Newsletter

open source and cybersecurity news

December 5, 2023

It's 5:05, December 5, 2023. TIme for your cybersecurity and open source headlines

In this Episode:

Mark Miller: December 5th, 1965. The first PhD dissertation in computer science is presented. Richard L Wexelblat was the first candidate in a computer science program to complete a dissertation. Wexelblat’s diploma presented by the University of Pennsylvania, the home of ENIAC, was the first one to carry the designation, “Computer Science”.

Edwin Kwan: In a significant move, Queensland’s parliament has approved a mandatory data breach notification scheme. The scheme is set to impact state agencies from mid 2025 and local governments from mid 2026.

Katy Craig: A new ransomware group named CACTUS recently surfaced, ranking in the top 10 for most monthly victims.  CACTUS represents a sophisticated and multi-faceted cybersecurity threat to large commercial organizations.

Ian Garrett: Enhancements to AI platforms have been incredible for the content generation market, as it is easier than ever to create realistic content with a fraction of the time it would have before. But, for every good use of a tool, there always is a malicious use as well.

 

The Stories Behind the Cybersecurity Headlines

 

Edwin Kwan
Mandatory Data Breach Notification Coming to Queensland

Edwin Kwan, Contributing Journalist, It's 5:05 PodcastIn a significant move, Queensland’s parliament has approved a mandatory data breach notification scheme, becoming the second Australian state after New South Wales to enact such legislation.

This is Edwin Kwan from Sydney, Australia.

The scheme is set to impact state agencies from mid 2025 and local governments from mid 2026. Queensland Attorney General highlighted that the new legislation aims to enhance data security awareness and encourage proactive measures to prevent and manage data breaches. She emphasized that the scheme’s implementation is crucial for building public confidence in Queensland’s privacy laws, especially in the wake of high-profile data breaches in recent years.

The mandatory data breach notification scheme aligns with the Commonwealth Privacy Act and is part of a broader set of privacy-related changes, including reforms to the Right to Information Framework and increased criminal sanctions for the misuse of restricted computers.

Resources
– AU.gov: https://statements.qld.gov.au/statements/99263
– IT News: https://www.itnews.com.au/news/queensland-passes-mandatory-data-breach-notification-scheme-602946

 

Katy Craig
A Prickly CACTUS: Ransomware to Encrypt and Exfiltrate Data

Katy Craig, Contributing Journalist, It's 5:05 PodcastA new ransomware group named CACTUS recently surfaced, ranking in the top 10 for most monthly victims. First appearing in March 2023, CACTUS has been identified as a sophisticated group, having a significant impact on its victims.

This is Katy Craig in San Diego, California.

What’s particularly concerning about CACTUS is its method of operation. CACTUS doesn’t just encrypt data, it also exfiltrates data. The cybercriminals behind this ransomware have been using the peer-to-peer messaging service, Tox, for victim extortion. However, at the time of this report, no specific victim leak site linked to CACTUS has been identified.

The tactics, techniques, and procedures, TTPs, deployed by CACTUS are diverse. The ransomware uses a range of tools, including Chisel, Rclone, TotalExec, and custom scripts to distribute its malicious payload and disable security software. One of the notable methods for spreading the ransomware is through the exploitation of VPN appliances, a vulnerability that many organizations need to watch out for.

An interesting technical aspect of CACTUS involves a file named ntuser.dat, located in C:\ProgramData. This file is used to pass an AES key, which in turn decrypts an RSA public key. This decrypted key is crucial for the ransomware’s persistent execution, typically achieved through Scheduled Tasks.

CACTUS represents a sophisticated and multi-faceted cybersecurity threat to large commercial organizations. Its ability to both encrypt and exfiltrate data, combined with its diverse range of attack techniques, makes it a significant concern for cybersecurity professionals.

This is Katy Craig. Stay safe out there.

Resources
– Kroll: https://www.kroll.com/en/insights/publications/cyber/cactus-ransomware-prickly-new-variant-evades-detection

 

Ian Garrett
Deepfakes: A Growing Concern for 2024 Election Security

Ian Garrett, Contributing Journalist, It's 5:05 Podcast

Enhancements to AI platforms have been incredible for the content generation market, as it is easier than ever to create realistic content with a fraction of the time it would have before. But, for every good use of a tool, there always is a malicious use as well. In this case, it’s the emerging threat of deepfakes, which will be especially an issue with the upcoming US election in 2024.

Hey folks, this is Ian Garrett in Arlington, Virginia.

As the US gears up for a pivotal election year, AI-generated deepfakes are emerging as a significant concern. Cloudflare’s report highlights an alarming increase in cyberattacks, with 34.7 million threats mitigated from November 2022 to August 2023. Yet, it’s the spread of disinformation, particularly through deepfakes, that poses the most significant risk.

Deepfakes, more realistic than ever, are a tool for disseminating false information and eroding trust in democratic processes. Experts like Grant Bourzikas from CloudFlare emphasize the need for a secure, reliable internet access to uphold the integrity of elections. With AI’s evolution, these deepfakes are not just a challenge to identify, but also a potent tool for misinformation.

Slovakia’s recent election, marred by deepfake technology, is a cautionary tale. Politically oriented deepfakes have already surfaced in the US, including an altered interview with Senator Elizabeth Warren. These instances highlight the growing sophistication and impact of deepfakes and political discourse.

Despite these challenges, solutions remain elusive. Fundamental cybersecurity hygiene and preparedness for continuous cyberattacks are essential. However, the detection of AI-generated misinformation, including deepfakes, is complex and evolving.

As we approach the 2024 elections, the cybersecurity landscape is bracing for an onslaught of sophisticated threats. The rise of deepfakes represents a paradigm shift in election security, requiring innovative solutions and heightened vigilance.

Resources
– CSO Online: https://www.csoonline.com/article/1251094/deepfakes-emerge-as-a-top-security-threat-ahead-of-the-2024-us-election.html

 

Mark Miller
This Day, December 5, in Tech History

Mark Miller, Executive Producer, It's 5:05This is Mark Miller sitting in for Marcel Brown to bring today’s segment of This Day in Tech History.

December 5, 1965 The First PhD Dissertation in Computer Science Is Presented. Richard L.Wexelblat was the first candidate in a computer science program to complete a dissertation. Many PhD candidates had performed computer-related work, but Wexelblat’s diploma, presented by the University of Pennsylvania – the home of the ENIAC – was the first one to carry the designation “computer science.” He is said to be the originator of Wexelblat’s scheduling algorithm: “Choose two of: good, fast, cheap.”

An interesting side note is that Wexelblat eventually retired from the computer field to become an artisan woodturner.

December 5, 1969. The University of Utah’s Computer Science Department becomes the fourth node of ARPANET, the world’s first packet-switching computer network and precursor of today’s internet. It is the first node outside of California to join the network (after UCLA, Stanford Research Institute and the University of California Santa Barbara).

Later that year, the first “node-to-node” message between research labs at UCLA and Stanford was delivered. “LOGIN” – albeit short and simple – crashed the network after the Stanford computer only received the “L” and “O.”

Marcel Brown notes that some sources claim this date as December 1st. He has not been able to find a definitive source for that claim, so we’re just going to go with what we’ve got.

Resources
This Day in Tech History: https://thisdayintechhistory.com/12/05

Contributors:

Comments:

Leave the first comment

Newsletter