Easterly to step down, Maxar discloses breach, Microsoft hacking event

Subscribe to Cyber Security Headlines podcast

Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.

In today’s cybersecurity news…

CISA director Jen Easterly to step down

On Tuesday, the U.S. government’s cybersecurity agency, CISA, confirmed that director Jen Easterly and deputy Nitin Natarajan will depart their posts at the agency on January 20. A CISA spokesperson said, “CISA is fully committed to a seamless transition.” Easterly is a decorated intelligence officer and military official. She took control of CISA in 2021, investing heavily in Secure by Design principles, reducing ransomware risk, creating the KEV (Known Exploited Vulnerabilities) catalog and the Shields Up campaign. Under Easterly, CISA has established itself as the go-to agency for federal incident response and cyber mitigation. Howeer, the agency has generated controversy in some circles for not providing substantial ROI for its multi-billion-dollar annual budget. Easterly’s departure comes at a crucial time as the U.S. government scrambles to stave off nation-state intrusions at major telcos and critical infrastructure installations.

(SecurityWeek )

Space tech giant Maxar discloses employee data breach

Hackers using a Hong Kong-based IP address breached U.S. satellite maker Maxar Space Systems. Maxar is a major player in the American aerospace industry, specializing in building communication and Earth observation satellites. Maxar discovered unauthorized activity on its systems on October 11, about a week after the threat actor gained initial access. Maxar said the attacker appears to have accessed some employee data including home addresses, social security numbers, and other PII along with employment data. The company is providing identity theft protection to both former and current employees. Maxar has not commented as to whether any confidential technology data was exposed during the incident.

(Bleeping Computer )

Microsoft launches Zero Day Quest hacking event?

On Tuesday, at its Ignite annual conference in Chicago, Microsoft unveiled Zero Day Quest, a new hacking event focusing on cloud and Artificial Intelligence products and platforms. Zero Day Quest begins with Microsoft offering $4 million in awards to researchers who identify vulnerabilities in high-impact areas, specifically cloud and AI. Throughout the campaign, Microsoft is providing researchers direct access to their Microsoft AI engineers and AI Red Team. Through their vuln submissions, researchers may qualify for next year’s (invite only) onsite hacking event in Redmond, Washington. This challenge kicked off yesterday, is open to everyone, and will run through January 19, 2025.

(Bleeping Computer )

Microsoft’s new Resiliency Initiative aims to avoid another CrowdStrike incident

In other major Microsoft news, the company announced its new Windows Resiliency Initiative, designed to improve Windows security and reliability, ultimately, making it easier for customers to recover Windows-based machines. This follows the CrowdStrike sensor update catastrophe that took down millions of Windows PCs and servers back in July. Windows platform improvements will include stronger controls over what apps and drivers are allowed to run and to allow antivirus processing outside of kernel mode. Microsoft also developed a Quick Machine Recovery feature that enables IT admins to remotely deploy fixes to machines even when they’re unable to boot properly. Microsoft plans to roll out a preview of the new features to the Windows 11 Insider Program community in early 2025.

(The Verge and Bleeping Computer )

Huge thanks to our sponsor, ThreatLocker

Ford investigating hacker data theft claims

On Sunday, the notorious hacker IntelBroker and a hacker called EnergyWeaponUser claimed in a post on BreachForums that they stole sensitive data from Ford Motor Company. The hackers claim the data includes 44,000 customer records, including names, physical addresses, and information on product acquisitions. A data sample made public by the hackers indicates that ‘customers’ may actually refer to dealerships that sell Ford vehicles. So far, the sample data does not appear to be sensitive but does indicate that it came from an internal database. Ford confirmed that they are actively investigating the data breach allegations.

(SecurityWeek )

Akira drops over 30 victims on leak site in one day

Back in April, U.S. government agencies estimated that the Akira ransomware-as-a-service (RaaS) outfit had laid claim to roughly $42 million in proceeds from over 250 critical infrastructure organizations in North America, Europe, and Australia. Last week, security researchers observed Akira adding 32 new victims to the ‘Leaks’ section of itsTor-based site between November 13 and November 14. Most of the newly added victims are U.S.-based. The researchers said there is no apparent reason for the threat actor to drop so many victims all at once and warned that Akira’s activity will likely continue to ramp up.

(SecurityWeek )

New ‘Helldown’ ransomware variant expands to VMware and Linux systems

Cybersecurity researchers say that an aggressive ransomware group, dubbed Helldown, have recently expanded its scope to target ESX and VMware with a new ransomware variant. Researchers first identified the gang in August, targeting Windows systems of at least 31 organizations with ransomware derived from LockBit 3.0 code. The new Linux variant lacks obfuscation and anti-debugging mechanisms but lists and kills all active virtual machines (VMs) before ultimately deploying file encryption. Helldown infiltrates target networks by exploiting security vulnerabilities, favoring an attack chain that exploits bugs in Zyxel firewalls. Helldown pressures victims into paying ransoms by encrypting their data and threatening to publish their stolen data, a tactic known as double extortion.?

(The Hacker News )

Ransomware gangs now recruiting pen testers

According to a new report from Cato Networks, ransomware gangs such as Apos, Lynx, and Rabbit Hole are posting job listings on the Russian Anonymous Marketplace (RAMP) to recruit pen testers to join their ransomware affiliate programs. Penetration testing simulates common attacks in order to identify gaps and system vulnerabilities and gauges the strength of an organization’s cyber defenses. These new recruitment efforts are the latest example of the professionalization of Russian cybercriminal groups.

(Infosecurity Magazine and Dark Reading )