Cyber Security Headlines – Episode Summary
Podcast: Cyber Security Headlines
Host: Steve Prentiss (CISO Series)
Date: August 18, 2025
Episode Theme:
A fast-paced daily roundup of key stories in cybersecurity, including high-severity product vulnerabilities, major cyberattacks, new industry reports, crime tactics, law enforcement actions, and evolving cyberthreats. This episode is tailored for professionals needing crucial updates from credible sources to inform risk management and security posture.
Main Stories & Discussion Points
1. Cisco Firewall Max Severity Vulnerability
- Topic: Cisco released a patch for a maximum severity flaw in its Secure Firewall Management Center software.
- Details:
- The bug allows unauthenticated remote attackers to inject arbitrary shell commands and execute privileged operations.
- Discovered during internal testing; no evidence of exploit in the wild so far.
- Users are strongly advised to update or apply mitigations.
- Notable Quote:
- “...could allow unauthorized syndicated attackers to inject arbitrary shell commands and execute high privilege commands.” – Steve Prentiss [00:14]
- Takeaway: Fast remediation is critical, even in absence of active exploitation.
2. Colt Telecom Ransomware Attack
- Topic: Colt Telecom, a major British/EU/Asia/North America provider, suffered a data breach claimed by the Warlock ransomware gang.
- Details:
- Attackers offer 1 million allegedly stolen documents for $200,000.
- Data includes financials, employee/customer info, executive emails, and software code.
- Root cause:
- Likely exploitation of a Microsoft SharePoint zero-day (in use since July 18, patched July 21).
- Notable Quote:
- “The hacker likely gained access by exploiting a remote code execution vulnerability in Microsoft SharePoint, which has been exploited as a zero-day since at least July 18.” – Steve Prentiss, referencing Kevin Beaumont [01:06]
- Takeaway: Prompt response to critical vendor advisories is vital to prevent breach.
3. CISA’s Plea to OT Environments
- Topic: U.S. CISA (Cybersecurity and Infrastructure Security Agency) appeals for urgent improvement of Operational Technology (OT) defenses.
- Details:
- OT-targeted attacks are up 87% year-over-year (per Dragos).
- New foundational CISA guidance urges asset inventory and fresh security taxonomy—“assume nothing and start entirely fresh.”
- Notable Quote:
- “Starts with the absolute basics: assume nothing and start entirely fresh with a new taxonomy-based OT asset inventory.” – Steve Prentiss [02:00]
- Takeaway: Cyber hygiene and visibility are as crucial in OT as in IT; new guidance is foundational.
4. Ghost Tapping: Retail Fraud Tactic
- Topic: Recorded Futures Insect Group describes “ghost tapping,” a fraud method proliferated by organized crime.
- Details:
- Stolen payment cards and OTPs loaded onto burner phones.
- Devices sold on Telegram, used by mules for in-person fraud.
- Scheme concentrated in Southeast Asia, primarily led by Chinese gangs.
- Police urge caution on entering bank details and OTPs on untrusted ecommerce sites.
- Notable Quote:
- “The gangs first use social engineering, phishing, and mobile malware to steal victims’ card information and then intercept one-time passwords.” – Steve Prentiss [02:46]
- Takeaway: Multi-layered security and user education are needed to combat sophisticated, hybrid fraud.
5. Plex Urges Critical Security Updates
- Topic: Plex Media Server users notified of urgent need to update vulnerable versions.
- Details:
- Only certain versions affected, but update considered urgent.
- Patches available from Plex’s official channels.
- Takeaway: Regular patch cycles and attention to vendor notifications remain essential.
- Timestamp: [03:40]
6. U.S. DOJ Seizes Zeppelin Ransomware Assets
- Topic: DOJ seizes $2.8 million in crypto, cash, and a luxury vehicle from alleged ransomware operator.
- Details:
- Suspect: Yanis Alexandrovich Antropenko, indicted for computer fraud and money laundering.
- Zeppelin ransomware ran 2019-2022, targeted global organizations.
- Takeaway:
- Law enforcement efforts continue to disrupt ransomware operations financially and operationally.
- Timestamp: [04:10]
7. Ermac 3.0 Android Banking Trojan Source Code Analysis
- Topic: Hunt IO cybersecurity team gained access to full source code of Ermac 3.0.
- Details:
- Malware has evolved from Cerberus and Hook.
- Affects over 700 banking, shopping, crypto apps.
- New capabilities: advanced injection, better C2, backdoors; source code shows flaws like hardcoded secrets.
- Operators linked to the BlackRock group.
- Notable Quote:
- “Now version 3.0 supports new injection methods, a C2 command and control panel, Android backdoor, and confirmation of its status as an active malware-as-a-service platform.” – Steve Prentiss [05:00]
- Takeaway:
- Active tracking, detection, and analysis required as mobile threats quickly evolve.
8. New HTTP/2 ‘MadeYouReset’ DoS Vulnerability
- Topic: Deepness Lab researchers found new way to abuse HTTP/2 to cause denial-of-service.
- Details:
- Techniques bypass server-imposed limits on concurrent requests.
- Attack can lead to out-of-memory crashes.
- Now assigned a CVE number; follows other recent HTTP/2 flaws like Rapid Reset.
- Notable Quote:
- “MadeYou Reset is the latest flaw in HTTP 2 Rapid Reset and HTTP 2 Continuation Flood.” – Steve Prentiss [06:00]
- Takeaway:
- HTTP/2, though efficient, is increasingly targeted; organizations with exposed services must stay alert to new attack methods.
Notable Quotes and Memorable Moments
- “...could allow unauthorized syndicated attackers to inject arbitrary shell commands and execute high privilege commands.” – Steve Prentiss (Cisco firewall) [00:14]
- “The hacker likely gained access by exploiting a remote code execution vulnerability in Microsoft SharePoint...” – Steve Prentiss quoting Kevin Beaumont [01:06]
- “Starts with the absolute basics: assume nothing and start entirely fresh with a new taxonomy-based OT asset inventory.” – Steve Prentiss [02:00]
- “The gangs first use social engineering, phishing, and mobile malware to steal victims’ card information and then intercept one-time passwords.” – Steve Prentiss [02:46]
- “Now version 3.0 supports new injection methods, a C2 command and control panel, Android backdoor...” – Steve Prentiss [05:00]
- “MadeYou Reset is the latest flaw in HTTP 2 Rapid Reset and HTTP 2 Continuation Flood.” – Steve Prentiss [06:00]
Key Timestamps
- [00:06] - Episode headlines overview
- [00:14] - Cisco firewall vulnerability details
- [01:06] - Colt Telecom breach, attribution, and root cause
- [02:00] - CISA OT cybersecurity plea and foundational guidance
- [02:46] - Ghost tapping fraud tactics, warnings
- [03:40] - Plex vulnerability and urgent updates
- [04:10] - US DOJ Zeppelin Ransomware asset seizure
- [05:00] - Ermac 3.0 Android banking Trojan analysis
- [06:00] - New HTTP/2 ‘MadeYouReset’ vulnerability details
Summary Takeaways
This episode highlights the urgency of promptly patching critical systems, maintaining vigilance in operational technology environments, tracking emerging criminal tactics, and proactively responding to new vulnerabilities across platforms from web infrastructure to mobile. The speed at which threat actors weaponize new exploits underscores the importance of up-to-date intelligence, collaboration, and continuous hygiene in enterprise security.
For full reports, interviews, and resources, visit CISOseries.com.
