Transcript
Steve Prentiss (0:00)
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, May 9, 2025. I'm Steve Prentiss. Cisco patches a level 10 vulnerability in iOS XE. This action is intended to fix a maximum severity security flaw with a CVSS score of 10 in its iOS XE wireless controller. This vulnerability could enable an unauthenticated remote attacker to upload arbitrary files to a susceptible system. In an advisory released Wednesday, Cisco stated the vulnerability exists due to the presence of a hard coded JSON web token on an affected system. They continue an attacker could exploit this by sending crafted HTTPs requests to the AP Image download interface. It should be noted, however, that for an exploitation to be successful, the out of band AP Image download feature must be enabled on the device and this is something that is disabled by default. President Nominates former Unilever CISO to be Pentagon CIO Kirsten Davies is the former Chief Information Security Officer at Unilever. According to her LinkedIn bio, which the Defense Department is using as a backgrounder, she served as CISO for Unilever from September 2021 June 2024 and had other senior information security roles at the Estee Lauder Companies, Barclays Bank, Hewlett Packard and Siemens. She is also a member of Team 8's Ciso Village, described as an avenue for exchanging ideas, collaborating as an industry and promoting innovation in cybersecurity. Team8 is a global venture group that invests in companies specializing in cyber capabilities and artificial intelligence. End quote Sonicwall patches a new zero day vulnerability On Wednesday, the company announced patches for three vulnerabilities affecting its Secure Mobile Access 100 series appliances, all of which could lead to remote code execution. These are different vulnerabilities from those we reported on last Friday. These new vulnerabilities each have cve numbers and CVSS ratings of 8.8, 8.3 and 6.7 respect, and each allows an attacker to inject commands. Users are advised to update their systems as soon as possible, and more specific details about these vulnerabilities can be found in the show. Notes to this episode Venture capital firm Insight Partners confirms vital data stolen in January attack Following up on a story we covered in February, the venture capital firm Insight Partners has announced it will be alerting an unspecified number of people over the next few days about data that was stolen as a result of the January 16 hack. This data includes personal information about its current and former employees and information relating to its limited partners. Those are the investors who provide capital to Insights venture funds, but whose names are typically kept private, end quote. Also stolen was information about certain funds management companies and portfolio companies, including banking and tax information. According to the company's earlier statement in February, threat actors used a sophisticated social engineering technique to gain access to its infrastructure. Huge thanks to our sponsor ThreatLocker. ThreatLocker is a global leader in Zero Trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com CISO that is T H R E A T L O C k-e r.com CISO PowerSchool Hacker now extorting Individual School districts Following up on a story we have been covering since January, the education technology company PowerSchool now says that despite having paid a ransom, the same threat actor is now attempting to use the stolen data to extort the individual school districts that it works with. The breach, which occurred in December, exposed sensitive personal data of more than 60 million K12 students and more than 9 million teachers. PowerSchool had expressed confidence that the incident had been resolved, telling Bleeping Computer that the hackers shared a video which purported to show the data being deleted. Apparently, however, this was not the end of the story as at least four school boards have now been contacted with extortion requests. South African Airways suffers cyberattack the state owned airlines said the cyber attack occurred last Saturday and temporarily disrupted its website and several internal operations systems. Essential customer service channels such as the airline's contact centers and sales offices were not affected and full functionality was restored later the same day. The airline has not confirmed whether the incident involved ransomware and as of this recording no group has taken credit for the incident. Google connects Lost Keys, malware and Russian cyberspies to clickfix the Russian state backed hacking group coldriver has been using a new malware called Lost Keys, all as one word to steal files as part of an espionage attack on Western governments, journalists, think tanks and non governmental organizations. Coldriver has been confirmed as being connected to Russia's Federal Security Service, according to Security Services in the United Kingdom as well as in the Five Eyes Alliance. As mentioned in Bleeping Computer, the Google Threat Intelligence Group first observed Lost Keys being deployed collectively in January as part of the Click Fix series of social engineering attacks where the threat actors trick victims into running malicious PowerShell scripts. Google Ads the typical behavior of Cold river is to steal credentials and then use them to steal emails and contacts from the target Lockbit Ransomware Gang Hacked the Lockbit Ransomware Gang has suffered a data breach after its Dark web affiliate panels were defaced and replaced with a message linking to a MySQL database dump, which itself appears to have occurred on April 29. It is not known who carried out this breach or how they did it, but the defacement message, which reads don't do crime, Crime is bad. Love and kisses from Prague matches one used in a recent breach of the dark website belonging to Everest Ransomware, suggesting a possible link this story, as reported in Bleeping Computer it is too early to tell if this additional reputational hit will be the final nail in the coffin for this ransomware and we're gang. End quote. Remember to check out our Super Cyber Friday livestream Later today at 1:00pm Eastern, 10:00am Pacific. This week we are spending an hour talking about hacking the validity of AI, trying to figure out how we can prove the output of an AI is trustworthy. We're increasingly seeing AI applications in compliance, and that's one area where we don't want any wiggle room when it comes to accurate output. We'll be taking audience questions, playing fun games, and you even have a chance to win prizes. So head on over to our events page@cisoseries.com to register. And later today at 3:30pm Eastern, we have our Week in Review show. Dan Holden, CISO of BigCommerce, will be our guest, providing his expert commentary on the news of the week to join us as a participating commenter on this show through YouTube. Head on over to the Events page once again@cisoseries.com I'm Steve Prentiss reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.