Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024.
Selected Reading
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica)
Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes)
Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek)
D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer)
Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record)
New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC)
Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens)
Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine)
CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop)
How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices
You're listening to the CyberWire network, powered by N2K. Defense contractors face immense pressure to comply with CMMC 2.0 security standards, needing a secure, user-friendly file-sharing solution. KiteWorks, a FedRAP moderate authorized solution, supports nearly 90% of CMMC 2.0 level 3 requirements, reducing compliance effort and cost. KiteWorks leverages a zero-trust framework for swift compliance and offers a secure platform for defense data protection needs with advanced security features and ease of use. Its intuitive UI, mobile apps and centralized policy management simplify administration. Accelerate your CMMC 2.0 compliance and address federal zero-trust requirements with KiteWorks universal secure file-sharing platform made for defense contractors. Visit kiteworks.com to get started. Researchers find Yuba Keys vulnerable to cloning, Google warns of a serious zero-day Android vulnerability, Zizal releases patches for multiple vulnerabilities, D-Link urges customers to retire unsupported vulnerable routers, hackers link to Russia and Belarus target Latvian websites, the FTC reports a sharp rise in Bitcoin ATM-related scams, Dutch authorities find clearview AI over 30 million euros over GDPR violations, threat actors are misusing the macro pack red team tool to deploy malware, SISA shies away from influencing content moderation, our guest is George Barnes, cyber practice president at Red Cell Partners and former deputy director of NSA, discussing his experience at the agency and now in the VC world. And unauthorized Wi-Fi on a Navy warship leads to court marshals. It's Wednesday, September 4th, 2024. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us once again. It is great to have you with us. The Yuba Key 5, a widely used two-factor authentication device, contains a cryptographic vulnerability that allows it to be cloned if an attacker gains temporary physical access. The flaw, called a side-channel attack, exists in the microcontroller used in Yuba Keys and other security devices like smart cards and passports. Researchers from Ninja Lab found that Yuba Keys running firmware versions before 5.7 are vulnerable due to issues in Infineon's cryptographic library. This flaw allows attackers to extract secret keys by measuring electromagnetic radiation during authentication. Cloning the device requires specialized equipment costing about $11,000 and physical access to the key, making it a highly sophisticated attack. While Yuba Co. has updated its firmware, affected Yuba Keys can't be patched, leaving them permanently vulnerable. The attack is unlikely to be widespread, but poses a significant risk in targeted high-stakes scenarios. Despite the flaw, phyto-compliant authentication remains one of the most secure methods when used carefully. Google has released the September 2024 Android security update, warning users of a serious zero-day vulnerability. This high-severity flaw affects the Android framework and could lead to local privilege escalation, allowing attackers to gain elevated access without additional execution permissions. The vulnerability was first identified in the June Pixel Security update and has since been exploited in limited targeted attacks. It's now been added to the US Cybersecurity and Infrastructure Security Agency's known exploited vulnerabilities catalog. Google urges all Android users to update their devices immediately to mitigate the risk. In total, the September update addresses 10 high-severity vulnerabilities within the Android framework and system. Zizal has released patches for multiple vulnerabilities in its networking devices, including a critical OS command injection flaw affecting 28 access points and one security router model. This flaw, with a CVSS score of 9.8, allows remote, unauthenticated attackers to exploit the devices via crafted cookies. Additionally, Zizal fixed seven vulnerabilities in its firewall products, with some requiring authentication. A high-severity buffer overflow issue impacting over 50 products was also addressed. Hatches are available, but some users must contact support for updates. Dealing has issued a warning about four remote code execution vulnerabilities affecting all hardware and firmware versions of its DIR 846W router. These flaws, three of which are critical and require no authentication, will not be fixed as the product has reached end-of-life and is no longer supported. Although no proof-of-concept exploits have been published yet, Dealing advises users to retire the router immediately due to security risks. If replacement is not feasible, users should update the firmware, use strong passwords and enable Wi-Fi encryption. These vulnerabilities could be exploited by malware botnets like Mirai, making it crucial to secure devices before further exploitation. Latvian government and critical infrastructure websites are facing increased cyber attacks from politically motivated hackers linked to Russia and Belarus, according to Latvian cyber security officials. The goal is to disrupt access primarily through DDoS attacks rather than steal sensitive data. The attacks have surged since Latvia's recent aid package to Ukraine, which includes drones and air defense systems. Activist groups like No Name O5-7-16 have claimed responsibility openly supporting Russian aggression. Latvia has been targeted frequently since Russia's invasion of Ukraine with attacks on government, critical infrastructure and businesses. Despite being well-prepared, Latvia's cert acknowledges the challenge as attackers frequently adapt. These cyber attacks are part of a broader hybrid war aimed at destabilizing society and undermining trust in state institutions. The Federal Trade Commission reports a sharp rise in Bitcoin ATM-related scams, with consumer losses jumping nearly tenfold since 2020, reaching over $110 million in 2023. In the first half of 2024 alone, scam losses exceeded $65 million, with older adults being particularly targeted. Scammers impersonate