Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon Musk's team's involvement in a significant cyber breach at the National Labor Relations Board. Administrators face challenges with Microsoft's Mace feature, causing widespread account lockouts over the Easter weekend. The Russian hacking group Cozy Bear targets European diplomats using wine-themed phishing tactics. Canadian Conservative leader Pierre Poilievre proposes stringent measures against online fraud, including hefty fines and criminal charges for companies failing to act against digital scammers. 00:00 Breaking News: Doge and the US Labor Watchdog Cyber Breach 03:30 Microsoft Security Feature Causes Weekend Chaos 06:08 Russian Hackers Target European Diplomats with Wine-Themed Phishing 07:30 Canadian Conservative Leader Proposes Anti-Fraud Measures 09:25 Conclusion and Contact Information
Episode Transcript
A whistleblower organization says thatDoge may have caused a quote, significant
cyber breach at a US Labor watchdog.
A Microsoft security feature givesadministrators heartburn right
as the Easter holiday starts.
A Russian Intel agency Link Groupdeploys special malware targeting
(00:20):
European diplomats and the CanadianConservative leader, Pierre Poilievre,
proposes new $5 million fines andcriminal co defenses for companies
that fail to address online fraud.
This is Cybersecurity today, andI'm your host, David Shipley.
(00:42):
A whistleblower complaint says thatbillionaire Elon Musk's team of
technologists may have been responsiblefor a significant cybersecurity breach
at America's Federal Labor watchdog.
Daniel Berulis, an informationtechnology staffer at the National Labor
Relations Board, or NLRB, says he hasevidence that Doge staffers were given
(01:05):
extraordinary access to the NLRBs systems.
These systems, house sensitivecase files, as well as sensitive
business information on firms.
He said that at the beginning of March,logging protocols created to audit users
appears to have been tampered with,and that he had detected the removal of
(01:27):
up to 10 gigabytes worth of data fromthe NLRBs network sometime thereafter.
The NLRB is tasked withprotecting workers' rights
to organize and join unions.
The agency created decades ago hasbeen a long time and frequent target of
American corporate leaders like Musk.
Berulis alleged in an affidavit thatthere were attempted logins to NLRB
(01:51):
systems from an IP address in Russia inthe days after Doge accessed the systems.
He told Reuters Tuesday that theattempted logins apparently included
correct usernames and passwords, butthese logins were rejected by location
related conditional access policies.
Berulis affidavit said that aneffort by himself and his colleague
(02:14):
to formally investigate and alertthe Cybersecurity and Infrastructure
Security Agency or CISA, was disruptedby higher ups without explanation.
Andrew Bakaj, chief Legal counselfor the Whistleblower Aid Group filed
these allegations in a submissionto Republican Senate Intelligent
Committee Chairman Tom Cotton and hisDemocratic counterpart, Mark Warner.
(02:39):
The submission includes a statement that,Berulis and his colleagues were working
to pass on this information to CISA.
The submission includes a statementfrom Berulis that as he and his
colleagues were preparing to passinformation, they gathered onto CISA.
He had received a threatening notetaped to the door of his home with
(02:59):
photographs of him walking in hisneighborhood, taken via drone.
Quote, unlike any other timepreviously, there is this fear
to speak out because of reprisal.
End quote, Berulis told Reutersquote, we're seeing data that is
traditionally safeguarded with thehighest standards in the United States
government being taken, and the peoplethat do try to stop it from happening.
(03:23):
The people that are saying, no, they'rebeing removed one by one end quote.
Windows administrators from numerousorganizations reported this weekend
widespread account lockouts thatwere triggered by false positives
in the rollout of a new MicrosoftEntera ID feature leak credentials
(03:44):
detection app called Mace.
Windows administrators from numerousorganizations reported widespread
account lockout Saturday that weretriggered by false positives in a new
Microsoft Enter ID feature called Mace.
Mace is a credential revocation appin Microsoft's Entera ID that's used
(04:05):
to detect leak credentials and lockpotentially compromised accounts.
Bleeping Computer reported that theissue began Friday night and initially
administrators suspected a wave offalse positives as some of the affected
accounts had unique passwords thatwere not used on any other services.
