Cyber Security Headlines - May 16, 2025

Hosted by Sarah Lane from the CISO Series

1. Coinbase Hackers Bribe Staff to Steal Customer Data

At the outset of today's episode, Sarah Lane reports a significant breach at Coinbase. Hackers successfully bribed overseas support agents to access and steal sensitive customer information. This data includes names, contact details, partial Social Security numbers, and government ID images. Notably, there was no compromise of passwords, private keys, or funds.

Sarah Lane (00:07): "Coinbase says that attackers bribed overseas support agents to steal sensitive customer data and including names, contact details, partial Social Security numbers and government ID images."

Despite the severity of the breach, Coinbase has refused the hackers' $20 million ransom demand. Instead, the company anticipates internal resolution costs could reach up to $40 million while it collaborates with law enforcement and bolsters its security measures.

Sarah Lane (00:07): "Coinbase says it refused to pay a $20 million ransom, but it did say the breach may cost up to $40 million to resolve internally while it cooperates with law enforcement and enhances security."

2. Windows 11 and Red Hat Linux Hacked at Pwn2Own Berlin 2025

The first day of Pwn2Own Berlin 2025 showcased significant vulnerabilities in major software platforms. Researchers exploited zero-day vulnerabilities in Windows 11, Red Hat Linux, Oracle VirtualBox, and Docker Desktop, earning a total of $260,000 in prizes.

Key exploitation techniques included privilege escalations and sandbox escapes, utilizing bugs such as Use After Free and Integer Overflows. Vendors participating in the competition have been given a 90-day window to patch these identified flaws. The competition continues through Saturday, May 17, with over $1 million in prizes still at stake.

Sarah Lane (00:07): "On day one of PWN2Own Berlin 2025 researchers earned $260,000 by exploiting zero days in Windows 11, Red Hat Linux, Oracle VirtualBox and Docker Desktop."

3. Telegram Purges the Internet's Biggest Black Market

In a major crackdown, Telegram has shut down Hou Wang Guarantee (formerly Hui Wang Guarantee), a significant player in the black market, following investigative reports by Wired and blockchain analytics firm Elliptic. The group was implicated in facilitating over $27 billion in illicit transactions, including money laundering for crypto scammers using Tether, as well as the sale of stolen data, deepfakes, and tools for human trafficking operations.

Another Telegram-based market, Rohingb Guarantee, was linked to $8.4 billion in similar activities and was also subsequently taken down.

Sarah Lane (00:07): "Overall, the Internet's biggest ever black market just shut down amid a Telegram purge."

Telegram has stated that these actions are in alignment with its terms of service, which prohibit illegal activities.

4. Kremlin-Based Hackers Target Eastern European Government Agencies

APT28, also known as Fancy Bear, a Russia-linked hacking group, has been actively targeting webmail servers of Eastern European government agencies and defense firms. They exploit Cross-Site Scripting (XSS) vulnerabilities to steal login credentials and access sensitive emails. This phishing campaign has impacted entities in Ukraine, Romania, Bulgaria, and other regions.

Victims typically receive emails embedded with malicious code disguised as news links. APT28 has a history of exploiting vulnerabilities in systems like Round Cube and Zimbra webmail, underscoring their persistent threat to regional security.

Sarah Lane (00:07): "Russia linked hacking group APT28, also known as Fancy Bear, has been targeting webmail servers used by Eastern European government agencies and defense firms."

5. Dior Confirms Data Breach Affecting Customer Information

French luxury brand Dior has disclosed a data breach discovered on May 7, impacting customers in countries such as China and South Korea. The compromised information includes names, contact details, addresses, and purchase preferences. Fortunately, financial data and passwords were not affected.

Dior has notified the affected individuals and is actively investigating the incident. Korean authorities are currently reviewing Dior's response to the breach.

Sarah Lane (00:07): "Dior says it's notified affected individuals and is investigating the incident, while Korean authorities are reviewing the company's response."

6. FTC Seeks to Enforce the Take It Down Act Against Deepfake Pornography

The Federal Trade Commission (FTC) is pushing for the enforcement of the Take It Down Act, which targets non-consensual deepfake pornography. FTC Chair Andrew Ferguson addressed Congress, emphasizing the need for increased funding, more secure software, and specialized staff to effectively review explicit content and pursue legal actions.

The proposed law mandates platforms to remove such content within 48 hours, a timeline that may pose significant challenges under current regulations. Additionally, there is ongoing controversy surrounding the current US President's dismissal of two Democratic commissioners, raising concerns about the agency's independence and potential legal ramifications.

Sarah Lane (00:07): "FTC Chair Andrew Ferguson told Congress the agency needs more funding, needs more secure software and specialized staff to review explicit content and pursue enforcement."

7. AI Advances: Encrypting Secret Messages Invisible to Cybersecurity Systems

Researchers from the University of Oslo have unveiled "Embedder LLM," an AI-driven system capable of embedding encrypted messages within natural-sounding chatbot responses. This technique renders the messages invisible to current cybersecurity tools and allows them to be transmitted via any messaging platform. The system supports both symmetric and public key encryption and is resistant to quantum decryption methods.

Sarah Lane (00:07): "They developed Embedder LLM, a system that hides encrypted messages in AI generated text, making them invisible to current cybersecurity tools."

8. How Co Op Averted an Even Worse Cyber Attack

Co Op, a UK retailer, narrowly avoided a catastrophic ransomware attack orchestrated by the Dragon Force Cybercrime group. The attackers attempted to infect Co Op's systems, but the company responded swiftly by taking its own systems offline. Although customer data was still stolen, Co Op managed to prevent a full system lockdown and is recovering more rapidly compared to competitors like Marks and Spencer, which endured deeper system compromises and substantial financial losses estimated at 43 million pounds per week.

Dragon Force Cybercrime has also claimed responsibility for attacks on Harrods, utilizing platforms like Telegram and Discord to coordinate their illicit activities.

Sarah Lane (00:07): "Attackers from the Dragon Force Cybercrime group attempted to infect UK retailer Co Op with ransomware, but in response the company took its own systems offline."

Upcoming and Additional Content

While the episode primarily focused on the aforementioned topics, listeners were also informed about upcoming segments and shows, including discussions with Sanfly Security on securing unmonitored Linux devices and a Week in Review show featuring Nick Espinosa from Deep Dive Radio. Participation and comments are encouraged through the CISO Series' YouTube live channel.

Conclusion

Today’s episode of Cyber Security Headlines provided a comprehensive overview of critical incidents and developments in the cybersecurity landscape. From high-profile data breaches and sophisticated hacking competitions to regulatory efforts and innovative AI applications, the discussions underscored the ever-evolving challenges and responses within the realm of information security.

For those seeking detailed stories and further insights, additional information is available at CISOseries.com.

This summary encapsulates the key points discussed in the episode, complete with notable quotes and proper attribution, ensuring a thorough understanding for those who have not listened to the original podcast.