The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. There’s a critical vulnerability in Bitdefender’s GravityZone Update Server. BingoMod RAT targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isn’t the buzzword you think it is.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
David Moulton, host of Palo Alto Networks' podcast Threat Vector and Director of Thought Leadership, discussing the evolution of his show and what we can expect to see coming next. You can catch the latest episode of Threat Vector where David welcomes Palo Alto Networks Founder and CTO Nir Zuk here.
Selected Reading
Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (The Record)
CrowdStrike sued by shareholders over global outage (BBC)
Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks (GB Hackers)
BingoMod Android RAT Wipes Devices After Stealing Money (SecurityWeek)
Google being impersonated on Google Ads by scammers peddling fake Authenticator (Cybernews)
Western Sydney University reveals full scope of January data breach (Cyber Daily)
Maryland becomes first state to pass law against gift card draining (CBS News)
More than 7,000 NSA analysts are using generative AI tools, director says (Defense One)
Study Finds Consumers Are Actively Turned Off by Products That Use AI (Futurism)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
(phone ringing) - You're listening to the Cyberwire Network, powered by N2K. - My dad works in B2B marketing. He came by my school for career day and said he was a big row, Azman. Then he told everyone how much he loved calculating his return on ad spend. My friends still laughing at me to this day. - Not everyone gets B2B, but with LinkedIn, you'll be able to reach people who do. - Get a $100 credit on your next ad campaign. Go to linkedin.com/results to claim your credit. That's linkedin.com/results. Terms and conditions apply. LinkedIn, the place to be, to be. (upbeat music) - When it comes to ensuring your company has top-notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA, and more, saving you time and money. With Vanta, you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing trust center. Over 7,000 global companies like Atlassian, Flow Health, and Quora use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at vanta.com/cyber. That's V-A-N-T-A.com/cyber for $1,000 off Vanta. (upbeat music) (upbeat music) - The US blood supply is under pressure from a ransomware attack. Crowd strike shareholders sue the company. There's a critical vulnerability in Bitdefender's Gravity Zone update server. Bingo Mod Rat targets Android users. Hackers use Google ads to trick users into a fake Google authenticator app. Western Sydney University confirms a major data breach. Maryland leads the way in gift card scam prevention. NSA is all in on AI. My guest is David Moulton, host of Palo Alto Networks podcast threat vector. And attention marketers. AI isn't the buzzword you think it is. (upbeat music) (upbeat music) It's Thursday, August 1st, 2024. I'm Dave Bitner and this is your CyberWire Intel Briefing. (upbeat music) Thanks for joining us here again. It is great to have you with us. One of the largest blood centers in the US, OneBlood, is operating at reduced capacity due to a ransomware attack that's disrupted part of its systems. The nonprofit serving healthcare facilities across the southeastern US announced that the attack has impacted their ability to operate efficiently. They've implemented manual processes which take longer and affect inventory availability and have urged hospitals to activate critical blood shortage protocols. Despite these challenges, OneBlood continues to collect, test and distribute blood with assistance from cybersecurity experts and federal and state officials. There's an urgent call for O positive, O negative and platelet donations, although all blood types are needed. The attack on OneBlood follows a similar incident in the UK where the Synovis Pathology Service Provider was attacked by the Queelin Ransomware Gang, severely impacting the National Health Service and leading to the cancellation of critical surgeries and urgent calls for blood donations. South Africa's National Lab Service was also recently attacked, affecting efforts to manage MPOCs, HIV and tuberculosis. CrowdStrike is facing a lawsuit from its shareholders following the disastrous software update that crashed over 8 million computers worldwide. The shareholders accused the cybersecurity firm of making false and misleading statements about its software testing procedures. The incident led to a 32% drop in CrowdStrike's share price, wiping out $25 billion in market value over 12 days. The company has denied the allegations and plans to defend itself in the proposed class action lawsuit. The outage, which began on July 19th, severely affected businesses, including airlines, banks and hospitals. As of July 29th, CrowdStrike announced that the issues had been resolved. The lawsuit, filed in federal court in Austin, Texas, alleges that executives misled investors about the adequacy of software testing. Delta Airlines reported a $500 million loss due to the disruption and is considering seeking compensation from CrowdStrike. The company blames the incident on a bug in the update process and promises better testing