical. Stay with us. Enterprises today are using hundreds of SaaS apps. Are you reaping their productivity and innovation benefits? Or are you lost in the sprawl? Enter SAVI security. They help you surface every SaaS app, identity, and risk so you can shine a light on shadow IT and risky identities. SAVI monitors your entire SaaS attack surface to help you efficiently eliminate toxic risk combinations and prevent attacks. So go on. Get SAVI about SaaS and harness the productivity benefits. Fuel innovation while closing security gaps. Visit SAVI.Security to learn more. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. On today's segment from the Threat Vector podcast, host David Moulton speaks with Jim Foot, CEO of First Ascent Biomedical about his transition from chief information security officer to leading a biotech company utilizing AI to personalize cancer treatments. Don't be afraid of failure. And I hate the word failure, but if you're not failing, you're not pushing the limits of your own abilities and the limits of technology. If you're going to fail, fail forward. Welcome to Threat Vector, the Palo Alto Networks Podcast where we discuss pressing cybersecurity threats, cyber resilience, and uncover insights into the latest industry trends. I'm your host, David Moulton, Director of Thought Leadership for Unit 42. In today's episode, I'm going to be talking with Jim Foot, the CEO of First Ascent Biomedical. Jim and I will discuss his current mission at First Ascent. In some of the inspiring work his company is leading using their ML/AI platform to rapidly identify therapeutic solutions for cancer patients, where the options for standard care have been exhausted. We'll also discuss how Jim's background in security informs his work in the medical field. Jim uses the lessons learned as a CISO from deploying and using cutting-edge technology, defining cyber criminals in his fight against cancer. And reached out to see if he'd be willing to share his story about the shift from CISO to CEO of the Threat Vector audience. I'll have a link to the IT brew article in the show notes. Jim, thanks for joining me on Threat Vector. Oh, thank you for having me. So your transition from CISO to leading an organization using AI to fight cancers quite dramatic, talk to our audience about what drove you to make this shift. Yeah, you know, the reality is that we've all been affected by cancer in one way or another. And most of us remember exactly where we were and what we were doing when we heard that word for the first time. And for me, it was October 19th, 10 in the morning when my phone rang, and I heard those words at the other end of the phone, cancer. And as much as I wanted him to be about me, they weren't. They were about my son, Trey. Instantly, I was thrust into that world of cancer. Again, much like, you know, as a CISO when the phone rings and all of a sudden you find out you're under attack. And we went into attack mode and we started trying to resolve this problem and like every other patient, we thought we were going to beat it. After eight months of grueling chemotherapy, you know, the doctors came back and said, you know, your son's cancer's returned. And then they asked me what I wanted to do next. And I was surprised because I'm not a doctor. I'm a CISO. And, but I knew it was a solvable problem. And so I did the research. Obviously, I couldn't solve this problem in time to save my son. But I knew it was a solvable problem. And that's really why we started the company. So Jim, you've got this extensive background in cybersecurity and that's influenced your approach to leading this AI-driven biotechnology company. Are there any particular principles or practices from your IT security days that you find particularly valuable in your current role as the CEO? A CISO is always looking for more problem solvers, you know, and if we do our jobs perfectly, nobody knows we exist. My goal here is leading this company is to assemble the right team to bring the right technology together and to be able to solve this problem of cancer in a way that's going to benefit every patient whose cancer's returned. A good CISO is never the smartest one in the room. But they bring the right people with the right skills and the right technology together to solve some of these complex problems. And that's really been my mindset is to really, you know, bring the best in biology and the best in technology and the best in artificial intelligence. And let's bring us all together and solve this problem. What's the most important thing somebody should remember from this conversation? You know, a couple of things. One, you know, my hope is to better inform people about cancer and how cancer is being treated because until you enter into that world, you really don't realize that this industry is the industry that's the next one ready for digital transformation. But we have to do it safely and we have to do it with evidence. So I would say the, you know, be informed because your doctor is just a human, just like you and I. And so, you know, play an active role in your healthcare working collaboratively with your doctor. I would say to an IT or security professional, problem solving is problem solving. We all solve complex problems. We all don't limit your view of solving a complex problem, even something like cancer because you don't feel like you have the experience or the background. You may not, but you know how to solve problems and surround yourself with good people who complement you and can help you solve problems. And I think the third is, is don't limit yourself based on fear. Every time you step up to the plate, swing for the fences, you're capable of doing anything that you put your mind to. I mean, I look at myself and I'm like, you know, 15 years ago, I didn't know anything about cancer. And now I'm, you know, leading a company, fortunately, that is full of experts that know a lot about cancer. So, you know, I kind of say, I'm the poster child for you can do anything. You know, if, if a, you know, I don't see so like me, could help, you know, bring this next generation of cancer treatment into the industry that's ready for disruption. Anybody is capable of doing anything. And I think the last thing is, continuously learn, continuously learn. You've got to continue to put, push the limits of technology and the limits of your own abilities. And the only way you can do both is be a constant student. Jim, really well put. Thank you so much for coming on Threat Vector today and talking to us about your journey and the work that you're leading. I really, I've learned quite a bit and I think it's a really interesting jump from security to security or to CEO that you've made and are making an incredible impact. Well, thank you. I appreciate it. And, you know, hopefully it, you know, it's inspired that next generation. That's it for Threat Vector this week. I want to thank our executive producer, Mike Heller, our content and production teams, which includes Sheila Droski, Tanya Wilkins, and Danny Milrad. I added the show and LA Peltzman mixes the audio. We'll be back in two weeks. Until then, stay secure. Stay vigilant. Goodbye for now. Be sure to check out the Threat Vector Podcast from Palo Alto Networks Unit 42, wherever you get your favorite podcasts. [Music] Quick question. Do your end users always work on company-owned devices and IT-approved apps? If the answer is no, then my next question is, how do you keep company data safe on all those unmanaged apps and devices? One password has an answer to this question. Extended access management. One password, extended access management, helps you secure every sign-in for every app on every device, because it solves the problem traditional IAM and MDM can't touch. Check it out at 1password.com/xam. That's 1Password.com/xam. [Music] This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify. The global commerce platform that supercharges your selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps, and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify.com/tech. I'll lowercase. That's Shopify.com/tech. [Music] And finally, Metallica's official X-Twitter account got hacked yesterday and used to promote a Solana cryptocurrency token called Metal. The hackers claimed it was launched in cooperation with Ticketmaster and involved FinTech firm Moonpay, which Moonpay's president swiftly denied. Humorously tweeting, "Moonpay does not support Metal." He added, "If someone offers you a Metal token, they're not the master of puppets. They're the master of scams." Referencing Metallica's famous song. Metallica's team quickly regained control, deleting all related posts. The token briefly soared to $3.37 million in value, but crashed to $90,000 within hours. The hack remains a mystery, leaving fans and followers scratching their heads. Napster was unavailable for comment. [Music] And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the Cyberwire.com. We'd love to know what you think of this podcast. You can email us at cyberwire@n2k.com. Your feedback helps us ensure we're delivering the information and insights that keep you a step ahead in the rapidly changing world of cyber security. We're privileged that N2K and podcasts like the Cyberwire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector, as well as the critical security team supporting the Fortune 500 and many of the world's preeminent intelligence and law enforcement agencies. N2K's strategic workforce intelligence optimizes the value of your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes, our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan, our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bitner. Thanks for listening. We'll see you back here tomorrow. [MUSIC] [MUSIC] (bell dings) [MUSIC PLAYING]
