← Cybersecurity Headlines
Cybersecurity Headlines
ATM Raspberry Pi breach, Easterly West Point cancellation, Chinese company-hacker link
00:08:53
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series, It's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Friday, August 1, 2025. I'm Steve Prentiss. ATM network breached and attacked through 4G Raspberry PI this activity is being attributed to a financially motivated threat actor known as UNC2891. According to security firm Group IB, this attack did require physical access in order to install the Raspberry PI device and then connect it to the same network switch as the atm, thus effectively joining the network. It is currently not known how this access was obtained. The scheme used a kernel module rootkit dubbed CAKE tap, that is C A K E tap, which was designed to hide network connections, processes and files, as well as intercept and spoof card and PIN verification messages from hardware security modules. Although the specific network, country or victim organization is not identified in the media or in the report from Group IB itself, the emphasis is on the physical penetration of the network, which used Linux bind mounts to hide backdoor processes from conventional detection tools. As a consequence, standard forensic triage failed to reveal the backdoor because the attacker leveraged a technique that had not been documented in public threat reports at the time. End quote Easterly's Appointment to West Point Rescinded the former Director of CISA has had her appointment to a high profile academic position in West Point's Department of Social Sciences swiftly removed. On Tuesday, the United States Military Academy announced that she was named to The Robert F. McDermott Distinguished Chair, which since 1943 has brought a leading scholar, practitioner or expert in the fields of social sciences such as economics, political science or international relations to West Point. End quote. Shortly afterwards, according to cyberscoop, far right activist Laura Loomer suggested On X that Easterly should not be named to the position due to her work under the Biden administration. And on Wednesday, Secretary Secretary of the Army Dan Driscoll announced also On X, that the position would be rescinded and a full review of the Academy's hiring practices would be conducted. Report links Chinese companies to tools used by state sponsored hackers According to Sentinel Labs, information gained from the recently unsealed indictment against two Chinese nationals accused of being members of Silk Typhoon revealed the connections to a number of Chinese firms that build offensive technology. These companies have names like Shanghai Haiying Information Technology Company and Shanghai firetech Information science and technology company. The report shows that the relations between the hackers, their companies and the Chinese government is not one way implying deeper connections between the companies and ministries within the Chinese government. Honeywell Experion PKS Flaws Warning following an advisory published last week by cisa, Honeywell has now patched six vulnerabilities in its Experion Process Knowledge system, which is an industrial process control and automation solution. These vulnerabilities impact the control data access component and they can lead to remote code execution. A couple of the vulnerabilities are rated as high severity and can be exploited for denial of service attacks, while a medium severity flaw could be used to manipulate communication channels and cause incorrect system behavior. CISA points out that the impacted products are used worldwide, including in critical infrastructure sectors such as critical manufacturing, chemical, energy, water and healthcare. End quote Huge thanks to our sponsor DropZone AI, security teams everywhere are drowning in alerts. That's why companies like Zapier and CBTS turned to Dropzone AI, the leader in autonomous alert investigation. Their AI investigates everything, giving your analysts time back for real security work. No more 40 minute rabbit holes. If you're at Black Hat, find them in Startup City. Otherwise check out their self guided demo at Dropzone AI. Drop Zone AI this is how modern socks are scaling without burning out another WordPress theme flaw threatens RCE the flaw in a theme called Alone charity multipurpose nonprofit WordPress theme contains a vulnerability with a CVE number and which carries a CVSS score of 9.8. According to WordPress security company Wordfence. The vulnerability is rooted in a plugin installation function and could, quote make it possible for an unauthenticated attacker to to upload arbitrary files to a vulnerable site and achieve remote code execution, which is typically leveraged for complete site takeover. End Quote WordPress site owners using the theme are advised to apply the latest updates. Check for any suspicious admin users and scan logs for a particular action request that is included in the show. Notes to this episode Proton launches Free Standalone Cross Platform Authenticator App Proton Authenticator works on Windows, macOS, Linux, Android and iOS. Like other two FA authenticator apps, it generates time based one time passwords. However, the Proton Authenticator uses no ads, trackers or vendor lock in and is open source. Critical Flaws in Dahua cameras demand instant patching On Monday, we covered a story about flaws in LG surveillance cameras that allow for admin access. Now another company's cameras have joined the group. According to researchers at Bitdefender, The Dahua Hero C1 smart camera series Dahua is also vulnerable to remote code execution. These cameras are mostly used in retail stores, warehouses and private homes. The flaws have a CVE number and a CVSS score of 8.1. Kremlin monitors foreign embassies in Moscow at ISP level according to researchers at Microsoft, the Russian government is monitoring foreign embassies in Moscow by installing malware through its control of local Internet service providers. This campaign, which has been in operation since last year, is referred to by Microsoft as Secret Blizzard, but this is the first time it has been able to confirm that the campaign has the capability to conduct espionage activities at the ISP level. In a blog post on Thursday, Microsoft said it first saw the spies using an adversary in the middle technique to deploy the Apollo Shadow malware against foreign embassies in February of this year, allowing them to collect intelligence from diplomatic entities and maintain access to systems as usual, we've got a busy Friday of live streams today. It starts at 1pm with Super Cyber Friday, where the topic will be Hacking the Talent Mythology, an hour of critical thinking about why the skills shortage might be a hiring problem. Then at 3:30pm Eastern we have our Week in Review show. Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University, will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the events page@cisoceries.com and if you find yourself in downtown Montreal today Friday Vendre Dit, Come on by to meet David Spark and other Montreal based CISOs and fans of the show at the CRU Cafe that is at 360 Rue St. Jacques in Old Montreal in the first floor of the Royal Bank Tower. The event is happening between 8:30am and 10:00am again. That is Friday. Today we hope to see you there. En esperant vous voir. I'm Steve Prentiss reporting for the CISO series.
- [08:37]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.