A whistleblower organization says that Doge may have caused a quote, significant cyber breach at a US Labor watchdog. A Microsoft security feature gives administrators heartburn right as the Easter holiday starts. A Russian Intel agency Link Group deploys special malware targeting European diplomats and the Canadian Conservative leader, Pierre Poilievre, proposes new $5 million fines and criminal co defenses for companies that fail to address online fraud.
This is Cybersecurity today, and I'm your host, David Shipley. A whistleblower complaint says that billionaire Elon Musk's team of technologists may have been responsible for a significant cybersecurity breach at America's Federal Labor watchdog. Daniel Berulis, an information technology staffer at the National Labor Relations Board, or NLRB, says he has evidence that Doge staffers were given extraordinary access to the NLRBs systems.
These systems, house sensitive case files, as well as sensitive business information on firms. He said that at the beginning of March, logging protocols created to audit users appears to have been tampered with, and that he had detected the removal of up to 10 gigabytes worth of data from the NLRBs network sometime thereafter. The NLRB is tasked with protecting workers' rights to organize and join unions.
The agency created decades ago has been a long time and frequent target of American corporate leaders like Musk. Berulis alleged in an affidavit that there were attempted logins to NLRB systems from an IP address in Russia in the days after Doge accessed the systems. He told Reuters Tuesday that the attempted logins apparently included correct usernames and passwords, but these logins were rejected by location related conditional access policies.
Berulis affidavit said that an effort by himself and his colleague to formally investigate and alert the Cybersecurity and Infrastructure Security Agency or CISA, was disrupted by higher ups without explanation. Andrew Bakaj, chief Legal counsel for the Whistleblower Aid Group filed these allegations in a submission to Republican Senate Intelligent Committee Chairman Tom Cotton and his Democratic counterpart, Mark Warner.
The submission includes a statement that, Berulis and his colleagues were working to pass on this information to CISA. The submission includes a statement from Berulis that as he and his colleagues were preparing to pass information, they gathered onto CISA. He had received a threatening note taped to the door of his home with photographs of him walking in his neighborhood, taken via drone. Quote, unlike any other time previously, there is this fear to speak out because of reprisal.
End quote, Berulis told Reuters quote, we're seeing data that is traditionally safeguarded with the highest standards in the United States government being taken, and the people that do try to stop it from happening. The people that are saying, no, they're being removed one by one end quote.
Windows administrators from numerous organizations reported this weekend widespread account lockouts that were triggered by false positives in the rollout of a new Microsoft Entera ID feature leak credentials detection app called Mace. Windows administrators from numerous organizations reported widespread account lockout Saturday that were triggered by false positives in a new Microsoft Enter ID feature called Mace.
Mace is a credential revocation app in Microsoft's Entera ID that's used to detect leak credentials and lock potentially compromised accounts. Bleeping Computer reported that the issue began Friday night and initially administrators suspected a wave of false positives as some of the affected accounts had unique passwords that were not used on any other services.
Microsoft Entera ID formerly Azure Active Directory is a cloud-based identity and access management service that helps organizations manage user identities and secure access to resources. On Saturday, Windows admins on Reddit shared they had received multiple alerts for some of their accounts and saying that those accounts have been found with credentials leaked on the dark web or other locations.
These accounts were automatically locked out of the tenant with numerous users impacted per organization. One managed service provider reported that that a third of all accounts were impacted. A managed detection and response or MDR provider posted that they had received 20,000 alerts from Microsoft about leak credentials from numerous clients. Cybersecurity company, Huntress Labs posted on Sunday on its website that 1,500 tenants that it was working with had been affected.
While all alerts of leak credentials should be investigated to confirm that an account was not compromised, if you received a flurry of alerts at once, it is likely behind that. Microsoft has not officially posted on the issue and is yet to respond to media reports as of Sunday. Given that holiday, weekends are often exploited by attackers, this particular issue was extraordinarily poorly timed.
If your firm's IT or security team is extra tired this week or flat out exhausted after this issue, consider being extra kind to them. Losing a weekend to an incident is always hard. Losing one to a tool gone rogue is especially difficult. It appears the Russian hackers known as Cozy Bear may be in need of a new nickname, cozy Bear or increasingly boozy Bear. The Russian intelligence linked APT 29 has been using wine themed phishing lures and new malware to target European diplomats.
The latest set of attacks entails sending email invites for wine tasting and impersonates an unspecified European Ministry of Foreign Affairs Agency. Now it coaxes them to try and click on a link that triggers the deployment of a new malware called Grape Loader by means of a malware laced zip archive wine zip. The emails were sent for domains bacon hof.com and sry.com. The hacker News reports.
Cybersecurity firm. Checkpoint says Grape Loader is a newly observed initial stage tool used for fingerprinting, persistence and payload delivery. This campaign is said to have mainly singled out European countries with a specific focus on ministries of foreign affairs as well as other countries, embassies in Europe. There are indication that diplomats based in the Middle East may have also been targeted. The lesson here, phishing works particularly well when you know your audience.
For journalists and cybersecurity professionals, you should probably be on the lookout for whiskey tasting or similar hard liquor theme phishing invites. I kid, well, sort of Canadian conservative leader, Pierre Poilievre is promising to protect seniors by making it mandatory for financial institutions and phone companies to stop digital scammers in their tracks. The plan would require these companies to detect, report, and block suspected fraud in real time.
End quote, or face the prospect of massive fines and or being charged with a new crime under the criminal code. The conservative leader who's campaigning ahead of the April 28th federal election is proposing a Stop scamming Seniors Act. Say that three times fast. This new act would require banks and telecommunications firms to deploy state-of-the-art technology to catch scams and stop them before they happen.
The Conservative Party said in a statement last week that quote, the institution's best position to prevent these crimes. Banks and telecom companies are not legally required to act fast, transparently, or decisively. Under this proposed plan, corporations be required to employ the same kinds of AI tools they currently use to optimize marketing and sales initiatives to track possible instances of fraud.
The party is also proposing adding minimum sentences of one year in jail for those committing over $1 million in fraud, a new charge would also be added to the criminal code called willful profiteering from fraud. That would target corporate executives who quote, ignore the red flags and knowingly allow scam traffic or activity End quote.
Companies found to willfully neglected to have implemented scan prevention efforts, could face fines of up to $5 million per violation while social media companies were not called out in the announcement like banks and telecommunications firms were. Hopefully they'll be held to the same standard. We are always interested in your opinion, and you can contact us at [email protected] or leave a comment under the YouTube video.
I've been your host, David Shipley, sitting in for Jim Love who will be back in on Wednesday. Thank you for listening.