Microsoft Entera ID formerly AzureActive Directory is a cloud-based
(04:27):
identity and access management servicethat helps organizations manage user
identities and secure access to resources.
On Saturday, Windows admins on Redditshared they had received multiple
alerts for some of their accountsand saying that those accounts have
been found with credentials leakedon the dark web or other locations.
These accounts were automaticallylocked out of the tenant with numerous
(04:51):
users impacted per organization.
One managed service providerreported that that a third of
all accounts were impacted.
A managed detection and response or MDRprovider posted that they had received
20,000 alerts from Microsoft aboutleak credentials from numerous clients.
(05:11):
Cybersecurity company, HuntressLabs posted on Sunday on its website
that 1,500 tenants that it wasworking with had been affected.
While all alerts of leak credentialsshould be investigated to confirm
that an account was not compromised,if you received a flurry of alerts
at once, it is likely behind that.
(05:33):
Microsoft has not officially postedon the issue and is yet to respond
to media reports as of Sunday.
Given that holiday, weekends are oftenexploited by attackers, this particular
issue was extraordinarily poorly timed.
If your firm's IT or security teamis extra tired this week or flat
(05:54):
out exhausted after this issue,consider being extra kind to them.
Losing a weekend to anincident is always hard.
Losing one to a tool gonerogue is especially difficult.
It appears the Russian hackersknown as Cozy Bear may be in
need of a new nickname, cozyBear or increasingly boozy Bear.
(06:17):
The Russian intelligence linked APT 29 hasbeen using wine themed phishing lures and
new malware to target European diplomats.
The latest set of attacks entailssending email invites for wine tasting
and impersonates an unspecified EuropeanMinistry of Foreign Affairs Agency.
Now it coaxes them to try and click ona link that triggers the deployment of a
(06:39):
new malware called Grape Loader by meansof a malware laced zip archive wine zip.
The emails were sent for domainsbacon hof.com and sry.com.
The hacker News reports.
Cybersecurity firm.
Checkpoint says Grape Loader isa newly observed initial stage
tool used for fingerprinting,persistence and payload delivery.
(07:03):
This campaign is said to have mainlysingled out European countries with
a specific focus on ministries offoreign affairs as well as other
countries, embassies in Europe.
There are indication thatdiplomats based in the Middle
East may have also been targeted.
The lesson here, phishingworks particularly well
when you know your audience.
For journalists and cybersecurityprofessionals, you should probably be on
(07:26):
the lookout for whiskey tasting or similarhard liquor theme phishing invites.
I kid, well, sort of Canadian conservativeleader, Pierre Poilievre is promising to
protect seniors by making it mandatory forfinancial institutions and phone companies
to stop digital scammers in their tracks.
The plan would require thesecompanies to detect, report, and
(07:49):
block suspected fraud in real time.
End quote, or face the prospect ofmassive fines and or being charged with
a new crime under the criminal code.
The conservative leader who's campaigningahead of the April 28th federal election
is proposing a Stop scamming Seniors Act.
Say that three times fast.
This new act would require banks andtelecommunications firms to deploy
(08:12):
state-of-the-art technology to catchscams and stop them before they happen.
The Conservative Party said in a statementlast week that quote, the institution's
best position to prevent these crimes.
Banks and telecom companies arenot legally required to act fast,
transparently, or decisively.
Under this proposed plan, corporationsbe required to employ the same kinds
(08:35):
of AI tools they currently use tooptimize marketing and sales initiatives
to track possible instances of fraud.
The party is also proposing addingminimum sentences of one year in jail
for those committing over $1 millionin fraud, a new charge would also
be added to the criminal code calledwillful profiteering from fraud.
(08:56):
That would target corporate executives whoquote, ignore the red flags and knowingly
allow scam traffic or activity End quote.
Companies found to willfully neglectedto have implemented scan prevention
efforts, could face fines of up to$5 million per violation while social
media companies were not calledout in the announcement like banks
(09:19):
and telecommunications firms were.
Hopefully they'll be heldto the same standard.
We are always interested in youropinion, and you can contact us at
editorial@technewsday.ca or leavea comment under the YouTube video.
I've been your host, DavidShipley, sitting in for Jim Love
who will be back in on Wednesday.
(09:39):
Thank you for listening.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com