Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Thursday, October 2, 2025. I'm Sarah Lane. Breach Notification letters set to flood North America's mailboxes three companies reported data breaches affecting around 3.7 million North Americans to the main Attorney General's office. Alliance Life disclosed 1,497,036 customers records including names, addresses, dates of birth and Social Security numbers. They were accessed via a third party CRM. WestJet confirmed 1.2 million Americans information was exposed in a June cyber attack and Ohio based Motility Software Solutions reported cyber 766,670 individuals personal and ID data may have been compromised by ransomware. All three companies are providing identity protection and credit monitoring to those affected. New bug in Classic Outlook only fixed via Microsoft Support Microsoft is investigating a bug causing the Classic Outlook client on Windows to crash at launch. The issue affects Microsoft 365 users and can only be resolved by opening a support case through the Microsoft 365 admin portal, prompting Exchange Online support to apply a service change. Affected users are seeing errors related to authentication concurrency limits. Temporary workarounds include using Outlook Web Access or the new Outlook for Windows. Microsoft is also tracking the problem via Fiddler Traces and continues to investigate a permanent fix. Air Force admits SharePoint privacy issue over breach the US Air Force is investigating a privacy related issue tied to Microsoft SharePoint after reports of a breach and a possible service wide shutdown. An alleged Air Force Notice warned that SharePoint systems would be blocked for up to two weeks, though the Air Force has not confirmed services are indeed offline. The Incident follows recent SharePoint flaws exploited by Chinese and Russian hackers and ongoing scrutiny of Microsoft's security lapses in US Government systems. New wiretap attack extracts intel key Researchers at Georgia Tech and Purdue universities demonstrated Wiretap, which can extract Intel SGX attestation keys by intercepting DDR4 memory traffic with a $1,000 interposer device. It undermines SGX's confidentiality and integrity protections, allowing attackers to impersonate genuine XGX hardware and access sensitive data. Intel said the exploit falls outside its threat model since it requires physical access, advising operators to secure servers physically. Huge thanks to our sponsor Nudge Security, AI notetakers like Otter AI spread fast. In fact, one Nudge Security customer discovered 800 new accounts created in only 90 days. Viral AI note takers introduce a slew of data privacy risks by gaining access to calendars and adding themselves to every meeting. Nudge security can help. Within minutes of starting a free trial, you will see every AI app, account and integration, even those created in the past. And smart automation helps you clean up unwanted accounts and guide users toward approved alternatives. See how you can regain control today@nudgesecurity.com StopAudr Android malware uses VNC to give attackers hands on access we know a bit more about the Android banking and RAT Trojan called Clopatra, disguised as an IPTV and VPN app, which has infected more than 3,000 devices in Europe. It uses a hidden VNC mode to perform remote actions on infected devices while appearing idle, capturing banking credentials, keystrokes and cryptocurrency wallet information. Cleopatra also abuses accessibility services for permissions, evades antivirus software and is actively developed with 40 builds since March of this year. Certain researchers link it to a Turkish speaking cybercrime group. Open SSL vulnerabilities allow private key recovery execution attacks Open SSL released updates patching three vulnerabilities, including one that could let attackers recover private keys on 64 bit ARM systems using the SM2 algorithm. Another flaw could allow code execution or DOS, but is considered low likelihood. A third lower severity bug could cause crashes. The open SSL project rated key recovery and code execution issues as moderate and noted such attacks are rare in TLS contexts, though custom configurations remain at risk. Seniors targeted in Facebook scam spreading Android malware thread fabric Researchers uncovered a new global scam campaign using fake Facebook groups for seniors to to spread a new Android malware called DatsPro. Posing as dance events and community gatherings. It lures victims into downloading a fake community app that then installs the malware, often via the Zombinder dropper. It's been seen active in Australia, Singapore, Malaysia, Canada, South Africa and the uk. Datsboro combines spyware and banking Trojan features and enabling device takeover, credential theft and financial fraud. Its leaked code and Chinese language strings suggest origins in China. Google Drive for Desktop gets AI powered ransomware detection Google is rolling out AI powered ransomware detection in Google Drive for Desktop on Windows and macOS. The system pauses file syncing if it detects that there are signs of ransomware, preventing widespread corruption and letting users restore files through Drive's web interface. The AI engine is trained on millions of ransomware samples updated via VirusTotal and adapts to new strains. The feature is enabled by default for most Google workspace tiers and personal accounts. With restoration tools available to all Drive users, we are collecting more data than ever before. Data governance regulations are not going away and they're not getting easier, so how the heck are we supposed to keep up? That's what we try to figure out on the latest episode of Defense In Depth. Look for the episode Data Governments in the Age of AI Wherever you get your podcasts. If you have thoughts on the news from today or about our show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I am Sarah Lane, reporting for the CISO series. Have a Good One, Make a Better One.