Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Tuesday, October 21, 2025. I'm Lauren Verno. DNS Failure Leads to AWS Outage Was anyone marked safe from the AWS outage on Monday? Yeah, I didn't think so. An Amazon Web service outage took down dozens, if not more, of global platforms including Amazon, Snapchat, Roblox, Hulu and financial apps like Robinhood and Coinbase. Now the disruption stemmed from a domain name system or DNS failure in AWS's critical US East1 region in Northern Virginia, impacting at least 28 AWS services. Now AWS says the issue was resolved Monday morning after engineers identified and mitigated the DNS problem, though lingering effects could be felt by those just trying to get through the workday China Accuses NSA of hacking National Time Center Now China has accused the U.S. national Security Agency or NSA of of carrying out cyber attacks on its National Time Service center, claiming the attacks exploited messaging service vulnerabilities and 42 types of special cyber attack weapons between 2022 and 2024. The center maintains and distributes China's official Standard Time, which supports critical systems like communications, financial networks, power grids, traffic, transport and you get the picture, meaning any disruption could have widespread consequences. As of this recording, the US has not responded to the allegations. Chrome Store flooded with high risk WhatsApp automation researchers have uncovered a large scale campaign abusing 131 rebranded WhatsApp web automation extensions for Chrome to spam Brazilian users. The extensions, all built on the same code base, injects scripts directly into the WhatsApp web to automate bulk messaging while bypassing anti spam limits. With collectively over 20,000 active users, the campaign has been ongoing for at least nine months with updates 6 still appearing as of last Friday. Microsoft update issues Microsoft's October 2025 Windows security updates are causing smart card authentication and certificate issues across Windows 10, 11 and Server stemming from a change to strengthen cryptographic services. The update switches RSA based smart card certificates from cryptographic service provider CSP to key storage provider ksp, which can trigger login failures, errors in apps using certificate based authentication and invalid provider type specified messages. A temporary fix involves manually disabling the new registry key, but you better act fast, Microsoft warns This key will be removed in April of 2026. Huge thanks to today's episode sponsor ThreatLocker. Cybercriminals don't knock. They sneak in through the cracks other tools miss. That's why organizations are turning to ThreatLocker as a zero trust endpoint protection platform. ThreatLocker puts you back in control, blocking what doesn't belong and stopping attacks before they spread. Zero trust security starts here with ThreatLocker. Swedish home security company breached Very sure reported a data breach at its Swedish subsidiary Alert alarm, affecting around 35,000 current and former customers. The compromised data included your normal pii, including names, addresses, emails and Social Security numbers, though Very Sure's main network across Europe and Latin America was not impacted. The breach comes just a week after Very Sure's 3.2 billion euros IPO, which saw shares drop more than 5%, and Swedish authorities have opened an investigation into suspected blackmail and an aggravated data breach. Hundreds of thousands remain exposed in F5 breach, a follow up to a story we first reported last week. More than 262,000 F5 big IP devices remain exposed online after the company confirmed a breach by nation state hackers. The attacker stole source code and data after gaining access to F5's big IP development and engineering systems. F5 said there were no signs of compromise in its financial, cloud or CRM systems and only limited customer configuration data was taken. The breach has been privately linked to the China based threat group UNC5221, which was found to be active in the network for at least a year. Windows SMB attacks continue CISA warns that threat actors are actively exploiting a high severity Windows SMB vulnerability that lets attackers gain system privileges on unpatched systems. The flaw affects all Windows Server 10 and 11 versions up to 24H2 and was patched in June of 2025, though proof of concept details were publicly available beforehand. Exploitation involves tricking victims into connecting to a malicious SMB server, allowing attackers to elevate privileges remotely. Experian to delete Dutch database Experian Netherlands was fined 2.7 million euro by the Dutch Data Protection Authority for GDPR violations after collecting and using personal data without consent, including information that influenced customer contracts and deposits. The company has stopped operating in the Netherlands and plans to delete its database of personal information by the end of the year, acknowledging the violations and not appealing the fine. In the same breath, a vendor will try to sell you a zero trust solution. They will also implicitly ask for your trust about their pitch. No one wants to come off in a bad light, but why do vendors risk losing trust by going for a perfect pitch? We're talking about that disconnect on our latest episode of the CISO series podcast. Look for the episode Dear Abby why should I trust a vendor selling me zero trust? Wherever you get your podcasts and if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbacksoseries.com we'd love to hear from you. I'm Lauren Verno reporting for the CISO series.