Cyber Security Headlines - Detailed Summary

Hosted by CISO Series | Release Date: July 8, 2025

The latest episode of Cyber Security Headlines by CISO Series, hosted by Lauren Verno, delves into a range of critical issues affecting the information security landscape. From high-profile game vulnerabilities to sophisticated ransomware attacks, this episode provides a comprehensive overview of the day's most pressing cybersecurity events.

1. Call of Duty Game Pulled from PC Store

Timestamp: [00:06]

The episode opens with a significant development in the gaming world. Call of Duty: World War II was removed from the Microsoft Store over the weekend following reports from players experiencing severe cybersecurity issues during gameplay. Lauren Verno states:

"Call of Duty World War II was quietly removed from the Microsoft Store over the weekend after players reported their computers were being hijacked mid game."

The removal is attributed to a remote code execution vulnerability linked to the game's peer-to-peer networking model. Affected users reported behaviors such as unexpected computer shutdowns and their desktop images being replaced with pornographic content. As of the recording, EA Activision has not publicly confirmed the specific reasons for the game's withdrawal.

2. U.S. Military Receives Cybersecurity Funding Boost

Timestamp: [00:37]

In a significant move for national security, Congress has passed, and President Trump has signed, a comprehensive tax and spending bill that allocates substantial funds to bolster cybersecurity within the U.S. military. Key allocations include:

• $250 million for U.S. Cyber Commands
• $20 million for DARPA cybersecurity programs
• $1 million for Indo-Pacific Command's cyber offensive operations

Lauren Verno highlights the political dynamics surrounding this funding:

"Now, Democrats have criticized the package for excluding funding for CISA, arguing it overlooks key threats and weakens federal cybersecurity infrastructure."

Conversely, Republicans defend the allocation, emphasizing that national defense and military readiness are the primary drivers behind the cybersecurity investments.

3. Insider Threat Leads to Massive Theft in Brazilian Banking

Timestamp: [02:23]

A severe breach in Brazil's banking sector has come to light, involving an IT employee who facilitated a $100 million theft. The employee allegedly compromised the Pix banking system by selling his credentials to hackers, enabling a sophisticated one-night fraud operation. Key points include:

• The attack targeted financial institutions connected to software vendor CNM.
• Over 540 million Brazilian Reais were stolen (~$100 million USD).
• Individual users remained unscathed; only banks utilizing CNM services were affected.
• Authorities are actively searching for at least four additional suspects involved in the operation.

Lauren Verno summarizes:

"The insider allegedly sold his credentials to hackers who used them to carry out a single night fraud operation targeting financial institutions connected to CNM."

4. Emergence of BERT Ransomware Group

Timestamp: [03:00]

A new ransomware entity named BERT (B-E-R-T) has been identified, actively targeting sectors such as healthcare, technology, and event services across Asia, Europe, and the United States. Characteristics of BERT include:

• Infection Methods: Utilizes PowerShell scripts to disable security tools before deploying ransomware.
• Extortion Tactics: Leaves a ransom note stating "hello from bert."
• System Targets: Infects both Windows and Linux systems.
• Origins: May be repurposing code from the defunct Revelgang group, suggesting potential connections to Russian cyber infrastructure.

Lauren Verno notes:

"BERT uses a PowerShell script to disable security tools before deploying the ransomware, which drops a note reading 'hello from bert.'"

5. Qantas Data Breach and Cybercriminal Contact

Timestamp: [04:40]

Australian airline Qantas reported a data breach affecting up to 6 million customers. Following the breach, the airline received contact from a "potential cyber criminal" concerning the incident. Details include:

• Data Compromised: Names, emails, phone numbers, dates of birth, and frequent flyer numbers.
• Data Security: No passport or credit card information was accessed.
• Breach Source: Compromise originated from a third-party customer servicing platform.
• Customer Notification: Qantas plans to inform affected customers about the specific personal data breached later in the week.

Lauren Verno elaborates:

"The breach originated from a compromise of a third-party customer servicing platform, exposing names, emails, phone numbers, dates of birth, and frequent flyer numbers."

6. Surge in Business Email Compromise (BEC) Attacks

Timestamp: [05:15]

Business Email Compromise (BEC) attacks have surged by 156% since the previous year, now constituting nearly 60% of confirmed cybersecurity threats. Factors contributing to this rise include:

• Phishing-as-a-Service Tools: Platforms like Tycoon2FA and Cheap Info Stealer malware simplify the process for cybercriminals.
• Credential Compromises: Enhanced techniques make it easier to steal employee credentials.
• Attack Vectors: Facilitates BEC scams and ransomware deployments.

Lauren Verno points out:

"Identity-based cyber attacks have surged 156% since last year, now accounting for nearly 60% of confirmed threats."

7. Hackers Exploit Shelter Elite Tool

Timestamp: [05:55]

Hackers have been leveraging a leaked version of Shelter Elite, a legitimate antivirus and EDR evasion tool, to disseminate info-stealing malware. Key aspects of the breach include:

• Source of Leak: Occurred due to a licensed customer who leaked their copy of the software.
• Shelter Elite’s Response: The company acknowledged the breach but stated they were not notified by researchers who detected the malicious activity months earlier.
• Mitigation Measures: An updated version of Shelter Elite has been released to address the vulnerabilities.

Lauren Verno remarks:

"Shelter Elite confirmed the breach came from a licensed customer saying, 'we discovered that a company which had recently purchased Shelter Elite licenses had leaked their copy of the software.'"

8. Thousands of Fake Amazon Domains Detected During Prime Day

Timestamp: [06:56]

Coinciding with Amazon Prime Day, researchers identified over 1,000 fake domains mimicking Amazon’s online presence. Approximately 87% of these domains were flagged as malicious or suspicious. Tactics employed by scammers include:

• Fake Login Pages: Designed to harvest user credentials.
• Phishing Emails: Emails that spoof Amazon support to deceive users into clicking fraudulent refund links.
• Campaign Examples: Recent campaigns involve spam emails urging users to "shop wisely" while directing them to counterfeit refund portals.

Lauren Verno explains:

"Scammers are using fake login pages and phishing emails designed to steal credentials, with one recent campaign spam spoofing Amazon support to trick users into clicking fraudulent refund links."

9. Security Concerns Surrounding Large Language Models (LLMs)

Timestamp: [07:27]

The episode touches on the burgeoning security challenges associated with Large Language Models (LLMs). Key concerns include:

• Scalability Issues: The vast scale of LLMs complicates validation and monitoring efforts.
• Human Oversight Limitations: Incorporating humans into the validation loop is impractical at scale.
• Current Solutions: Many approaches rely on deploying another LLM to manage and mitigate security issues, raising questions about the sustainability of such methods.

The podcast teaser mentions an upcoming episode titled "Not Enough Hallucinations," which aims to explore these challenges in depth.

Conclusion

This episode of Cyber Security Headlines offers a thorough exploration of recent cybersecurity incidents and trends, highlighting the dynamic and evolving nature of cyber threats. From vulnerabilities in popular software and insider threats to the rise of sophisticated ransomware groups and the challenges posed by emerging technologies like LLMs, the episode underscores the critical need for robust cybersecurity measures across all sectors.

For more in-depth coverage and daily updates, listeners are encouraged to visit CISOseries.com.

Note: Advertisements, sponsorship messages, and non-content sections have been excluded to maintain focus on the core cybersecurity topics discussed in the episode.