Cyber Security Headlines – CISA Denies Claims, Ransomware Group Claims Attack, Latin America's Security Crisis

Hosted by CISO Series | Released on March 4, 2025

In the latest episode of Cyber Security Headlines, Lauren Verno delves into several pressing issues impacting the information security landscape. From governmental debunking of cyber threat priorities to escalating cyber crises in Latin America, the episode provides a comprehensive overview of current cybersecurity challenges.

CISA Denies Claims of Deprioritizing Russian Threats

Lauren Verno opens the episode addressing the contentious issue surrounding the Cybersecurity and Infrastructure Security Agency (CISA). Recent reports, including one from The Guardian, suggested that CISA had been instructed to deprioritize tracking Russian cyber threats. However, CISA vehemently denies these allegations.

Verno states, “CISA is pushing back against reports that it has been directed to stop tracking Russian cyber threats, calling the claim, quote, fake and a risk to national security” (00:07). This denial comes amid confirmations from The Record, The New York Times, and The Washington Post that U.S. Cyber Command has been ordered to pause offensive cyber operations against Russia during ongoing negotiations over the war in Ukraine.

The episode highlights bipartisan concerns, with lawmakers warning that such a shift “could weaken U.S. defenses against Russian cyber threats” (00:07), emphasizing the delicate balance between diplomatic negotiations and national security.

Ransomware Group Claims Attack on US Newspaper Publisher

Transitioning to cybercrime, Verno discusses the alarming claim by the Russian-speaking ransomware group Kulin regarding their attack on Lee Enterprises, one of the largest newspaper groups in the U.S. The group alleges the theft of 350 gigabytes of data, including financial records and journalist payments.

Kulin has provided purported evidence of the breach and has issued a threat: “We will leak the stolen data on March 5, potentially exposing sensitive information about the company's operations” (00:07). Lee Enterprises is currently “actively investigating the situation” (00:07), underscoring the growing threat ransomware poses to critical media infrastructures.

Latin America's Escalating Cybersecurity Crisis

One of the most concerning topics covered is the rapid rise of cyber threats in Latin America, which are outpacing global averages. Verno notes a 53% year-over-year increase in attacks, with organizations experiencing nearly 40% more weekly incidents than the global norm (00:07).

Experts attribute this surge to factors such as political instability, lagging cybersecurity adoption, and the rapid rise of financial technology. Sectors like healthcare, communications, and government are particularly targeted, facing 3,000 to 4,000 attacks per week. Brazil stands out as a hotspot where cybercriminals exploit inexperienced users and sometimes collaborate with cartels, exacerbating the security challenges (00:07).

CESA Flags Vulnerabilities in Cisco and Windows Systems

Verno highlights critical vulnerabilities identified by the Cybersecurity and Infrastructure Security Agency (CISA), which have been flagged in Cisco and Windows systems. U.S. federal agencies are mandated to address these flaws by the end of the month to prevent potential exploitation.

These vulnerabilities allow attackers to execute arbitrary commands and gain elevated privileges on affected devices. While CISA has confirmed active exploitation, specific details about the malicious activities or responsible parties remain undisclosed. More information on these flaws is available in the episode's show notes (00:07).

Polish Space Agency Investigates Cyber Attack

The episode reports on a significant cybersecurity incident involving Poland’s space agency, Pulsa. Unauthorized access was detected, leading to the disconnection of their network to contain the breach. Although the exact nature of the attack remains unconfirmed, there are concerns about potential ransomware involvement.

As of the latest update, Pulsa's website remains offline while authorities work to secure their systems and identify the attackers (00:07).

New Phishing Campaign Targets Microsoft SharePoint

Verno also discusses a sophisticated phishing campaign targeting Microsoft SharePoint accounts. This campaign employs a click-fix style attack, deceiving users into deploying a malicious PowerShell command that installs the Havok command and control (C2) framework.

Attackers are utilizing Microsoft’s Graph API to obscure C2 communications, making detection challenging by embedding malware stages within legitimate Microsoft services. Researchers express particular concern over the misuse of a legitimate Microsoft service, rather than the open-source framework, to amplify these cyber campaigns (00:07).

Microsoft Outage Update

Adding to the cybersecurity chaos, Microsoft is experiencing a tumultuous week with multiple outages affecting its services. According to Verno, a new Microsoft 365 outage on Monday has impacted not just Teams but also Outlook, OneDrive, and Exchange. While Microsoft attributes the previous weekend's outage to a coding issue, the current investigation is ongoing, leaving customers uncertain about the reliability of these essential services (00:07).

Multiple Local Governments Face Cyber Attacks

Local government agencies continue to grapple with persistent cyber attacks, disrupting essential services across various regions. For instance, a county in Maryland has been dealing with limited services for over a week, though critical services like 911 remain operational. Officials are still investigating the incident without confirming whether it is a ransomware attack.

Similar disruptions have been reported in Cleveland Municipal Court and Missouri’s Department of Conservation, indicating a widespread trend of cyber assaults on local government entities (00:07).

Discussion: The Idealism of a CISO

In a thought-provoking segment, Verno explores the challenges faced by Chief Information Security Officers (CISOs) in balancing cybersecurity decisions amidst real-world constraints such as time and budget. The discussion centers on the utilitarian approach to cybersecurity—“trying to do the most good for the most people”—and questions the practicality of implementing such ideals in high-pressure environments.

This segment invites listeners to reflect on the complexities of cybersecurity leadership and the often difficult trade-offs required to protect organizational assets effectively (00:07).

Conclusion

Lauren Verno's detailed coverage in this episode of Cyber Security Headlines underscores the multifaceted nature of today's cybersecurity landscape. From high-stakes governmental decisions and ransomware threats to regional security crises and the relentless evolution of cyber attacks, the episode provides valuable insights for professionals and enthusiasts alike.

For a deeper dive into each of these topics, visit CISOseries.com.

Note: Time-stamped quotes are attributed to Lauren Verno at 00:07, representing her commentary throughout the episode.