Secret CISO #8: Stanford, U.S. Marshals Service, and gun owners hacks
Dear CISO subscribers,
The Secret CISO email newsletter has hit an exciting milestone - we now have over 1000 subscribers in just 7 weeks/episodes! This is a testament to the relevance and importance of our content, and we want to express our gratitude to each and every one of you for your support.
As we move forward, we aim to double our subscriber count in the next 3 episodes, reaching 2000 subscribers in just 10 weeks/episodes. We know that this is an ambitious goal, but we are confident that with your help, we can achieve it.
We would like to take this opportunity to thank everyone who has shared our newsletter with their colleagues and networks. Your support has been instrumental in helping us reach this milestone, and we truly appreciate it.
We urge you to continue sharing our newsletter with your colleagues and contacts in the CISO community. Our focus on CISO values and insights is designed to provide you with actionable information to help you navigate the complex and ever-changing cybersecurity landscape.
1. Data Breaches
Half a million gun owners' data stolen, Stanford and U.S.Marshals Service confirmed data breaches
Hackers got data from over 550,000 gun buyers and sellers
The stolen data could reveal a particular person's sale or purchase of a specific weapon, and this information could be used to locate the seller or the location of the gun, including users, including full names, home addresses, email addresses, passwords, and telephone numbers. The website, GunAuction.com, has confirmed the data breach, and the FBI has contacted the company about the possibility of a data breach. Gun owners' sensitive information has been previously exposed, including personal data mistakenly leaked by California's Department of Justice last year.
Source: https://techcrunch.com/2023/03/02/hackers-steal-gun-owners-data-from-firearm-auction-website
Stanford University data breach exposed admission information for the Economics Ph.D. program
The incident occurred between December 2022 and January 2023, and personal and health data of 897 candidates who submitted their applications to the program were accessed without authorization. The breach was caused by misconfiguration of folder settings, leading to unrestricted access to confidential application materials. While two downloads of the materials were made, no evidence of exploitation was found by the university's cybersecurity experts. Stanford University has taken swift action to prevent such incidents from occurring in the future, including reviewing and updating its security policies and procedures and conducting mandatory retraining sessions for its faculty and staff.
Source: https://gbhackers.com/stanford-university-data-breach/
U.S. Marshals Service Hit by Major Cyberattack with Sensitive Data Compromised
The U.S. Marshals Service has experienced a major ransomware attack, compromising its sensitive information, including law enforcement materials and personal data of employees and potential targets of federal investigations. The attack was discovered on Feb. 17 and was deemed a "major incident" by officials. The cybercriminals accessed administrative data, personal information of certain employees, and sensitive law enforcement information. The Department of Justice has initiated a forensic investigation, and the agency has created a workaround to continue its investigations into fugitives. The Biden administration is poised to release its National Cyber Strategy as soon as this week to fill national security gaps in the wake of massive breaches.
2. Research
Nintendo DSi exploited, Cisco AnyConnect Drop and Runs, RIG exploit kit in-depth analysis report
Hackers exploit 15-year-old Nintendo DSi browser using Opera 9.50
On March 2, 2023, a cybersecurity researcher announced that they had successfully exploited the Nintendo DSi browser using Opera 9.50. After six months of research, the researcher used the browser's lack of security mitigations to execute the exploit. The browser uses Opera 9.50 with no security mitigations, making it easy to exploit. The DSi does not have an operating system, making it more susceptible to cyberattacks. The browser had enough privileges to run most homebrew, but not enough to gain persistence across boots without another exploit.
Source: https://farlow.dev/2023/03/02/hacking-the-nintendo-dsi-browser
Leveraging Cisco AnyConnect Client to Drop and Run Payloads
Researchers have discovered a technique to use Cisco AnyConnect client to deliver payloads during red team engagements. The tool was released by NCC Group and can be found on their Github page. As many users are working from home and are familiar with the VPN concept, successful social engineering efforts can be made using a VPN-related pretext. TLS VPN connections are unlikely to be forced through a proxy, making it a useful vector for payload deployment. The VPN server can execute arbitrary code on any connecting client, which can be useful for initial access into an environment.
RIG Exploit Kit: the most recent in-depth analysis report
The financially-motivated program has been active since 2014 and uses malvertising to ensure a high infection rate and worldwide coverage. RIG EK mainly exploits machines that run outdated versions of Internet Explorer, which remains a considerable vulnerability for many machines worldwide. The exploit kit infects devices with little to no interaction from the end user and uses proxy servers to make infections harder to detect. RIG EK drops multiple types of malware, including Dridex, which appears to be one of the most well-maintained malware with the most regular updates, indicating a close relationship between the developer of Dridex malware and the RIG's admins.
