Cyber Security Headlines – Episode Summary Hosted by CISO Series

Release Date: June 17, 2025

In the latest episode of Cyber Security Headlines by CISO Series, host Rich Stroffelino delves into the most pressing cybersecurity issues of the day. From sophisticated 2FA attacks to major data breaches and regulatory challenges, this episode provides a comprehensive overview of the evolving threat landscape. Below is a detailed summary of the key topics discussed.

1. Beware of SMS2FA Middleman Attacks

The episode opens with a concerning revelation about the vulnerability of SMS-based two-factor authentication (2FA). An anonymous whistleblower supplied Bloomberg Businessweek and Lighthouse Reports with auto-generated login codes that intercepted approximately 1.1 million SMS messages containing 2FA codes sent in June 2023.

Key Points:

• Fink Telecom Services, a Swiss company, was identified as the intermediary processing these SMS messages. Previous investigations have linked Fink Telecom with government and private surveillance efforts to track user locations and monitor phones.
• The CEO of Fink Telecom, Andreas Fink, stated, “Legal restrictions prevent us from seeing message content, and we no longer engage in surveillance operations” (00:40).
• Fink operates primarily as a subcontractor for other SMS processors, meaning the platforms utilizing 2FA have no direct business relationship or oversight over the messages being processed.

This development highlights the critical need for organizations to re-evaluate their authentication methods and explore more secure alternatives beyond SMS-based 2FA.

2. Archetype Market Seized by Europol

In a significant crackdown on illicit online activities, Europol announced the seizure of Archetype Market, a notorious darknet marketplace for illicit drugs. Operational since May 2020, Archetype Market hosted over 3,200 registered vendors and facilitated transactions exceeding 250 million Euros in cryptocurrency.

Operation Deep Sentinel:

• Conducted between June 11 and 13, the operation involved multiple European law enforcement agencies, including investigators from the Netherlands and Spain.
• A 30-year-old German national, suspected of being an administrator, was arrested in Spain, along with a suspected moderator and several vendors in Germany and Sweden.
• Post-seizure, the Archetype site now displays a warning message indicating that the domain has been seized (01:44).

This operation underscores the ongoing efforts by international law enforcement to dismantle cybercriminal infrastructures and disrupt illegal marketplaces.

3. ZoomCar Data Breach Affects 8.4 Million Users

ZoomCar, the India-based car-sharing company, reported a significant data breach affecting 8.4 million users across India, Indonesia, East India, Egypt, and Vietnam. The breach was disclosed to the U.S. Securities and Exchange Commission (SEC) after an unauthorized party accessed ZoomCar’s systems on June 9.

Details of the Breach:

• The compromised dataset included names, phone numbers, and car registration numbers of users.
• ZoomCar confirmed that the incident did not result in a material disruption to its operations.
• No hacker group has claimed responsibility for the breach (01:51).

This incident highlights the persistent risks associated with data security in the automotive sharing sector and the importance of robust cybersecurity measures to protect user information.

4. Google’s Wiz Acquisition Faces Antitrust Scrutiny

Bloomberg sources revealed that the U.S. Department of Justice (DOJ) has initiated an antitrust investigation into Google's planned $32 billion acquisition of Wiz, a cloud security firm. The deal, announced in March, is now under close examination to assess its potential impact on market competition.

Implications:

• The investigation is still in its early stages and may extend over several months.
• A potential block on the deal would not only prevent Google from enhancing its cloud security portfolio but also entail a $3.2 billion breakup fee.
• This scrutiny follows the DOJ’s previous investigation into Google’s 2022 acquisition of Mandiant, which was ultimately cleared (02:30).

The outcome of this investigation will have significant ramifications for Google’s expansion in the cybersecurity sector and broader antitrust regulatory practices.

5. SEC Withdraws Cybersecurity Regulations for Investment Companies

The U.S. Securities and Exchange Commission (SEC) has decided to withdraw its proposed cybersecurity regulations for investment companies and advisors, which were initially introduced in 2022. These regulations required entities to develop policies addressing cybersecurity risks and to report cyber incidents and risk factors to the SEC.

Highlights:

• The SEC announced the withdrawal after facing substantial opposition and a rocky response during the public comment period (03:54).
• Instead of the existing proposed rules, the SEC indicated it might issue new regulations tailored to evolving cybersecurity needs.
• The withdrawal emphasizes that while compliance is not synonymous with security, it remains a critical component of a comprehensive cybersecurity strategy (06:43).

This decision reflects the complex balance regulators must achieve between enforcing security standards and accommodating industry concerns.

6. Deerstealer: A Case for Subscription Malware

Researchers at East Sentinel have documented a new malware campaign involving Deerstealer, a subscription-based Information Stealer (InfoStealer). This malware is rapidly evolving, incorporating features such as macOS support, multi-client targeting, and advanced encryption techniques.

Technical Overview:

• Attackers initiate the campaign through a phishing page that executes a PowerShell command, initiating an attack chain to deploy hijack loaders.
• The malware’s initial installation uses a signed binary from Comodo, which loads a manipulated DLL to inject Deerstealer into legitimate processes.
• Deerstealer's capabilities include extracting data from over 50 browsers, remote access via a hidden VNC, and targeting cryptocurrency credentials by monitoring clipboards and messaging apps (04:29).

The sophistication and adaptability of Deerstealer pose a significant threat to both individuals and organizations, underscoring the necessity for advanced threat detection and response strategies.

7. Compromise of Russian Researcher Keir Giles’ Email

Keir Giles, a prominent British researcher specializing in Russian cybersecurity threats, disclosed that his email accounts were compromised through LinkedIn. The breach involved threat actors impersonating the U.S. State Department.

Findings:

• Analysis by SecureWorks and Mandiant suggests the involvement of the Russian state-sponsored group Iron Frontier.
• Giles cautioned his contacts about potential phishing attempts, stating, “Proceed with caution on any unexpected emails received from me recently” (05:27).
• This incident marks Giles' second experience with such targeted attacks, the first occurring last year when Russian intelligence-linked actors attempted to compromise his email by impersonating academic researchers (05:52).

This case highlights the persistent threat posed by state-sponsored actors targeting high-profile researchers and the importance of vigilance in digital communications.

8. NIST Publishes New Zero Trust Architecture Guidance

The National Institute of Standards and Technology (NIST) has released updated guidance on Zero Trust Architecture (ZTA), aiming to provide a foundational framework for organizations developing their own zero trust models.

Key Features:

• The guidance includes 19 examples of zero trust architectures built using commercial off-the-shelf tools and technologies.
• Emphasizes a phased deployment approach:
  1. Identifying and cataloging assets
  2. Building out access policies
  3. Achieving continuous monitoring and improvement
• NIST advises that while compliance does not equate to security, it can enhance overall security efforts (05:56).

This updated guidance serves as a critical resource for organizations striving to implement robust zero trust security measures tailored to their specific contexts.

Conclusion

In this episode, Rich Stroffelino provides a thorough overview of the latest developments in cybersecurity, emphasizing the dynamic nature of threats and the continuous need for adaptive security strategies. From the exploitation of SMS2FA systems to significant data breaches and evolving malware threats, the discussions underscore the imperative for organizations to stay ahead in the cybersecurity landscape. Additionally, regulatory changes and updates, such as those from the SEC and NIST, highlight the interplay between compliance and security in shaping robust defense mechanisms.

For those seeking to understand the current cybersecurity environment, this episode offers invaluable insights into the challenges and responses shaping the field.