Secret CISO #3: CISA+NSA warning, Quantum Computers break RSA-2048

Secret CISO #3: CISA+NSA warning, Quantum Computers break RSA-2048
Remote Desktop Hack #3

We're so happy to have you as part of our community of information security leaders. Our goal is to make this newsletter a space where you can connect with peers, share ideas, and support each other in navigating the challenging world of CISO.

We hit a big milestone this week with 147 subscribers and counting! Our target of 100 new subscribers is within reach, and we couldn't have done it without your support. If you know any other CISOs who would benefit from this community, please spread the word and share this newsletter.

We're excited to announce a new Job Openings section, designed to make your job search easier and more efficient. We know it can be tough to search for opportunities on different platforms and websites, so we're bringing the best of the best right to your inbox.

We value your feedback and opinions. Please reply to this email with any suggestions or comments you may have. Your input helps us make this newsletter the best it can be for our community.

Stay connected, stay curious, and let's keep pushing each other to new heights as Secret CISOs.

1. Data Breaches

CISA and NSA highlights RMM phishing, Zack Investment Research breach effect 7 years of signups, Yandex claim ex-employee for stealing 45GB of source code

  1. CISA, NSA, and MS-ISAC released a joint advisory warning about the malicious use of legitimate remote monitoring and management (RMM) software (ScreenConnect and AnyDesk) used in a phishing scam to steal money from bank accounts. The authoring organizations have warned network defenders to apply the recommended mitigations to protect against such malicious use of RMM software. Source: https://www.cisa.gov/uscert/ncas/alerts/aa23-025a
  2. Zacks Investment Research reported a data breach on December 28, 2022, where an unknown third-party had gained unauthorized access to certain customer records. The data breach affected Zacks Elite customers who had signed up between November 1999 and February 2005, and included their name, address, phone number, email address, and password. Zacks has taken immediate measures to enhance its security and is continuing its investigation to evaluate additional measures to protect customer information. Source: https://apps.web.maine.gov/online/aeviewer/ME/40/148eb61f-952a-413a-9549-ccc1247252e3/1a9131a9-d5d3-408f-8546-1230d2d8b234/document.html
  3. Yandex, the Russian technology company, had a source code repository allegedly stolen by a former employee and leaked on a hacking forum as a torrent. The leak consists of 44.7 GB of files stolen from the company in July 2022 and contains all of the company's source code besides anti-spam rules. Yandex has blamed the leak on the former employee and denied any hacks. Source: https://www.bleepingcomputer.com/news/security/yandex-denies-hack-blames-source-code-leak-on-former-employee/?&web_view=true

2. Research

Quantum computer factorized RSA-2048, defenders hacked scammers, DMARC and subdomain takeover

  1. Digitized-Counterdiabatic Quantum Factorization (DCQF) Algorithm: A recent study performed by the Quantinuum team has proposed a non-hybrid approach to tackle the integer factorization problem on a quantum computer. The team compared their approach to Bao Yan et al.'s algorithm which combined Babai's algorithm with the quantum approximate optimization algorithm (QAOA). The new DCQF approach outperforms QAOA techniques in solving the closest vector problem on a lattice, which reduces the problem to an optimization problem. The report explores the possibility of factoring larger numbers using compressed algorithms in quantum computers, and the potential of using analog or digital-analog encoding schemes towards factoring RSA-2048 in the NISQ era. Source: https://arxiv.org/pdf/2301.11005.pdf
  2. SBI Scam: An incident was reported where a scam message was being circulated in the name of SBI Reward Points. Upon investigating the website, the admin panel was found to be vulnerable to SQL Injection on its login page. This allowed attackers to gain access to the panel and potentially steal sensitive information. Source: https://infosecwriteups.com/destroying-the-scammers-portal-sbi-scam-2169e21adeeb
  3. Subdomain Takeover and Email Security: A subdomain takeover is when an attacker gains control over a subdomain of a target domain by hosting their own content for it. This could result in phishing or theft of cookies from impersonated web pages. This article highlights the consequences of subdomain takeover in email security, as well as how attackers can use subdomain takeovers to craft convincing phishing emails. Source: https://www.bencteux.fr/posts/dmarc_relax/

3. Podcasts

The most interesting talks of the week. Enjoy!

