Transcript
Sean Kelly (0:00)
From the CISO series, it's Cybersecurity headlines. These are the cybersecurity headlines for Wednesday, May 7, 2025. I'm Sean Kelly. Congress challenges Noem over proposed CISA cuts On Tuesday, Homeland Security Secretary Kristi Noem faced tough questioning from members of Congress about the Trump administration's proposal to cut CESA's funding by $491 million as part of their skinny budget. Homeland Security subcommittee chair Mark Amadei said, at a time when government leaders are saying China is getting the better of the US in cyberspace, appropriators need more information on the budget proposal, top panel Democrat Lorne Underwood said to Noem last week. You said we should just wait for the president's grand cyber plan, but you have not waited to erode the department's cyber defense capabilities by removing resources and personnel from CISA and other components, end quote. Noem maintained that instead of censorship, SISA is now focused on securing critical infrastructure. She added that the president's cyber plan would be coming out shortly and that's the president's prerogative, end quote. Texas school district breach impacts over 47,000 people Elvin Independent School District confirmed they suffered a breach back in June of last year that compromised sensitive information belonging to 47,606 individuals. The district began notifying affected people over the weekend that the incident exposed names, Social Security numbers, state issued IDs, credit card and financial account details, as well as medical and health insurance info. The Fogg ransomware gang published the district's name on its leak site last summer, but it remains unclear whether the district paid a ransom. Since then, Fogg has claimed responsibility for 20 confirmed ransomware attacks, 12 of them on educational institutions and an additional 157 unconfirmed incidents. However, the group appears to have sudden gone dark. Last month, NSO group to pay WhatsApp $167 million in damages on Tuesday, after a five year legal battle, a jury ruled that the NSO group must pay the meta owned platform $167 million in punitive damages and around $444,000 in compensatory damages. WhatsApp accused NSO Group of exploiting an audio calling vulnerability in the chat app to target around 1400 people, including dissidents, human and journalists. WhatsApp was seeking more than $400,000 in compensatory damages based on the time its employees spent on investigation and remediation of the attacks. A WhatsApp spokesperson hailed the historic ruling as the first victory against illegal spyware that threatens the safety and privacy of everyone. NSO Group said it plans to carefully review the details of the verdict and left the door open for an appeal. NSA to cut up to 2,000 civilian roles the National Security Agency has been directed to cut 8% of civilian employees as part of the Trump administration's push to reduce the size of the federal government. The NSA's staffing cuts will likely impact roles ranging from administrative staff to defense and offensive cybersecurity operators. The NSA's total number of non military personnel is classified, but anonymous sources told the record that between 1,500 and 2,000 positions are expected to be cut. The source has added that currently the agency has until end of this year to make the cuts, and now we'd like to thank today's episode sponsor Threat Locker Threat Locker is a global leader in zero trust endpoint security, offering cyber security controls to protect businesses from zero day attacks and ransomware. Threat Locker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's T-H-R-E-A-T L O C K E R.com CISO easily exploitable langflow flaw requires immediate patching CISA has added a critical authentication flaw found in the open source Langflow platform to its known exploited vulnerabilities catalog. Langflow is a python based web application that allows users to build AI driven agents and workflows. The issue allows remote code injection and affects Langflow versions. Prior to 1.3.0 horizon 3AI who discovered the flaw said it's easily exploitable and the available patch fails to fully address the issue. The researchers encouraged users to update to the latest Langflow version to fully mitigate the risk of exploitation. Hackers exploit IoT devices to deploy Mirai Botnet Threat actors have been observed actively exploiting security flaws in two different Internet of Things devices to corral them into the Mirai botnet for conducting distributed denial of Service attacks. The first device is an end of life GeoVision surveillance device, which can be exploited via two critical severity operating system command injection flaws. These issues could be used by threat actors to execute arbitrary system commands. That disclosure comes as researchers warned of an act of exploitation path traversal flaw in Samsung Magic info 9 digital signage server. That issue could enable an attacker to write arbitrary files as system authority. While Samsung addressed that issue back in August of last year, it has since been weaponized by attackers following the release of a proof of concept exploit on April 30th. New investment scams use Facebook ads and filter victims Cybersecurity researchers have identified two threat actors codenamed Reckless Rabbit and Ruthless Rabbit, orchestrating investment scams through spoofed celebrity endorsements on Facebook. The platforms use web forms to collect user data, including user names, phone numbers, email addresses, and also offer the ability to auto generate passwords. The next phase of the attack uses validation tools to filter out traffic from certain countries and ensures that the contact info provided is legitimate. Validated victims are routed through a traffic distribution system or tds, for cloaking to a scam platform where they are either coaxed into making high return investments or where they are instructed to wait for a representative to call them. Reckless Rabbit has been creating domains since at least April of 2024, primarily targeting users in Russia, Romania and Poland. Meanwhile, Ruthless Rabbit has been actively targeting European users since at leave November of 2022. Magento backdoor hid for 6 years before activation it took 6 years for a backdoor hidden in widely used Magento online store extensions to finally reveal itself on April 20th. The malware finally began affecting hundreds of digital storefronts. Security Firm Sansec uncovered 21 modules published between 2019 and 2022, which share malicious logic hidden in PHP files. Once activated, the backdoor runs a remote payload, enabling attackers to deploy Magecart style skimming scripts in customer browsers. Sansec estimates that between 500 and 1,000 stores are running the backdoored software, including a $40 billion multinational. The researchers said it is rare that a backdoor remains undetected for six years, but it is even stranger that actual abuse has only started now, end quote. And that does it for today's cybersecurity headlines. But make sure you check out our new episode of Security. You should know it just dropped today. And we learned from Threat Locker what they're doing to help improve the drudgery that is patch management. You can look for the show wherever you get your podcasts or head over to cisoseries.com thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headline.