IANS Podcasts

Join IANS Faculty Jake Williams and Jessica Hebenstreit in the first episode of IANS AI Deep Dive Series for security professionals. This episode will cover:

• Foundational AI Concepts such as non-determinism and how to communicate these concepts to the board to build security awareness around GenAI and LLM’s.
• What considerations need to be made in determining use cases for AI are aligned with the needs of your organization.
• Examples of real world use cases, where security plays a role, and where security teams can leverage AI.

Interested in more AI content? Check out ⁠IANS AI Resources page⁠⁠ and sign up for our AI Playbook series.

• Key cybersecurity budget data as reported by CISOs.
• Overarching market trends influencing budget conversations.
• Advice on how to navigate complex budget conversations and get the support your team needs.

Interested in learning more about IANS and Artico's budget findings? Download ⁠IANS Security Budget Benchmark Summary Report⁠!

• North Korean Hackers Target Devs via NPM Packages - Recent reports show North Korea is intensifying its “Contagious Interview” campaign, with the latest round squarely targeting developers.
• CISA, FBI Advisory for RansomHub Ransomware - Recent warnings from the FBI, CISA and other agencies highlight a significant uptick in ransomware attacks by the RansomHub group, responsible for over 200 incidents since February 2024.
• Largest DDoS Attack and A New Mirai Botnet - On August 25th, Global Secure Layer reported mitigating what appears to be the largest packet rate DDoS in history. Targeting a Minecraft service, the peak packet rate of the DDoS attack reached 3.15 billion packets per second, reportedly about 3.2 times the volume of the previously largest attack.

• Azure's DDoS Outage - Microsoft experienced a major outage in its Azure service at the end of July, which it later attributed to an ongoing DDoS attack. Numerous Azure and M365 services were impacted, including Entra, Intune, Purview, Azure Policy and more.
• Malware Delivery via Cloudflare Tunnels - Cloudflare Tunnels (similar to VPN tunnels from Cloudflare) have been heavily involved in malware dissemination campaigns. Numerous actors have used these through the TryCloudflare free service to distribute remote access trojans (RATs) like VenomRAT and Xworm.
• ISP DNS Poisoning for Chinese Malware Delivery - A Chinese threat actor (known commonly as StormBamboo, Evasive Panda and StormCloud) has been using DNS poisoning attacks against ISPs to deliver malware through fake automatic updates. Organizations querying the legitimate automatic update domains were seeing malware delivery through modified responses.

• Phone Numbers Leaked in Twilio Breach - On July 1, 2024, Twilio posted a security alert on their site indicating the Authy service had a security incident following an announcement by the ShinyHunters hacking group in late June on BreachForums where they disclosed the leaked data for 33M Authy users.
• Critical Vulnerabilities in Rockwell Automation PanelView Plus - The Microsoft Defender for IoT research team was able to identify and surface vulnerabilities in PanelView Plus, determined during an investigation where application behavior and the lack of encryption raised concerns.
• HealthEquity Suffers Data Breach - On July 2, 2024, HealthEquity filed a Form 8-K with the SEC that declared a cybersecurity incident and detailed a compromise of a partner’s account and data leak of protected health information (PHI) for its customers.

• Snowflake Incident and the Data Breach Fallout - Snowflake, a cloud analytics and storage company, suffered an incident which led to a compromise of multiple Snowflake tenants from that point on.
• SOHO Routers—a New Attack Surface? -Microsoft's threat intelligence team has found that attackers have increased their focus on exposed OT devices since late 2023, potentially leading to a wider range of compromise scenarios.
• Brokewell Malware Takes Over Android Devices -In a newly published research report from Lumen Technologies, a strain of malware they’ve dubbed Chalubo was apparently responsible for a huge attack against small office and home office (SOHO) routers in 2023. This malware incident took place over a 72-hour period between October 25 and 27, rendered the infected devices permanently inoperable.

• Kaiser Notifies Millions of Data Breach - 13.4 insured people and patients will be receiving breach notices that their protected health information may have been compromised - considered the largest health-related data breach of 2024 to date.
• Criminals Exploit CrushFTP Vulnerability -Adversaries are exploiting a vulnerability in CrushFTP to gain remote code execution (RCE). The vulnerability (CVE-2024-4040) combines server-side template injection with a virtual file system sandbox escape to allow attackers to read and execute files as root on Linux systems hosting CrushFTP.
• Brokewell Malware Takes Over Android Devices -Discovered and documented by researchers at ThreatFabric, Brokewell is malware running on Android phones and devices.

• Microsoft Source Code Stolen - Microsoft has revealed that the Russian 'Midnight Blizzard' hacking group gained access to source code and internal systems with harvested authentication tokens and credentials.
• Chinese Cranes: Possible Espionage? - In March of 2023, the U.S. Pentagon reported that Chinese-manufactured cranes in U.S. ports may contain monitoring equipment used in long-range espionage. After a yearlong investigation, these concerns are proving to be accurate.

• Change Healthcare Impacted by Cyber Attack - Explore the impacts of Change Healthcare's recent BlackCat breach.
• I-Soon Hackers for Hire Used by Chinese Government Agencies - Last week, leaks surfaced on Github that various Cinese government agencies have been using hackers for hire as part of an ongoing campaign to break into foreign governments and telecoms.
• NIST CST 2.0 - In addition to the original five core pillars of NIST CSF, "govern" was added with the goal of helping organizations incorporate cybersecurity risk management into enterprise risk management.

• Shim Secure Boot Bypass Vulnerability - New vulnerabilities in the Shim service are being used to securely boot on Linux. Impacted systems that use HTTP boot services risk full compromise of the device.
• New Fortinet Vulnerabilities - Following the announcement of CVE-2024-21762 from Fortinet, CUSA quickly added the vulnerability to its Known Exploited Vulnerabilities list, indicating it has reports of threat actors using it in the wild.
• Additional Ivanti Disclosures - Ivanti has disclosed additional security vulnerabilities in it's Pulse line of VPN products.

• China Targeting U.S. Infrastructure - The director of the FBU discolsed that China's "Volt Typhoon" group is ramping up hacking operations aimed at critical infrastructure in the United States in the event of a conflict over Taiwan.
• Ivanti: CISA Sets 48-hour Deadline for Removal - The CIA issued a directive that gave federal agencies using Ivanti Connect Secure or Ivanti Policy Secure solutions less than 48 hours to disconnect all instances and take specific steps to put it back into production.
• Cloudflare Hacked With Stolen Okta Auth Tokens - The Okta breach of 2023 left in it's wake lost tokens and service account credentials related to Cloudflare, since a victim of nation-state actor infiltration. This is how they addressed it.