and checks to prevent future problems. A critical vulnerability has been discovered in Bitdefender's GravityZone Update Server, raising significant security concerns. The flaw allows server-side request forgery attacks, potentially compromising sensitive data. With a CVSS score of 9.2, the vulnerability is critical, being remotely accessible, requiring high attack complexity and not needing authentication or user interaction. The issue arises from a verbose error handling problem within the server's proxy service, allowing attackers to manipulate server requests and possibly gain unauthorized access. Security researcher Nicholas Verdeer identified and reported this vulnerability. Bitdefender has quickly released a fix, urging users to update immediately to prevent exploitation. A newly identified remote access Trojan called BingoMod is targeting Android users to steal information and facilitate account takeover, according to KleeFee. Unlike known malware families, BingoMod enables attackers to initiate unauthorized money transfers by performing on-device fraud bypassing security measures. The malware steals user information such as SMS messages and credentials, performs overlay attacks and offers remote access via VNC-like functionality. Likely developed by Romanian speakers, it targets devices in English, Romanian, and Italian. BingoMod is distributed through smishing, posing as a legitimate antivirus application. Once installed, it requests accessibility services permissions, locking users out while executing its payload. It logs keystrokes, intercepts SMS messages and allows approximately 40 remote operations. Notably, it can send SMS messages from infected devices to spread further and includes a device wiping feature after fraudulent transactions. The malware is in active development, experimenting with obfuscation techniques to evade detection. Hackers are exploiting Google ads by impersonating Google to trick users into downloading malware disguised as Google Authenticator from GitHub. According to researchers from Malware Bytes Labs, these malicious ads appear official and verified by Google targeting users searching for Google Authenticator, a popular multi-factor authentication tool. The ads redirect users to fake websites that offer a malicious authenticator.exe file hosted on GitHub. Once installed, the malware, known as "Dear Stealer," exfiltrates personal data. The fraudulent ads show the official Google website, but are linked to Larry Marr, a fake account verified by Google. The scam involves multiple redirects through domains controlled by the attackers, eventually leading to the fake authenticator site. Hosting the malware on GitHub allows the threat actors to leverage a trusted platform. The report from Malware Bytes highlights the irony of users being compromised while trying to improve security and advises against downloading software via ads. Australia's Western Sydney University has confirmed a significant data breach with a hacker accessing its Microsoft Office 365 environment and Isilon storage platform. The breach lasted from July 9th, 2023 through March 16th, 2024, during which 580 terabytes of data were exfiltrated from 83 directories. In January, the university discovered the unauthorized access and notified 7,500 affected individuals. Compromised data included student IDs, personal information, and sensitive workplace details. While no evidence suggests the data has been published or threatened online, the university continues to monitor the dark web for signs of exposure. In a July 31st update, WSU stated there is no indication the breach extends beyond its Office 365 and Isilon environments. Maryland is the first state to pass a law targeting gift card scams with the Gift Card Scams Prevention Act of 2024 signed by Governor Wes Moore. The law requires gift cards sold in stores to be securely packaged to prevent thieves from accessing card numbers. Merchants selling gift cards online must register with the Attorney General's Division of Consumer Protection and train employees to detect fraud. Gift card scams have caused significant losses totaling $228 million in 2023 as thieves drain card balances before returning them to stores. Without secure packaging, gift card funds are vulnerable because thieves can easily access barcodes and pins. The U.S. Department of Homeland Security has established a task force to combat this growing issue. Over the past year, over 7,000 NSA analysts have started using generative AI tools for intelligence, cyber security, and business workflows. According to agency director General Timothy Hogg, the NSA is focusing on a few promising AI projects while encouraging experimentation with others. The agency's AI security center has been successful in identifying vulnerabilities in large language models and aims to help smaller companies lacking infrastructure protect their intellectual property. The NSA emphasizes the need for robust AI governance to ensure privacy and compliance. The agency plans to host a conference on AI and national security stressing AI's impact on future warfare and the importance of protecting critical systems and infrastructure. The NSA is also working with startups to raise awareness about intellectual property theft and advocate for government-wide