Cyber Security Headlines - May 9, 2025

Host: Steve Prentiss
Podcast: CISO Series
Title: Cyber Security Headlines
Release Date: May 9, 2025

Introduction

In this episode of Cyber Security Headlines, Steve Prentiss delves into the most pressing cybersecurity issues of the day. From critical vulnerabilities in major software platforms to significant personnel nominations within the Pentagon, Prentiss provides insightful analysis and updates on the evolving landscape of information security. This summary highlights the key discussions, notable quotes, and essential takeaways from the episode.

1. Cisco IOS XE Vulnerability

Timestamp: [00:00]

Steve Prentiss opens the episode by addressing a Level 10 vulnerability identified in Cisco's iOS XE wireless controller. This vulnerability carries a CVSS score of 10, denoting maximum severity.

Key Points:

• Nature of the Vulnerability: The flaw allows an unauthenticated remote attacker to upload arbitrary files to affected systems.
• Cause: The vulnerability stems from a hard-coded JSON web token present in the system.
• Exploitation Method: Attackers can exploit this by sending crafted HTTPS requests to the Access Point (AP) Image download interface.
• Mitigation: Cisco has released patches to address this vulnerability. Notably, the out-of-band AP Image download feature, which is disabled by default, must be enabled for exploitation to be possible.

Notable Quote:

"Cisco patches a level 10 vulnerability in iOS XE. This action is intended to fix a maximum severity security flaw with a CVSS score of 10 in its iOS XE wireless controller."
— Steve Prentiss [00:00]

2. Pentagon CIO Nomination: Kirsten Davies

Timestamp: [00:00]

In a significant personnel move, the President has nominated Kirsten Davies, the former Chief Information Security Officer (CISO) at Unilever, to be the Pentagon Chief Information Officer (CIO).

Key Points:

• Professional Background: Davies served as Unilever's CISO from September 2021 to June 2024. Her resume includes senior information security roles at Estee Lauder Companies, Barclays Bank, Hewlett Packard, and Siemens.
• Industry Influence: She is an active member of Team8's CISO Village, a platform for exchanging ideas, collaboration, and promoting innovation in cybersecurity.
• Team8 Overview: Team8 is a global venture firm investing in companies specializing in cyber capabilities and artificial intelligence.

Notable Quote:

"She is a member of Team 8's Ciso Village, described as an avenue for exchanging ideas, collaborating as an industry and promoting innovation in cybersecurity."
— Steve Prentiss [00:00]

3. SonicWall Patches New Zero-Day Vulnerability

Timestamp: [00:00]

SonicWall has announced patches for three new vulnerabilities affecting its Secure Mobile Access 100 series appliances. These vulnerabilities are distinct from those reported the previous Friday.

Key Points:

• Severity and Impact: The vulnerabilities have CVSS ratings of 8.8, 8.3, and 6.7, each capable of leading to remote code execution.
• Exploitation: All vulnerabilities allow attackers to inject malicious commands into the affected systems.
• Recommendation: Users are strongly advised to update their systems immediately. Detailed information about the vulnerabilities is available on the podcast's show notes.

Notable Quote:

"Users are advised to update their systems as soon as possible, and more specific details about these vulnerabilities can be found in the show."
— Steve Prentiss [00:00]

4. Insight Partners Data Breach

Timestamp: [00:00]

Venture capital firm Insight Partners has confirmed that vital data was stolen during a cyberattack in January. This revelation follows up on a story initially covered in February.

Key Points:

• Data Compromised: Personal information of current and former employees, details about limited partners (investors in Insight's venture funds), and information relating to certain funds management and portfolio companies, including banking and tax information.
• Attack Vector: The breach was executed using a sophisticated social engineering technique, allowing threat actors to infiltrate Insight Partners' infrastructure.
• Response: The firm has announced plans to notify the affected individuals in the coming days.

Notable Quote:

"Threat actors used a sophisticated social engineering technique to gain access to its infrastructure."
— Steve Prentiss [00:00]

5. PowerSchool Hacker Extorting School Districts

Timestamp: [00:00]

Education technology company PowerSchool is facing renewed threats as the same threat actor involved in a December breach continues to leverage stolen data for extortion.

Key Points:

• Initial Breach: In December, sensitive personal data of over 60 million K-12 students and more than 9 million teachers were exposed.
• Ransom Payment: PowerSchool had paid a ransom, with initial assurances that the incident was resolved after hackers purportedly shared a deletion video.
• Ongoing Threats: Despite these assurances, at least four school boards have received further extortion requests using the previously stolen data.

Notable Quote:

"PowerSchool now says that despite having paid a ransom, the same threat actor is now attempting to use the stolen data to extort the individual school districts that it works with."
— Steve Prentiss [00:00]

6. South African Airways Cyberattack

Timestamp: [00:00]

South African Airways, the state-owned airline, reported a cyberattack that occurred last Saturday, causing temporary disruptions.

Key Points:

• Affected Systems: The attack impacted the airline's website and several internal operational systems.
• Services Unaffected: Critical customer service channels, including contact centers and sales offices, remained operational.
• Resolution: Full functionality was restored on the same day.
• Current Status: The airline has not confirmed if ransomware was involved, and no group has claimed responsibility as of the recording.

Notable Quote:

"The state owned airlines said the cyber attack occurred last Saturday and temporarily disrupted its website and several internal operations systems."
— Steve Prentiss [00:00]

7. Coldriver Malware Linked to Russian Cyberspies

Timestamp: [00:00]

Google has made connections between the Lost Keys malware and the Russian state-backed hacking group Coldriver, which is implicated in espionage activities against Western entities.

Key Points:

• Malware Details: Lost Keys is a new malware used by Coldriver to steal files from targets such as government bodies, journalists, think tanks, and NGOs.
• Association with FSB: Coldriver is confirmed to be linked to Russia's Federal Security Service (FSB), as corroborated by UK Security Services and the Five Eyes Alliance.
• Attack Method: The malware is deployed through Click Fix social engineering attacks, tricking victims into executing malicious PowerShell scripts.
• Objectives: The primary goal is to steal credentials, emails, and contacts from targeted organizations.

Notable Quote:

"Coldriver has been confirmed as being connected to Russia's Federal Security Service, according to Security Services in the United Kingdom as well as in the Five Eyes Alliance."
— Steve Prentiss [00:00]

8. Lockbit Ransomware Gang Data Breach

Timestamp: [00:00]

The Lockbit Ransomware Gang has suffered a significant data breach, with their Dark Web affiliate panels being defaced and replaced with a message linking to a MySQL database dump.

Key Points:

• Date of Breach: The breach appears to have occurred on April 29.
• Defacement Message: The message read, "don't do crime, Crime is bad. Love and kisses from Prague," mirroring a recent breach of the Everest Ransomware dark website, suggesting a potential connection.
• Impact: It's currently unclear who orchestrated the breach or the methods used. This incident may further damage Lockbit's reputation.
• Future Implications: The breach raises questions about the stability and future operations of the Lockbit Ransomware Gang.

Notable Quote:

"It is too early to tell if this additional reputational hit will be the final nail in the coffin for this ransomware gang."
— Steve Prentiss [00:00]

Conclusion

This episode of Cyber Security Headlines presents a comprehensive overview of the latest developments in the cybersecurity realm. From critical software vulnerabilities and significant data breaches to the strategic movements within cybersecurity leadership, Steve Prentiss ensures listeners are well-informed about the current challenges and responses in information security. Staying updated through reputable sources like CISO Series is essential for professionals navigating the ever-evolving cyber threat landscape.

For more detailed stories and updates, visit cisoseries.com.