Attack on steel producer, EUVD online, CISA advisory overhaul

Cyber Security Headlines - Episode Summary

Podcast Information:

• Title: Cyber Security Headlines
• Host/Author: CISO Series
• Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
• Episode: Attack on Steel Producer, EUVD Online, CISA Advisory Overhaul
• Release Date: May 15, 2025

Introduction

In this episode of Cyber Security Headlines, host Rich Stroffelino delivers an in-depth analysis of the latest developments in the information security landscape. Covering significant events such as the cyber attack on a major steel producer, the launch of the European Vulnerability Database (EUVD), and the recent advisory overhaul by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), this episode provides valuable insights for cybersecurity professionals and enthusiasts alike.

1. Cyber Attack on Nucor Corporation

At [00:15], Rich introduces the first major headline: a cyber attack targeting Nucor Corporation, the largest steel producer in the United States. The attacker gained unauthorized access to certain of the company’s information technology systems, as disclosed in an 8-K filing with the U.S. Securities and Exchange Commission.

Key Points:

• Impact: The attack halted production at several Nucor locations. Although operations have begun to restart slowly, the disruption had significant operational and financial implications.
• Details: The company did not disclose specifics about the date, threat actor, or the type of attack.
• Response: As of the episode's release, no threat group has claimed responsibility for the breach.

Notable Quote:

"No threat group has taken credit for the attack so far." — Unknown Contributor [00:46]

2. Launch of the European Vulnerability Database (EUVD)

Moving to cybersecurity infrastructure, at [00:46], Rich discusses the European Union’s latest initiative—the European Vulnerability Database (EUVD).

Key Points:

• Development: The EUVD was developed by the Union Agency for Cybersecurity (ANISA), stemming from work initiated in June 2024 under the EU’s Network and Information Security 2 directive.
• Features: Similar to the U.S. National Vulnerability Database, the EUVD assigns Standard CVE IDs and unique EUVD identifiers to reported vulnerabilities. It offers dashboards for tracking critical and actively exploited vulnerabilities with near real-time updates.
• Access: Initially launched in closed beta last month, the full version is now available online, sourcing data from open-source databases, vendor guidelines, and national advisories.

Notable Quote:

"The EUVD claims near real-time updates." — Unknown Contributor [00:57]

3. CISA Advisory Overhaul

At [01:28], Rich covers significant changes proposed by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) regarding its advisory dissemination methods.

Key Points:

• Proposed Changes: On May 13, CISA announced plans to discontinue standard updates on its cybersecurity alerts and advisory site. Instead, advisories would be distributed via email and social media platforms.
• Impact: This shift would eliminate the ability for professionals to subscribe to alerts through RSS feeds, which has raised concerns within the cybersecurity community.
• Reasoning: CISA stated that the overhaul aims to prioritize urgent alerts more effectively.
• Reaction: Due to substantial feedback, on May 14, CISA paused the immediate implementation of these changes to reassess the best approach for sharing information with stakeholders.

Notable Quote:

"We have paused immediate changes while we reassess the best approach to sharing with our stakeholders." — CISA Representative [01:28]

4. Australian Human Rights Commission Data Leak

Transitioning to international news at [02:34], Rich reports on a data breach involving the Australian Human Rights Commission (AHRC).

Key Points:

• Incident Details: Between April 3 and May 5, 2025, approximately 670 documents were exposed online and indexed by search engines.
• Content Exposed: The leaked documents included complaint web form submissions containing private personal information and contributions to the National Anti-Racism Framework paper.
• Cause: The AHRC confirmed that the breach was due to a misconfiguration, not a malicious external attack.
• Response: The organization temporarily disabled all web forms to prevent further issues and requested search engines to remove the indexed content.

Notable Quote:

"This incident did not represent a malicious external attack." — AHRC Representative [02:36]

5. Sponsor Message: Vanta

At [02:58], the episode includes a sponsored segment by Vanta, a platform dedicated to automating compliance and governance, risk, and compliance (GRC) programs.

Key Points:

• Features: Vanta offers continuous visibility into compliance controls, automates evidence collection across over 35 frameworks (including SOC 2 and ISO 2701), centralizes key workflows, and leverages AI to expedite security questionnaires.
• Benefits: The platform aids businesses in maintaining real-time security posture, reducing reliance on point-in-time checks.

Call to Action:

"Get started at vanta.com/headlines." — Vanta Representative [03:43]

6. Advanced Protection Features for Android

At [03:52], Rich delves into Google's enhancements to its security features for Android devices.

Key Points:

• New Enhancements: Building on the Advanced Protection program launched in 2017 for high-risk Google account users, Google is now extending these features to phones running Android 16.
• Functionalities:
  • Blocks connections to legacy 2G data networks.
  • Disables JavaScript optimizations in the default browser.
  • Introduces intrusion logging, which is end-to-end encrypted and stored in the cloud to ensure logs remain intact even if a device or account is compromised.
  • Provides an API for third-party app integration with advanced protection.

