Cyber Security Headlines: October 29, 2025

Host: Sarah Lane, CISO Series
Episode Theme:
A rapid-fire roundup of the latest cyber threats, regulatory changes, and security industry developments, with a focus on techniques that evade detection, the nuanced effect of sanctions, major breaches, and new solutions for growing cyber risks.

Key Discussion Points & Insights

1. New Android Malware Types Like a Human

Timestamps: 00:06–01:12

Discovery: Dutch cybersecurity firm ThreatFabric identified "Herodotus," a new Android banking malware.
Innovation: Herodotus mimics human typing during remote device control, making it hard for automated tools to detect.
Functionality: Steals credentials, intercepts one-time passcodes, targets banking and crypto apps.
Global Reach:
- In Italy, disguised as "Banka Secura" (Safe Bank).
- In Brazil, posed as "Modulo Seguranca Stone," imitating a payment provider's app.
Significance: The malware’s human-like behavior evades traditional security tools.

Notable Quote:

“The human like nature makes automated detection that much more difficult.” — Sarah Lane [01:07]

2. Sanctions’ Impact on Nation-State Cyber Ecosystems

Timestamps: 01:13–01:54

Report: Royal United Services Institute (RUSI) finds that cyber-related sanctions alone rarely stop attackers.
Effect: Sanctions primarily "toxify" threat actor networks—raising costs and hampering collaboration.
Best Practices:
- Pair sanctions with diplomatic, law enforcement, and intelligence efforts.
- Clarify goals, target enablers, integrate sanctions across domains, and be transparent about their impact.

Notable Quote:

“Sanctions are most effective when paired with diplomatic, law enforcement and intelligence actions.” — Sarah Lane [01:40]

3. Side-Channel Attack Extracts Intel, AMD Secrets

Timestamps: 01:55–02:44

Research: Georgia Tech, Purdue, and Synchronics detail "T Fail," a side-channel attack.
Technique: Extracts secrets from DDR5-based trusted execution environments (TEAs) on Intel and AMD CPUs (including SGX, TDX, SEV SNP with CipherText Hiding).
Requirements: Can be carried out with <$1,000 in off-the-shelf equipment.
Impact: Compromises cryptographic keys and virtual machines.
Mitigations: Researchers recommend software defenses; however, AMD and Intel state these physical attacks are out of their mitigation scope.

Notable Quote:

“AMD and Intel both say that they consider physical attacks like this out of scope for mitigation.” — Sarah Lane [02:36]

4. F5 Discloses Limited Impact from Breach

Timestamps: 02:45–03:20

Incident: F5 experienced a nation-state breach.
Exposure: Source code, config data, 44 undisclosed vulnerabilities accessed.
Customer Impact: Most affected customers say stolen data is not sensitive.
Response: Ongoing code scans, expanding bug bounty, new endpoint detection (CrowdStrike).
Business Impact: Expects short-term revenue disruption in first half of fiscal 2026.

5. Oracle E-Business Suite Zero-Day Expands

Timestamps: 03:45–04:28

Victims: More organizations hit by the Oracle EBS zero-day, including Schneider Electric, Cox Enterprises, Pan American Silver.
Attackers: CLOP ransomware group exploited the flaw for data theft and leaks; Harvard University among confirmed breach victims.
Technical Detail: Vulnerability allows unauthenticated remote code execution over HTTP.
Response: FBI warns of immediate compromise risk; Oracle urges immediate patching.

6. FCC’s New Rule Against Robocalls

Timestamps: 04:29–04:55

New regulations: FCC expands what counts as caller identity; mandates accurate display and verification, including for overseas calls.
Providers: Must alert and block calls with suspicious caller data, especially US area codes originating abroad.
Consumer Empowerment: Now possible to display caller purpose or brand logos for better decision-making.

7. Turnkey RAT Sold for Easy Enterprise Attacks

Timestamps: 04:56–05:31

Threat: New remote access trojan "Atroposia" hits the market as an easily deployable malware kit for unskilled attackers.
Functions: Hidden desktops, credential/crypto theft, DNS hijack, vulnerability scans, persistent backdoors.
Pricing: $200–$900 per subscription.
Defensive Measures: Focus on anti-phishing, patching, MFA, user and network monitoring.

8. Palo Alto Networks Debuts AI Cybersecurity Agents

Timestamps: 05:32–05:56

Launch: Cortex Agentix, a suite of AI agents to automate threat investigation and response, especially for email breaches.
Strategy: Meets rising demand for security automation amidst complex attacks.
Oversight: Human review still required; follows recent $25 billion CyberArk acquisition.