1. Episode 1: Defending The Defenders: Lessons Learned As A Cybersecurity CISO

In this episode of Let's Talk SOC podcast, Ken Deitz, Chief Security Officer & Chief Information Security Officer at Secureworks, discusses the challenges CISOs are facing today and shares his insights on how to best address them. The topics covered in this episode include maximizing talent to address risks, the evolution of the role of the CISO, the integration of AI in security tech, focusing on the basics for the biggest dividends, and an overview of Secureworks and its technology security solutions. Ken also shares his thoughts on upcoming security threats and trends in 2023.

Source: https://www.secureworks.com/resources/pc-lets-talk-soc-s02e001

2. In the latest episode of CISO Insiders, we welcome Jim Baskin | Director of Cybersecurity and Compliance at GigNet

Jim Baskin, Director of Cybersecurity and Compliance at GigNet, joins the CISO Insiders podcast for a conversation about his journey into cybersecurity, advice for young professionals just starting out, and the future of the industry. Jim shares the one thing he wishes he knew before beginning his career and provides advice to those interested in becoming a CISO. He suggests going deep or wide in cybersecurity and continuing to learn as the industry changes quickly.

Source: https://cisos-insiders.captivate.fm/episode/ciso-insiders-episode-63-jim-baskin-director-of-cybersecurity-and-compliance-at-gignet

3. Q&A with Steward Health Care CISO Esmond Kane: "Ransomware Actors Are Also Innovating"

Esmond Kane, CISO of Steward Health Care, and former CISO for Harvard, joins healthsystemCIO for an interview about the challenging role of the CISO in today's world. He states that two or three healthcare organizations fall victim to a ransomware attack each day and shares his thoughts on how to fight this growing problem through creativity, perseverance, and innovation. Esmond also discusses his approach to hiring the right candidates for his team and his advice for communicating with the board. He cautions against promising 100% safety as it's not a reality.

Source: https://healthsystemcio.com/steward-health-care-esmond-kane/

4. Job Openings

Look who's hiring! Amazing new opportunities for CISOs

Snap Finance is seeking a Chief Information Security Officer to drive security-related projects, support audits, and lead a team of security engineers. The ideal candidate will have experience in defining and implementing security protocols and will work within budget while meeting the company's expectations. The position is open in Salt Lake City-Metropolitan Area, UT, Costa Rica, Phoenix, AZ, Dallas, TX, or North Carolina.
Source: https://www.linkedin.com/jobs/view/3426707203

Old National Bank is searching for a Chief Information Security Officer to lead an enterprise team of information security specialists and execute intelligence-led security programs. The CISO will be responsible for setting strategies, managing risk policies and practices, and managing internal and external teams. The position is based in the dual headquarters of Chicago and Evansville, IN.
Source: https://www.linkedin.com/jobs/view/3396186671

Crocs is seeking a VP, Chief Information Security Officer to build and lead a high performing team in defining an enterprise-wide cyber security program and risk strategy. The ideal candidate will have experience in relationship building and teamwork, as well as being an innovative thought leader. The position is based in Broomfield and will report to the Chief Information Officer.
Source: https://www.linkedin.com/jobs/view/3448310415

The California State Lottery is hiring a Chief Information Security and Privacy Officer to manage and execute the security and privacy of information technology. The role offers the opportunity to telework and is based in California. The Lottery values diversity, work-life balance, and professional development, and offers a mission-driven work environment.
Source: https://www.linkedin.com/jobs/view/3448310415

💡 "Success is not final, failure is not fatal: it is the courage to continue that counts." - Winston Churchill

That's a wrap for this week's episode of "The Secret CISO"! Here is your digital gift, the cyber dog:

Cyber Dog - the best CISO friend!

We hope you've learned something new and are motivated to keep on learning and growing in your cybersecurity journey. Remember, success and failure are just milestones, it's the determination and courage to continue that truly define your journey. Keep pushing forward and make the most of every opportunity! Until next time, stay safe and secure! 🔒💻

Read more

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Secret CISO 11/24: Niantic's AI Map Data Breach, Baer's Furniture Co. Settlement, Netflix's Worst Leak, Microsoft's Security Failures, Irish Research on NHS Leak, Quantum-Proof Ethereum

Welcome to today's edition of Secret CISO, your daily dose of the most impactful cybersecurity news. Today, we delve into the controversial use of Pokemon Go player data by Niantic to train AI map models, raising serious privacy concerns and potential data breach risks. We also discuss the

By Secret CISO