Comparison: These features are akin to Apple's lockdown mode on iOS, offering similar layers of security for enhanced protection.

Notable Quote:

"This blocks connections to legacy 2G data networks and disables JavaScript optimizations in the default browser." — Unknown Contributor [03:58]

7. Leadership Changes at US Cyber Command

At [04:37], the focus shifts to internal developments within the U.S. military cybersecurity apparatus.

Key Points:

• Upcoming Appointments: Multiple sources indicate that the Trump administration is set to name a candidate for the vacant position of National Security Agency (NSA) Deputy Director before Memorial Day.
• Recent Dismissals: Both General Timothy Hoff (head of US Cyber Command and NSA) and Deputy NSA Chief Wendy Noble were dismissed last month.
• Structural Changes: The administration is evaluating the possibility of ending the dual-hat leadership structure that currently oversees both the NSA and US Cyber Command.
• Approval Process: Any restructuring will require approval from both the Secretary of Defense and the Joint Chiefs Chairman to ensure it does not impede Cyber Command operations.

Notable Quote:

"Restructuring the leadership requires sign off from both the Secretary of Defense and the Joint Chiefs Chairman that the move won't hinder Cyber Command." — Unknown Contributor [04:43]

8. Exposing North Korean IT Workers at Scale

At [05:07], Rich discusses a significant report by Wired that sheds light on North Korean IT operations.

Key Points:

• Report Source: Data from Dtech Systems reveals over 1,000 email addresses linked to North Korean IT worker activities.
• Profiles Highlighted: The report profiles two members of a North Korean developer group now based outside Russia, namely Naoki Murano and Jensen Collins.
• Activities:
  • These developers primarily worked for cryptocurrency companies, including Coinbase.
  • They engaged in creating fake job applications and recruiting accomplices.
  • The fake IT workers were tasked with meeting specific income quotas, under the close supervision of military personnel to prevent defection.

Notable Quote:

"These fake IT workers are generally required to hit specific income quotas with evidence of military personnel directly monitoring communications so they don't become defectors." — Unknown Contributor [05:31]

9. Evanti Patches Actively Exploited Zero-Day Vulnerabilities

At [05:47], the episode covers recent security updates from Evanti, a cybersecurity firm.

Key Points:

• Vulnerabilities Addressed: Evanti released patches for vulnerabilities that allow for authentication bypasses and remote code execution affecting two open-source libraries used in its Endpoint Manager Mobile solution.
• Impact Assessment: The company reported a very limited number of customers were affected by these vulnerabilities.
• Mitigation Measures: Implementing Access Control Lists (ACLs) to filter API access can significantly reduce the risk of compromise until patches are applied.
• Future Actions: Evanti plans to collaborate with maintainers of the impacted libraries to determine if additional Common Vulnerabilities and Exposures (CVEs) should be assigned.

Notable Quote:

"Filtering access to the API using ACLs can help significantly reduce the risk of compromise until a patch can be deployed." — Unknown Contributor [05:50]

10. Microsoft Extends Office Security Support

At [06:27], Rich informs listeners about Microsoft's latest updates regarding Office application support.

Key Points:

• Previous Announcement: Earlier in the year, Microsoft declared it would cease supporting Office apps on Windows 10 once the OS reached its end-of-support date on October 14, 2025.
• Extension Granted: Microsoft has now extended support for Office security updates by an additional three years to aid businesses in maintaining security during their transition to Windows 11.
• Recommendation: Despite the extension, Microsoft continues to advise businesses to upgrade to Windows 11 well before the extended deadline to avoid potential performance and reliability issues.

Notable Quote:

"Microsoft still recommends businesses update to Windows 11 well before that deadline to avoid performance and reliability issues over time." — Unknown Contributor [06:56]

11. The Evolving Role of the CISO

Concluding the episode at [07:11], Rich reflects on the challenges facing Chief Information Security Officers (CISOs) in the modern cybersecurity landscape.

Key Points:

• Role Evolution: Over the past decade, the CISO role has transformed into a highly demanding and seemingly insurmountable position.
• Discussion Teaser: The episode promotes a new discussion on resolving the "Sisyphean" nature of the CISO role in the upcoming Defense in Depth segment.
• New Episode: Listeners are encouraged to check out the newly released episode titled "The CISO's Job is Impossible" available at @cisoseries.com and on all major podcast platforms.

Notable Quote:

"The CISO role has evolved into a seemingly impossible job, but someone still has to do it." — Rich Stroffelino [07:11]

Conclusion

Rich wraps up the episode by reminding listeners of the continuous availability of Cybersecurity Headlines every weekday and directs them to cisoseries.com for comprehensive stories behind the headlines.

Final Note: This summary encapsulates the key discussions and insights shared in the May 15, 2025 episode of Cyber Security Headlines by the CISO Series. For more detailed information and ongoing updates, listeners are encouraged to visit CISOseries.com.