government or business officials and pressure victims to deposit cash into Bitcoin ATMs, which then transfers the money directly to the scammers. The median loss in these scams is $10,000. The FTC urges caution and provides tips to avoid falling victim. The Dutch Data Protection Authority has fined Clearview AI 30.5 million euros for violating the general data protection regulation by building an illegal facial recognition database with billions of photos, including those of Dutch citizens. Clearview automatically scraped these photos from the internet without individual's consent and converted them into unique biometric codes. The DPA also issued penalties for noncompliance, potentially adding 5.1 million euros. The DPA warns Dutch organizations against using Clearview's services, stating it's illegal under GDPR. Despite previous fines from other authorities, Clearview has not changed its practices. The Dutch DPA is investigating holding Clearview's management personally responsible for the violations. Cisco Talos researchers have found that threat actors are misusing a red team tool, Macropack, to deploy malware via malicious Microsoft documents. These documents, uploaded to virus total between May and July 2024, originated from various countries including China, Pakistan, and Russia. Macropack, originally intended for red team exercises, generates payloads that can evade anti-malware tools by obfuscating code and renaming variables. The malicious files delivered payloads like the Havoc and Brute Ratel frameworks and a variant of the Phantom Core Remote Access Trojan. While Macropack is designed for legitimate security testing, its free version is being exploited for malicious purposes. The documents used different lures, including military themes, leading researchers to conclude that multiple threat actors are leveraging Macropack to deploy their malware. In a briefing with reporters Tuesday, CISA leaders expressed confidence in the security of U.S. election infrastructure for the 2024 elections, citing significant improvements since 2016. However, the agency will no longer petition social media platforms to remove false or misleading posts about elections. CISA director Jen Easterly clarified that their role is to address threats to election infrastructure, not content removal. Instead, CISA will focus on collaborating with tech companies and election officials on security measures while directing voters to accurate information sources. This marks a shift from previous efforts as the agency faced criticism and legal challenges regarding content moderation. CISA now emphasizes proactive communication by election officials to combat misinformation, citing recent successful coordination in New Hampshire as a model for responding to disinformation campaigns. Coming up after the break, my conversation with George Barnes, cyber practice president and partner at Red Cell Partners and former deputy director of NSA. Stay with us. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by Databrokers, so I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of Databrokers. I finally have peace of mind, knowing my data privacy is protected, delete me's team does all the work for you with detailed reports, so you know exactly what's been done. Take control of your data and keep your private life private by signing up for delete me. Now at a special discount for our listeners, today get 20% off your delete me plan when you go to join delete me dot com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to join delete me dot com slash N2K and enter code N2K at checkout. That's join delete me dot com slash N2K code N2K. When it comes to ensuring your company has top notch security practices, things can get complicated fast. Vanta automates compliance for SOC 2, ISO 27001, HIPAA and more saving you time and money. At Vanta you can streamline security reviews by automating questionnaires and demonstrating your security posture with a customer facing trust center. Over 7,000 global companies like Atlassian, Flow Health and Quora use Vanta to manage risk and prove security in real time. Our listeners can claim a special offer of $1,000 off Vanta at Vanta dot com slash cyber. That's V-A-N-T-A dot com slash cyber for $1,000 off Vanta. George Barnes is cyber practice president and partner at Red Cell Partners. He's former deputy director of NSA and judge of the upcoming 2024 data tribe challenge. Actually, this is my first introduction to the data tribe challenge. I just retired from the national security agency back in September almost a year ago. I joined the world of startups and cybersecurity startups. I guess what you might refer to is a bit of a sister company called Red Cell Partners. I ended up meeting one of the co-founders, Mike Janky, because of my new position and because of my past. I have not had much exposure to data tribe other than through its reputation, which stands tall, a great reputation many years now in the business of wonderful companies that have been started, some of which I actually work with today. I just was very interested in joining up and working with them as peers so we can learn from each other. I should mention for full disclosure that N2K cyber wire is a data tribe company. There you go. This is I suppose many would describe it as being sort of a shark tank like event where a number of hopeful startups founders get in front of an audience of judges, but then a few hundred people there as well in the crowd and they give their best pitch. They make their case for why they should move forward and be funded by data tribe. Why do you suppose this format is an effective one for this sort of thing? I think one of the things this format can do is it can enable a founder A to be exposed and communicate about what they hope to be there offering, but likewise it gives us the judges and then the decision makers in this case of course a data tribe and ability to really understand what's the depth behind the voice. Many people can speak very eloquently, but when tested in bidirectional Q&A we test depth. That's one of the things that this type of a format enables is an ability to not only ensure that the would-be founder can articulate the wherewithal about their product and their aspirations for its trajectory and perhaps the research they've done about the market they hope to enter and conquer, but it also gives a chance for us to really get a sense of how the fluidity with which they speak and the fluidity speaks to knowledge, depth, conviction and so a lot can come out from the interpersonal dynamics when you're talking, but of course in the end it's all