AI adoption. Coming up after the break, my conversation with David Molten, post of Palo Alto Network's podcast, Rec Bector. Stay with us. And now, a word from our sponsor, No Before. Where would infosec professionals be without users making security mistakes? Working less than 60 hours per week, maybe. Actually having a weekend every so often. While user behavior can be a challenge, they can also be an infosec professional's greatest asset once properly equipped. Users want to do the right thing, but often lack the knowledge to do so. That's one of the reasons No Before developed security coach. A real-time security coaching tool that takes alerts from your existing security stack and sends immediate coaching to users who've taken risky actions. Existing security tools will likely block a user from visiting a high-risk website, for example, but the user might not understand why. Security coach analyzes these alerts and provides users with relevant security tips via email or Slack, coaching them on why the action they just took was risky. Help users learn from their mistakes and strengthen your organization's security culture with Security Coach. Learn more at nobefore.com/securitycoach. That's nobefore.com/securitycoach. And we thank No Before for sponsoring our show. The IT world used to be simpler. You only had to secure and manage environments that you controlled. Then came new technologies and new ways to work. Now, employees, apps, and networks are everywhere. This means poor visibility, security gaps, and added risk. That's why CloudFlare created the first-ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business. (upbeat music) - And it is my pleasure to welcome to the show David Molten. He is the host of Palo Alto Networks podcast threat vector. He is also director of Thought Leadership at Palo Alto Networks with Unit 42. Dave, it's great to have you here on the show. - Good to be back, Dave. Thanks for inviting me in. - So threat vector has come a long way since your initial inception of it here. Can we take a minute and sort of go back in time and talk about how threat vector came to be and that journey from where you originally thought it was gonna be and where it is now, which is a weekly podcast all on its own? - Sure, so if we go back, we realize that there was an opportunity to talk to audiences about the interesting, unique work that Unit 42 was doing. So whether that was threat research, getting into some of the matters that our incident response team responded to or even just talking about the threat landscape in general. We wanted to make sure that there was, in fact, an appetite for those stories. And that's where we partnered up with you and we're a segment on Cyberwire Daily on threat vector Thursdays for about six months. Got a really strong response from that and thought, well, let's take it into a larger 30-minute, give or take five minutes, type of conversation, a deeper interview. I'll tell you, it's tough to do an interview and get to something of interest in five, six, seven minutes. You can do it, but I think Mark Twain said I would have wrote a shorter letter if I had more time and that's certainly how the segments fell at times. So we gave ourselves a little bit more room to operate. Now we're looking at Palo as a place that has interesting stories moving beyond just the edges of Unit 42. We'll certainly have our experts, those threat researchers, those incident responders coming in, but we wanted to tell some more stories. In addition to that, we wanted to open up the platform to our customers, to SMEs that have interesting stories. If you look at some of the recent things that we've done, they're not all folks that come in and work at Palo Alto Networks every day. Some of them are using our technology, our services. Others just have interesting security stories and I think that there's room for all of that within threat vector and for our audience. - Give me an idea of what happens internally. At an organization, the scale of Palo Alto Networks, when you go and say, "Hey, I wanna try this thing out." And then I imagine you go back and you say, "You know what, I think we're onto something here." Where does it go from there? - So internally, we looked at our numbers, we looked at listens, streams, those sorts of things, pickups on charts and took those to our leadership. Our CMO is somebody that has a incredible ability to take a look at data, but also has a strong gut. And with the analytics, with the data and then with the story, I think he could, you know, sometimes you work with somebody who knows it when they see it and he said, "Let's bet large on this." The challenge then came from our CEO and the cash is never one to shy away from a challenge. I believe he said, "Get 100 CISOs on the show "before the end of the year." I haven't. That's mathematically impossible, right? But, you know, if you're out there listening, know that you could really help me out. If you've got a CISO title and a great story to tell, to show up on threat vector and we'll get into it, you know, this is a place where we'll talk about industry trends, cybersecurity threats, your strategies, impacts from regulators, those sorts of things that are all part of the purview of security leadership. - So you're into this