October 24, 2023
In this Episode:
Marcel Brown: October 24th, 1861. Western Union completes the first transcontinental telegraph line across the United States. Not coincidentally, two days later, the Pony Express shut down operations.
Edwin Kwan: Okta recently announced that their support case management system suffered a breach and sensitive customer data was stolen. Okta said that all affected customers have been notified, and that if you had not been contacted, then there is no impact to your Okta environment or support tickets.
Katy Craig: Cisco’s recent disclosure of a critical zero-day vulnerability in its Web UI reveals a concerning situation. Cybersecurity firm, Censys, has confirmed that over 40,000 hosts have been infected, with more than a quarter of them located in the United States.
Ian Garrett: Generative AI is reshaping the phishing landscape, making attacks more sophisticated. Research shows that security leaders are increasingly concerned about AI’s potential to craft convincing email attacks.
The Stories Behind the Cybersecurity Headlines
Okta Breach Exposed Sensitive Customer Data
Okta recently announced that their support case management system suffered a breach and sensitive customer data was stolen.
This is Edwin Kwan from Sydney, Australia.
Okta provides identity tools such as multi-factor authentication and single sign-on to their customers. They said that the incident affected a very small number of customers.
The attackers used stolen credentials to access their support case management system and stole files that were uploaded by customers as part of support cases. The uploaded files were HTTP archive files, which are used for troubleshooting issues and contain sensitive data such as cookies and session tokens.
The breach was first detected by one of Okta’s customers, Beyond Trust. The security team at Beyond Trust detected and blocked login attempts into an in-house Okta administrator account. They informed Okta, who then took two weeks to confirm the breach. Okta said that all affected customers have been notified, and that if you had not been contacted, then there is no impact to your Okta environment or support tickets.
– OKTA.com: https://sec.okta.com/harfiles
– The Record: https://therecord.media/hackers-used-stolen-credentials-okta
– Krebs on Security: https://krebsonsecurity.com/2023/10/hackers-stole-access-tokens-from-oktas-support-unit/
– Bleeping Computer: https://www.bleepingcomputer.com/news/security/okta-says-its-support-system-was-breached-using-stolen-credentials/
– Dark Reading: https://www.darkreading.com/application-security/more-okta-customers-hacked-through-support-service
Cisco Zero Day is Bad News
Cisco’s recent disclosure of a critical zero-day vulnerability in its Web UI reveals a concerning situation. Cybersecurity firm, Censys, has confirmed that over 40,000 hosts have been infected, with more than a quarter of them located in the United States.
This is Katy Craig in San Diego, California.
The vulnerability designated CVE-2023-20198 allows unauthenticated privilege escalation and is actively exploited in the wild. Although the number of compromised devices decreased slightly last week, a substantial number of routers still remain compromised.
The impact of this vulnerability extends well beyond the US, affecting devices in countries like the Philippines, Mexico, Chile, and India. The US and the Philippines have the highest number of affected hosts. Globe Telecoms Inc., Uninet, and CTC Corp. S. A. Telefonica Empresas were among the American and Philippine enterprises with over 1,000 affected devices.
Cisco has been dealing with multiple critical bugs in recent months, including this one, which has no workarounds. Users are advised to disable the HTTP server feature on internet-facing systems.
For those concerned about compromise, Cisco recommends checking for new or unknown usernames in the configuration messages generated when the Web UI feature is accessed.
This is Katy Craig. Stay safe out there.
– NIST.gov: https://nvd.nist.gov/vuln/detail/CVE-2023-20198
– Talos Intelligence: https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
– CSO Online: https://www.csoonline.com/article/656427/over-40000-cisco-devices-exploited-with-the-latest-zero-day-vulnerability.html?utm_date=20231024111040
Will Hackers Who Write Phishing Emails Lose Their Jobs?
Many are concerned that generative AI may take away their jobs. If you’re a hacker that writes phishing emails for a living, then you might be right. Recent research indicates that AI-powered tools are becoming more proficient at creating convincing phishing emails, raising concerns among cybersecurity experts.
Hey folks, this is Ian Garrett in Arlington, Virginia.
Generative AI is reshaping the phishing landscape, making attacks more sophisticated. Research shows that security leaders are increasingly concerned about AI’s potential to craft convincing email attacks.
According to the “State of Email Security in an AI-Powered World” report by Abnormal Security, 98% of surveyed cybersecurity stakeholders are worried about generative AI tools like ChatGPT and the impact on cybersecurity. The main concern is the sophistication of email attacks, particularly the ability to craft highly personalized attacks based on publicly available information. Despite these concerns, most security leaders are ill-prepared to protect against AI-generated email attacks. The majority still rely on cloud email providers or legacy tools for email security, with 53% using secure email gateways. Unfortunately, 46% lack confidence in traditional solutions’ ability to detect and block AI-generated attacks.
IBM X-Force conducted a study to determine whether generative AI models could produce phishing emails as convincing as those created by humans. In a simulation against organizations, AI-generated phishing emails demonstrated a click rate of 11%, while human-generated phishing emails achieved a slightly higher rate of 14%. This suggests that AI-generated phishing emails are fairly persuasive.
While humans narrowly won this round, AI is constantly evolving. As technology advances, AI is likely to become more sophisticated, potentially outperforming humans. The experiment highlights the need for enhanced email security in the face of evolving AI-powered threats.
This Day, October 24, in Tech History
This is Marcel Brown serving up some technology history for October 24th.
October 24th, 1861. Western Union completes the first transcontinental telegraph line across the United States, making nearly instantaneous cross country communication possible for the first time. Previously, it took ten days for a letter to be sent from Missouri to California via the Pony Express.
Not coincidentally, two days later, the Pony Express shut down operations.
October 24th, 2003. The Concorde supersonic jet makes its last commercial flight. While being able to cross the Atlantic in about three and a half hours, low passenger numbers and rising maintenance costs made operating the Concorde unprofitable for British Airways and Air France.
That’s your technology history for today. For more, tune in tomorrow and visit my website, ThisDayInTechHistory. com.