9. Cybersecurity Urgency in Trucking Industry

Timestamps: 05:57–06:40

Context: American Trucking Association’s 2025 conference.
Insight: Fleet technology execs warn of cyber risks due to digitized logistics.
Recommendations:
- Simplify tech stacks, continuously audit vendors,
- Treat cybersecurity as shared accountability,
- Consolidate integrations, maintain vendor oversight.

Notable Quote:

“Fragmented systems and weak third party security are still major vulnerabilities while consolidating integrations and maintaining active vendor oversight were cited as the most effective defenses.” — Sarah Lane [06:25]

Memorable Moments & Quotes

Human-like malware evasion: “The human like nature makes automated detection that much more difficult.” [01:07]
On sanctions: “Sanctions are most effective when paired with diplomatic, law enforcement and intelligence actions.” [01:40]
On physical attack vectors: “AMD and Intel both say that they consider physical attacks like this out of scope for mitigation.” [02:36]
Trucking industry cyber needs: “Fragmented systems and weak third party security are still major vulnerabilities...” [06:25]

Important Timestamps

Android malware detail: 00:06–01:12
Nation-state/sanctions: 01:13–01:54
Intel/AMD side-channel attacks: 01:55–02:44
F5 breach: 02:45–03:20
Oracle EBS zero-day: 03:45–04:28
FCC robocall rules: 04:29–04:55
Turnkey RAT: 04:56–05:31
Palo Alto AI agents: 05:32–05:56
Trucking cybersecurity: 05:57–06:40

Summary:
This episode takes listeners through alarming developments in malware innovation, complex geopolitical factors affecting cyber defense, and the increasing need for automation and vigilance in security—from cloud vendors to the logistics sector. Standout trends include malware built to mimic humans, the limited scope of punitive sanctions, vulnerabilities in core infrastructure apps, and a surge in plug-and-play attack tools.

Cyber Security Headlines: October 29, 2025

Key Discussion Points & Insights

1. New Android Malware Types Like a Human

Timestamps: 00:06–01:12

Discovery: Dutch cybersecurity firm ThreatFabric identified "Herodotus," a new Android banking malware.
Innovation: Herodotus mimics human typing during remote device control, making it hard for automated tools to detect.
Functionality: Steals credentials, intercepts one-time passcodes, targets banking and crypto apps.
Global Reach:
- In Italy, disguised as "Banka Secura" (Safe Bank).
- In Brazil, posed as "Modulo Seguranca Stone," imitating a payment provider's app.
Significance: The malware’s human-like behavior evades traditional security tools.

Notable Quote:

“The human like nature makes automated detection that much more difficult.” — Sarah Lane [01:07]

2. Sanctions’ Impact on Nation-State Cyber Ecosystems

Timestamps: 01:13–01:54

Report: Royal United Services Institute (RUSI) finds that cyber-related sanctions alone rarely stop attackers.
Effect: Sanctions primarily "toxify" threat actor networks—raising costs and hampering collaboration.
Best Practices:
- Pair sanctions with diplomatic, law enforcement, and intelligence efforts.
- Clarify goals, target enablers, integrate sanctions across domains, and be transparent about their impact.

Notable Quote:

“Sanctions are most effective when paired with diplomatic, law enforcement and intelligence actions.” — Sarah Lane [01:40]

3. Side-Channel Attack Extracts Intel, AMD Secrets

Timestamps: 01:55–02:44

Research: Georgia Tech, Purdue, and Synchronics detail "T Fail," a side-channel attack.
Technique: Extracts secrets from DDR5-based trusted execution environments (TEAs) on Intel and AMD CPUs (including SGX, TDX, SEV SNP with CipherText Hiding).
Requirements: Can be carried out with <$1,000 in off-the-shelf equipment.
Impact: Compromises cryptographic keys and virtual machines.
Mitigations: Researchers recommend software defenses; however, AMD and Intel state these physical attacks are out of their mitigation scope.

Notable Quote:

“AMD and Intel both say that they consider physical attacks like this out of scope for mitigation.” — Sarah Lane [02:36]

4. F5 Discloses Limited Impact from Breach

Timestamps: 02:45–03:20

Incident: F5 experienced a nation-state breach.
Exposure: Source code, config data, 44 undisclosed vulnerabilities accessed.
Customer Impact: Most affected customers say stolen data is not sensitive.
Response: Ongoing code scans, expanding bug bounty, new endpoint detection (CrowdStrike).
Business Impact: Expects short-term revenue disruption in first half of fiscal 2026.

