ONCD consolidates power, undocumented Bluetooth commands, Japan NTT Breach
In today’s cybersecurity news…
ONCD set to consolidate power in U.S. cyber
The Office of the National Cyber Director (ONCD) is poised to gain strength and will operate as the executive branch for cybersecurity policy. Sean Cairncross was selected by the president to lead the office. While he has no experience as a cybersecurity leader, it is believed his “close personal ties to the president are … a significant asset for the office, which until now has been overshadowed by the National Security Council (NSC).” This is the position previously held by Harry Coker. The ONCD is being described as the pinnacle, guiding the NSC which does foreign policy and offensive cyber, and CISA, which takes care of doing domestic and defensive.
Undocumented commands found in Bluetooth chip used by a billion devices
As described in BleepingComputer, “the ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023, contains undocumented commands that could be leveraged for attacks. The undocumented commands allow spoofing of trusted devices, unauthorized data access, pivoting to other devices on the network, and potentially establishing long-term persistence.” Researchers from Tarlogic Security, speaking at RootedCON in Madrid point out that ESP32 is “one of the world’s most widely used chips for Wi-Fi + Bluetooth connectivity in IoT (Internet of Things) devices, so the risk is significant.”
Japanese telecom NTT breach affects 18,000 companies
A warning from one of Japan’s largest telecoms providers – a breach, discovered last month has likely compromised the data of approximately 18,000 corporate customers. The hackers breached NTT’s Order Information Distribution System, which contained basics details on corporate customers such as contract numbers, physical address and service usage information, but no data on individual consumers, and no contracts for corporate smartphones and mobile phones provided directly by NTT Docomo.
Signal President Meredith Whittaker calls out agentic AI on security and privacy
Speaking at the SXSW conference in Austin, Texas, Whittaker, well known as an advocate for secure communications, described the use of AI agents as “putting your brain in a jar,” and warned that this technique in which AI apps perform tasks on users’ behalf has a “profound issue” with both privacy and security. Referring to getting AI to deliver such conveniences such as looking up concerts, booking tickets, scheduling the event on your calendar, becomes a form of root permission that allows the bots to review credit card activity and other data. She pointed out that such muddying of the waters is a direct result – and intention of AI industry built on a surveillance model with mass data collection.(TechCrunch)
Thanks to today’s episode sponsor, Vanta
Texas border city declares state of emergency after cyberattack
The city of Mission, Texas, which sits on the border with Mexico, filed a state of emergency declaration this past week, after a cyberattack forced the shutdown of much of its network. The mayor, Norie Gonzalez Garza urged Texas governor Greg Abbott on Tuesday to “declare a more expansive state of emergency for the city while she filed a local state of disaster declaration herself.” She described the situation to Governor Abbott as “a cybersecurity incident such that the entire city computer server is at severe risk of a cyberattack that could release protected personal information, protected health information, civil and criminal records, and/or any and all other data held by the City of Mission and all departments within the city.”
Malicious use of Cobalt Strike down 80% says Fortra
A global crackdown has reduced the use of unauthorized copies of Cobalt Strike by 80% in the past two years, according to security firm Fortra. Originally developed for penetration testing, older versions of Cobalt Strike have been widely exploited by cybercriminals. Since 2023, Microsoft, Health-ISAC (Health Information Sharing and Analysis Center), and Fortra have worked to disrupt illegal copies used in cyberattacks. A 2023 U.S. court order enabled them to dismantle malicious infrastructure by collaborating with ISPs and CERTs to take down command-and-control servers. This effort has significantly hindered attackers who rely on Cobalt Strike for spearphishing and network infiltration.
UK banks ordered to compensate customers for outages
Nine major UK banks and building societies (the UK version of a credit union) were found to have accumulated the equivalent of 33 days of tech outages in the past two years, according to figures published by a parliamentary Treasury group, and must now deliver compensation payments amounting to £12.5m. The data does not include the Barclays Bank outage in January or the Lloyds Bank outage last week. The committee’s chair, Dame Meg Hillier, sympathized with working people and companies for whom “losing access to banking services on payday can be a terrifying experience.” But Patrick Burgess of the UK’s Chartered Institute for IT, says the findings “once again highlight that the traditional banking sector hasn’t kept pace with the investment needed to modernize its infrastructure.”
(BBC News)
Fired developer sabotages company with kill switch
A former senior software developer is now facing up to 10 years in prison for leaving a kill switch behind following his demotion and termination. Davis Lu, 55, of Houston, Texas, had been coder for power management company Eaton Corporation between November 2007 and October 2019. Following a corporate restructuring in which his position, responsibilities, and access were reduced Lu write a Java code that would release “an infinite loop, creating more and more non-terminating threads that would consume more and more resources until the computer running the code crashed and prevented people from logging in and using the machine. On the day he was let go, the application noticed the revocation of his credentials, and launched itself, locking thousands of employees around the world out of the network, and causing hundreds of thousands of dollars in damage.