weekly cadence now and you have a larger palette to tell your stories. You've got more time. What are you looking forward to here as we go out through the rest of this year and beyond? I'm looking forward to bringing some of these incredible stories of our customers on the threat vector. I can't reveal the oil and gas company that I've been talking to until it passes their legal team. It is inspiring and terrifying to sit down with an IR team and to understand what they face, but then the see the energy and the innovation and the willingness to go beyond any level I had any expectation to see when I sat down with those customers. And the same for the customers that have already come on and talked about what they're doing. You know, I think about Gregory Jones and the work that he's doing to protect his university and the man's creativity is boundless. He's got street signs, road signs out there to educate college students on fishing and to protect them. And I think that that gamut of stories and how it impacts our day-to-day lives is really important. And then to mix that in with the SMEs who can bring a different perspective, a deep expert point of view to life. The point of the show is to educate, to entertain and to engage. And that's the opportunity that we have in front of us as a podcast and one that gets me excited every time we light up the mics. - Yeah. Well, David Molten is director of Thought Leadership at Palo Alto Networks with their Unit 42 group, but he is also the host of the Threat Vector Podcast, which you can find right here on the N2K Cyberwire Network. And wherever you get your favorite podcasts, David, thanks so much for joining us. - Thank you, David. (upbeat music) - Most of our listeners who deal with legacy privileged access management products know they tend to be expensive, difficult to deploy and hard to use. Keeper security is the answer. Keeper's Zero Trust solution delivers password, secrets and connection management in one easy to use platform. It's fast to deploy, agentless, clientless and has no implementation fees. Plus, Keeper is FedRAMP authorized. That's why we trust Keeper to prevent breaches and gain full control over privileged users. Visit keeper.io/cyberwire to schedule a quick demo. That's keeper.io/cyberwire. And thanks to Keeper security for supporting our podcast. (upbeat music) (upbeat music) And finally, I'm not telling you anything you don't already know when I say that suddenly it feels like the entire cybersecurity industry has a bad case of AI fever. And it's not just cyber. Every gadget from your toaster to your toothbrush is boasting about its artificial intelligence features. It sounds cutting edge, but hold your enthusiasm. Because a recent study suggests that consumers are actually getting pretty fed up with this trend. According to research published in the Journal of Hospitality, Marketing and Management, mentioning AI and product marketing is becoming a major turn off. A group of 1,000 respondents showed that products described as using AI were consistently less popular. In fact, when AI was mentioned, emotional trust plummeted, leading to decreased purchase intentions. Take for example, a smart TV. When described as having artificial intelligence, consumers reacted with a resounding hard pass. But remove the AI buzzwords and suddenly the same TV was a hot commodity. Washington State University's Mesut Sisek summed it up stating, "including AI in descriptions, bad move, especially for high risk purchases, like electronics or medical devices." And it's not just limited to TVs. The effect was consistent across eight product categories. Even the tech savvy crowd seems to be rolling their eyes at AI hype. The trend speaks to a broader phenomenon. Gartner noted that the generative AI hype has surpassed its peak of inflated expectations, leaving consumers wary of exaggerated promises and astronomical costs. Despite companies cramming AI into every nook and cranny from dating apps to car salesman, buyers are skeptical. Sisek advises marketers to ditch the AI lingo and focus on actual product benefits. Because let's face it, we're all a bit tired of every product pretending it's the next big AI innovation. Time to drop the buzzwords and keep it real. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. We're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. You make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes. Our mixers train Hester with original music and sound design by Elliot Pelsmann. Our executive producer is Jennifer Ivan. Our executive editor is Brandon Carp. Simone Petrela is our president. Peter Kilby is our publisher, and I'm Dave Vittner. Thanks for listening. We'll see you back here tomorrow. [MUSIC PLAYING] [BELL RINGING] [MUSIC PLAYING] This September 18th and 19th in Denver, a tight community of leading experts is gathering to tackle the toughest cybersecurity challenges we face. It's happening at MYs, the unique conference built by practitioners for practitioners. Brought to you by Mandiant, now part of Google Cloud, MYs features one-to-one access with industry experts and fresh insights into the topics that matter most, right now, to frontline practitioners. Register early and save at mys.io/cyberwire. That's mys.io/cyberwire. [MUSIC PLAYING] You