5. Oracle E-Business Suite Zero-Day Expands

Timestamps: 03:45–04:28

Victims: More organizations hit by the Oracle EBS zero-day, including Schneider Electric, Cox Enterprises, Pan American Silver.
Attackers: CLOP ransomware group exploited the flaw for data theft and leaks; Harvard University among confirmed breach victims.
Technical Detail: Vulnerability allows unauthenticated remote code execution over HTTP.
Response: FBI warns of immediate compromise risk; Oracle urges immediate patching.

6. FCC’s New Rule Against Robocalls

Timestamps: 04:29–04:55

New regulations: FCC expands what counts as caller identity; mandates accurate display and verification, including for overseas calls.
Providers: Must alert and block calls with suspicious caller data, especially US area codes originating abroad.
Consumer Empowerment: Now possible to display caller purpose or brand logos for better decision-making.

7. Turnkey RAT Sold for Easy Enterprise Attacks

Timestamps: 04:56–05:31

Threat: New remote access trojan "Atroposia" hits the market as an easily deployable malware kit for unskilled attackers.
Functions: Hidden desktops, credential/crypto theft, DNS hijack, vulnerability scans, persistent backdoors.
Pricing: $200–$900 per subscription.
Defensive Measures: Focus on anti-phishing, patching, MFA, user and network monitoring.

8. Palo Alto Networks Debuts AI Cybersecurity Agents

Timestamps: 05:32–05:56

Launch: Cortex Agentix, a suite of AI agents to automate threat investigation and response, especially for email breaches.
Strategy: Meets rising demand for security automation amidst complex attacks.
Oversight: Human review still required; follows recent $25 billion CyberArk acquisition.

9. Cybersecurity Urgency in Trucking Industry

Timestamps: 05:57–06:40

Context: American Trucking Association’s 2025 conference.
Insight: Fleet technology execs warn of cyber risks due to digitized logistics.
Recommendations:
- Simplify tech stacks, continuously audit vendors,
- Treat cybersecurity as shared accountability,
- Consolidate integrations, maintain vendor oversight.

Notable Quote:

“Fragmented systems and weak third party security are still major vulnerabilities while consolidating integrations and maintaining active vendor oversight were cited as the most effective defenses.” — Sarah Lane [06:25]

Memorable Moments & Quotes

Human-like malware evasion: “The human like nature makes automated detection that much more difficult.” [01:07]
On sanctions: “Sanctions are most effective when paired with diplomatic, law enforcement and intelligence actions.” [01:40]
On physical attack vectors: “AMD and Intel both say that they consider physical attacks like this out of scope for mitigation.” [02:36]
Trucking industry cyber needs: “Fragmented systems and weak third party security are still major vulnerabilities...” [06:25]

Important Timestamps

Android malware detail: 00:06–01:12
Nation-state/sanctions: 01:13–01:54
Intel/AMD side-channel attacks: 01:55–02:44
F5 breach: 02:45–03:20
Oracle EBS zero-day: 03:45–04:28
FCC robocall rules: 04:29–04:55
Turnkey RAT: 04:56–05:31
Palo Alto AI agents: 05:32–05:56
Trucking cybersecurity: 05:57–06:40

wavePod

Android malware types like a human, sanctions weaken cyber ecosystems, side-channel extracts Intel, AMD secrets

Powered by Wave AI

Summary

Cyber Security Headlines: October 29, 2025

Key Discussion Points & Insights

1. New Android Malware Types Like a Human

2. Sanctions’ Impact on Nation-State Cyber Ecosystems

3. Side-Channel Attack Extracts Intel, AMD Secrets

4. F5 Discloses Limited Impact from Breach

5. Oracle E-Business Suite Zero-Day Expands

6. FCC’s New Rule Against Robocalls

7. Turnkey RAT Sold for Easy Enterprise Attacks

8. Palo Alto Networks Debuts AI Cybersecurity Agents

9. Cybersecurity Urgency in Trucking Industry

Memorable Moments & Quotes

Important Timestamps

Summary

Cyber Security Headlines: October 29, 2025

Key Discussion Points & Insights

1. New Android Malware Types Like a Human

2. Sanctions’ Impact on Nation-State Cyber Ecosystems

3. Side-Channel Attack Extracts Intel, AMD Secrets

4. F5 Discloses Limited Impact from Breach

5. Oracle E-Business Suite Zero-Day Expands

6. FCC’s New Rule Against Robocalls

7. Turnkey RAT Sold for Easy Enterprise Attacks

8. Palo Alto Networks Debuts AI Cybersecurity Agents

9. Cybersecurity Urgency in Trucking Industry

Memorable Moments & Quotes

Important Timestamps