about the content too. You know, I hear the folks at data tribe talk about being right here in the shadow of NSA, which is your former place of employment here. Can you touch on that element of it, this sort of this startup energy that comes from having NSA right here in the midst of us? Certainly. It is an energy and I witnessed that from a challenging perspective when I was at NSA as a leader only because one of the things that NSA has to do is try to keep talent on board and in place and I think for the good of the country one of the things that has happened as various technical operational pursuits that were taking place inside NSA found themselves really being necessitated by market pressures, in this case cyber security is something that affects every single one of us professionally and personally and so on the one hand I was very proud that many people who got their start in NSA found an ability to understand the nature of the environment, the threat, the technology and to turn that into prospects to create companies in value and in return that value makes us all safer and so that was the good side of course the challenging side was trying to keep our attrition low for those people that had those skills but bottom line we were enriched and it was incumbent upon me as a leader at NSA and our leadership team to create an environment where people felt they were engaged, they were included, they had connectivity to the mission and its impacts and then some of them invariably took that and out into the private sector and it's paid dividends for them but it's also paid dividends for the the various products and service offerings that many of them have had a lot of the several the companies that data tribe has founded were founded by folks that left NSA and so I'm proud of that and especially now that I'm on the other side, on the outside I see the value again my company is based in McLean, Crystal's not Crystal City but Tyson's corner area but it's still in the greater Baltimore Washington area which has a lot of influence from NSA and I think that's a great thing. As a judge for the upcoming data tribe challenge do you have any tips or words of wisdom for those who are going to be presenting and any specific things that you'd like to see? Yeah I think one of the key things gets into the connection but the difference between having a great technical solution and having a solution that can actually get traction in the market and how big that market might be and a lot of founders have not founded before some have and one of the things that tests every founder is this whole issue of market pressure, market reality, market uptake and really understanding how to characterize the market opportunity in a way that doesn't fall apart at first contact and I think that's really the key. I've spoken to a lot of people who have had wonderful ideas but if there's not a receptive market or if the integration of your idea into the market is too disruptive you will have a hard time in many cases getting traction and therefore having a viable company and so I think that's really there are a lot of wonderful technical solutions out there many of which unfortunately are not market worthy. That's George Barnes, cyber practice president and partner at Red Cell Partners and former deputy director of NSA. You can learn more about the data tribe challenge through the link in our show notes. Submit your startup to potentially be selected to be part of a startup competition will like no other by September 27th 2024. The IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flair created the first ever connectivity cloud visit cloudflair.com to protect your business everywhere you do business and finally imagine being stuck on a navy ship in the middle of the ocean with no Wi-Fi for most sailors that's a harsh reality during deployment but for the chief aboard the combat ship Manchester that wasn't a problem they had their own secret Wi-Fi network lovingly named stinky in a plot that sounds straight out of a bad sitcom senior enlisted leaders led by then command senior chief Grisele Marrero secretly installed a star link satellite dish for their private use while everyone else on board endured internet deprivation the chiefs enjoyed streaming texting and checking sports scores the covert operation involved sneaking the dish onto the ship setting up payment plans and even renaming the Wi-Fi to look like a harmless printer network when suspicions arose but eventually the jig was up thanks to a nosy civilian tech installing authorized navy equipment when the truth surfaced Marrero tried to cover her tracks even doctoring data charts to hide her internet use however she finally confessed and was court-martialed stripped of rank and sentenced for her egregious misconduct in the end the unauthorized Wi-Fi may have helped the chiefs catch up on Netflix but it posed serious risks to the ship's security they say loose lips sync ships but in this case it was loose internet connections that torpedoed the chiefs and that's the cyberwire or links to all of today's stories check out our daily briefing at the cyber wire dot com we'd love to know what you think of this podcast your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cyber security if you like our show please share a rating and review in your favorite podcast app please also fill out the survey in the show notes or send an email to cyberwire at n2k.com we're privileged that n2k cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector from the fortune 500 to many of the world's preeminent intelligence and law enforcement agencies n2k makes it easy for companies to optimize your biggest investment your people they make you smarter about your teams while making your team smarter learn how at n2k.com this episode was produced by Liz Stokes our mixer is Trey Hester with original music and sound design by Elliot Peltzman our executive producer is Jennifer Ivan our executive editor is Brandon Karp Simone Petrella is our president Peter Kilpe is our publisher and I'm Dave Bitner thanks for listening we'll see you back here tomorrow [Music] this September 18th and 19th in Denver a tight community of leading experts is gathering to tackle the toughest cyber security challenges we face it's happening at mys the unique conference built by practitioners for practitioners brought to you by mandiant now part of google cloud mys features one-to-one access with industry experts and fresh insights into the topics that matter most right now to frontline practitioners register early and save at mys.io/cyberwire that's mys.io/cyberwire (gentle music)
