-
Ep. 14 - Future of CISA/SEC under Trump, US Telco news, DAO faces $50M hack
- 2024/12/23
- 再生時間: 54 分
- ポッドキャスト
-
サマリー
あらすじ・解説
In this episode of The Adversarial Podcast, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the latest developments in cybersecurity, geopolitical threats, and emerging trends as 2025 approaches.
00:00 Introduction
02:06 Trump 2.0's effect on security
03:25 Future of CISA
09:00 Future of SEC cyber reports
15:57 Possible Trump 2.0 priorities
19:40 Spying on US Telco
20:20 What is SS7?
24:04 SS7 vs. SMS interception
25:40 Privacy impact of SS7 attacks
30:12 National security
31:17 CISA's guidance for telco
36:58 DPRK targets DAO network, $50M heist using macOS malware
46:30 DOJ indicts 14 DPRK nationals
The Future of SEC/CISA under Trump 2.0. With Trump returning to office, the hosts discuss possible changes to SEC-mandated cybersecurity disclosures and the potential of priorities shifting away from CISA as Jenny Easterly’s resignation looms.
References: https://www.cfodive.com/news/sec-cybersecurity-enforcement-outlook-uncertain-as-trump-returns/735728/, https://www.bankinfosecurity.com/cisa-faces-uncertain-future-under-trump-a-26829
China, Russia, and Iran spying on US Telco networks. Adversaries are abusing SS7 vulnerabilities and are hacking into Telco networks to spy on U.S. citizens. The hosts unpack CISA's new recommendations for encrypted communications and discuss the history of SS7 vulnerabilities.
References: https://www.404media.co/dhs-says-china-russia-iran-and-israel-are-spying-on-people-in-us-with-ss7/, https://www.reuters.com/technology/cybersecurity/china-affiliated-actors-compromised-networks-multiple-telecom-companies-us-says-2024-11-13/, https://www.cisa.gov/sites/default/files/2024-12/guidance-mobile-communications-best-practices.pdf
DPRK Targets macOS hosts in $50M heist from DAO network. The hosts discuss recent DPRK-aligned Mac malware involved in a $50M cryptocurrency heist. The team discusses the sophistication of the attack, parallels to the attacks against US financial services companies, and why the crypto space remains a goldmine for state-sponsored cybercriminals.
References: https://medium.com/@RadiantCapital/radiant-capital-incident-update-e56d8c23829e
DOJ indicts 14 DPRK nationals for fraudulent worker scheme and extortions. We return to the ongoing surge in DPRK-funded actors illegallying work in IT roles within the US using false identities. The hosts unpack raise questions about insider threats and remote work challenges.
References: https://www.justice.gov/opa/pr/fourteen-north-korean-nationals-indicted-carrying-out-multi-year-fraudulent-information?&web_view=true