Source: https://www.prodaft.com/m/reports/RIG___TLP_CLEAR-1.pdf
3. Podcasts
"Connect from Anywhere" Becomes Reality: Experts Discuss Network and Security
In this episode, our experts explore the exciting developments in the world of network and security, particularly in the context of the "Connect from Anywhere" trend. With 5G connections set to exceed one billion by the end of the year, industries ranging from healthcare to retail to manufacturing are eagerly adopting this technology. However, the size and complexity of IoT networks also present new vulnerabilities that require extra layers of security to mitigate risks. Our experts dive into the ways in which security and resiliency on the edge are becoming increasingly critical in enabling successful network deployments. Join Chris Novak, Jennifer Varner, and Kris Lovejoy as they provide their insights on this rapidly evolving landscape.
Listen: https://podcasts.apple.com/us/podcast/the-progress-report/id1627095388?i=1000601087174
Emerging technologies and signals intelligence with Dr Miah Hammond-Errey
The authors cover ASD's role in Australian intelligence, offensive and defensive operations, cybercrime, and the Russia-Ukraine conflict. They also discuss the security of everyday technology, the Optus and Medibank hacks, international standards, and the value of creativity and vulnerability for leadership in intelligence. Jess is a First Assistant Director-General at the ASD and has worked in the intelligence and security community for almost 20 years. The podcast is hosted by Dr Miah Hammond-Errey, the inaugural director of the Emerging Technology program at the United States Studies Centre.
Listen: https://au.chartoo.com/itunes/podcast/1674686116-technology-and-security-ts
US Marshals Service suffers data breach due to ransomware attack, while Blind Eagle uses OneNote attachments to spread Qakbot malware
Meanwhile, Dish experiences a multi-day outage after a reported cyber attack. CyberWire also reports on Ben Yelin's analysis of the Supreme Court's hearing on a section 230 case, Mr Security Answer Person John Pescatore's thoughts on Chat GPT, and CISA Director Easterly's call for vendors to make software secure-by-design. Finally, the newsletter provides links to further reading on the cyber attacks and cybersecurity practices.
Listen: https://www.ivoox.com/en/data-breach-at-the-us-marshals-service-blind-audios-mp3_rf_103841630_1.html
4. CISO Job Postings
Ochsner Health is seeking a VP and Chief Information Security Officer to oversee system-wide cybersecurity functions
The role involves quantifying organizational cyber risks, developing cybersecurity strategic plans, aligning tactical efforts, and ensuring the effectiveness and sustainability of cyber controls. The successful candidate will also be responsible for evaluating the changing threat landscape and ensuring the organization is appropriately prepared to identify, detect, protect, respond, and recover from cyber incidents. Applicants must have a bachelor's degree and 10 years of information technology/cybersecurity experience, with at least three years in a cybersecurity/IT leadership role. A master's degree in computer science, cybersecurity, computer engineering, or related and Professional Security Management Certification are preferred.
Apply now: https://www.linkedin.com/jobs/view/3475479961
SMX is hiring a Deputy Chief Information Security Officer (CISO) to coordinate and implement the company's enterprise information security strategy
The position will serve as a liaison between SMX's Strategy and Technology organization and business support and customer delivery programs. The ideal candidate should have a strong background in information security, risk management, incident response, zero trust architecture, and security technologies. They should also possess excellent communication and leadership skills and the ability to build partnerships with stakeholders across the organization. This role is remote, and up to 20% travel may be required. The candidate must have a Bachelor of Arts in computer science or information security or 12+ years of experience in lieu of a degree. Industry-standard certification, such as CISSP, CISM, CISP, CISA, or Security+, is desired. The selected applicant will be subject to a background investigation.
Apply now: https://www.linkedin.com/jobs/view/3509314168
The Los Angeles Times is seeking a Chief Information Security Officer to establish, lead, and maintain its information security program
The ideal candidate should have experience in managing and supporting data incidents and breaches, knowledge of relevant legal and regulatory requirements, and be familiar with data protection and privacy laws. The position requires excellent communication skills, the ability to manage multiple projects under strict timelines, and proficiency in process formulation and improvement. The Chief Information Security Officer will develop and implement a world-class information security program, facilitate an information security governance structure, oversee data collection and privacy practices, and build external networks. The position requires a bachelor's degree in a related field or equivalent experience, CISSP certification, and a CISM certification is desired. The salary range for the position is $240,000 to $260,000, and the Los Angeles Times is a mandatory vaccination employer for COVID-19 and its variants.
Apply now: https://www.linkedin.com/jobs/view/3399613639
Final Words
Thank you for taking the time to read The Secret CISO #8! We hope that the insights shared by our anonymous CISO have been helpful and informative. As a token of our appreciation, we would like to offer you a digital pony gift:
We also want to encourage you to share this free community project with your colleagues and peers in the industry. The more people we can reach, the more we can learn from each other and improve the state of cybersecurity. So, please spread the word and help us grow this community!
Thank you again for your support, and we look forward to bringing you more valuable content in the future.