Cyber Security Headlines – Episode Summary

Host: CISO Series
Episode Title: ATM Raspberry Pi Breach, Easterly West Point Cancellation, Chinese Company-Hacker Link
Release Date: August 1, 2025

1. ATM Network Breach via 4G Raspberry Pi

In this episode, the CISO Series delves into a sophisticated breach targeting ATM networks using a 4G Raspberry Pi device. The attack has been attributed to UNC2891, a financially motivated threat actor. According to Group IB, a prominent security firm, the attackers required physical access to install the Raspberry Pi, connecting it to the ATM's network switch and effectively infiltrating the network.

Key Details:

• Malware Utilized: The attackers employed a kernel module rootkit named CAKE tap, designed to obscure network connections, processes, and files. This rootkit also intercepted and spoofed card and PIN verification messages from hardware security modules.
• Detection Challenges: The use of Linux bind mounts allowed the attackers to hide backdoor processes from standard detection tools. As a result, conventional forensic triage failed to identify the breach, highlighting the sophistication of the attack techniques employed by UNC2891.

Notable Quote:

"Standard forensic triage failed to reveal the backdoor because the attacker leveraged a technique that had not been documented in public threat reports at the time." – Steve Prentiss [02:15]

2. Rescinded Appointment of Easterly to West Point

The podcast discusses the recent controversy surrounding the rescinded appointment of Easterly to a prestigious position at the United States Military Academy at West Point. Initially named to The Robert F. McDermott Distinguished Chair, Easterly's appointment was swiftly revoked following opposition from far-right activist Laura Loomer.

Key Developments:

• Appointment Announcement: West Point had announced Easterly's appointment to a distinguished chair intended for leading scholars in social sciences.
• Opposition and Rescission: Laura Loomer criticized Easterly on platform X (formerly Twitter), citing her tenure under the Biden administration as a conflict. Consequently, Secretary of the Army Dan Driscoll announced the rescinding of the appointment and initiated a comprehensive review of the Academy's hiring practices.

Notable Quote:

"The position would be rescinded and a full review of the Academy's hiring practices would be conducted." – Secretary of the Army Dan Driscoll [05:40]

3. Chinese Companies Linked to State-Sponsored Hackers

The episode highlights revelations from Sentinel Labs regarding the connections between Chinese firms and state-sponsored hacking groups. The unsealed indictment against two Chinese nationals associated with Silk Typhoon unveiled ties to companies like Shanghai Haiying Information Technology Company and Shanghai Firetech Information Science and Technology Company.

Key Insights:

• Interconnected Relationships: The report indicates a bidirectional relationship between the hackers, their affiliated companies, and various Chinese government ministries, suggesting a deeper collaboration beyond mere employment.
• Offensive Technology Development: These companies are implicated in building and supplying offensive cyber tools, further bridging the gap between commercial enterprises and state-sponsored cyber operations.

Notable Quote:

"The relations between the hackers, their companies and the Chinese government is not one way implying deeper connections between the companies and ministries within the Chinese government." – Steve Prentiss [07:25]

4. Honeywell Experion PKS Vulnerabilities Patched

Following a CISA advisory, Honeywell has addressed six critical vulnerabilities in its Experion Process Knowledge System—a key industrial process control and automation solution. These vulnerabilities pose risks such as remote code execution and denial of service attacks.

Impact Assessment:

• Severity Levels: Among the patched vulnerabilities, a couple are rated as high severity, capable of enabling denial of service attacks, while a medium severity flaw could manipulate communication channels, leading to incorrect system behaviors.
• Affected Sectors: The compromised products are widely used in critical infrastructure sectors, including manufacturing, chemical, energy, water, and healthcare, underscoring the potential widespread impact of these vulnerabilities.

Notable Quote:

"These vulnerabilities impact the control data access component and they can lead to remote code execution." – Steve Prentiss [10:10]

5. WordPress Theme Flaw Threatens Remote Code Execution

A significant vulnerability has been identified in the Alone Charity multipurpose nonprofit WordPress theme. Assigned a CVE number and a CVSS score of 9.8, this flaw allows unauthenticated attackers to upload arbitrary files, facilitating remote code execution and potential site takeovers.

Recommendations for Site Owners:

• Immediate Updates: WordPress users utilizing the affected theme are urged to apply the latest updates promptly.
• Security Checks: Owners should inspect for any suspicious admin users and scan logs for specific action requests indicative of exploitation attempts.

Notable Quote:

"It could, quote make it possible for an unauthenticated attacker to upload arbitrary files to a vulnerable site and achieve remote code execution." – Steve Prentiss [12:45]

6. Proton Launches Free Standalone Cross-Platform Authenticator App

Proton has introduced Proton Authenticator, a free standalone multi-platform app compatible with Windows, macOS, Linux, Android, and iOS. Unlike traditional two-factor authentication apps, Proton Authenticator is open-source and free from ads, trackers, or vendor lock-in, providing a privacy-centric security solution.

Features:

• Time-Based One-Time Passwords (TOTP): Generates secure, time-sensitive codes for authentication.
• User Privacy: Emphasizes no tracking or advertising, aligning with Proton's commitment to user privacy and security.

7. Critical Flaws in Dahua Cameras Require Immediate Patching

Following recent reports of vulnerabilities in LG surveillance cameras, researchers at Bitdefender have identified similar flaws in the Dahua Hero C1 smart camera series. These vulnerabilities, rated CVE-2025-XXXX with a CVSS score of 8.1, allow for remote code execution.

Affected Environments:

• Usage Scenarios: These cameras are commonly deployed in retail stores, warehouses, and private residences, making the flaws a significant concern for both commercial and personal security setups.

Notable Quote:

"These cameras are mostly used in retail stores, warehouses and private homes." – Steve Prentiss [15:30]

8. Kremlin's ISP-Level Espionage on Foreign Embassies

Microsoft researchers have uncovered that the Russian government has been conducting espionage on foreign embassies in Moscow at the ISP level. This operation, named Secret Blizzard, involves deploying Apollo Shadow malware via local Internet Service Providers to monitor and extract intelligence from diplomatic entities.

Operational Insights:

• Technique Employed: The use of an adversary-in-the-middle approach allows the Kremlin to intercept and manipulate data traffic, maintaining persistent access to targeted embassy systems.
• Duration and Impact: Active since the previous year, Secret Blizzard has provided the Russian government with ongoing intelligence capabilities within Russian diplomatic circles.

Notable Quote:

"This campaign... has the capability to conduct espionage activities at the ISP level." – Steve Prentiss [17:50]

Additional Notes

The episode also briefly mentions upcoming events and new security tools but omits detailed coverage to maintain focus on the primary cybersecurity headlines.

For more in-depth stories and daily updates on information security, visit CISOseries.com.