← Cybersecurity Headlines
Loading summary
Transcript4 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Thursday, June 12, 2025. I'm Rich Stroffelino Zero click data leak flaw in copilot Researchers at AIM Labs documented a flaw in Microsoft 365 copilot dubbed Echo Leak, part of an emerging class of LLM scope violation vulnerabilities. By sending an email with a hidden prompt injection in an otherwise banal business email, the researchers were able to get around Microsoft's cross prompt injection attack classifier protections. When a user later asks about the email, the Retrieval Augmented Generation or RAG engine pulls in the malicious injection, inserting internal data into a crafted markdown image, and then sends it to a third party server. AIM Labs reported the issue to Microsoft back in January, which subsequently issued a server side fix in May. Operation Secure Targets infostealer Operations Interpol announced the results of Operation Secure, an international law enforcement effort that targeted infosteeler infrastructure across 26 countries. The operation ran from January through April 2025, resulting in the takedown of over 20,000 malicious IP addresses, seizing 2,300 domains associated with malware as a service operations. 32 arrested suspects and notified over 200,000 total victims. Luma Rise Pro and the Metastealer all had their infrastructure impacted by the operation. Private cybersecurity partners including Kaspersky Group, IB and Trend Micro also aided in the operation. Fin6 targets recruiters a new report from Domain Tools found that the long running Fin6 cybercrime group has been operating a campaign posing as job applicants on LinkedIn and indeed to target recruiters. The campaign sees them initiating conversations on various job posting platforms to slowly gain trust. This is followed by a phishing email without clickable links, spurring the victim to manually enter a URL to send them to a faked resume site hosted on a legitimate cloud provider. These pages verify the victim before delivering a zip file that installs the More eggs backdoor. From there, the threat actors steal credentials and deploy ransomware United National Foods Recovery Plan earlier this week, we shared the report that United National Foods shut down all business systems from ordering to selection and shipping due to a cyberattack on its earnings call. CEO Sandy Douglas said the company now expects to bring systems back online by June 15, 10 days after the attack was discovered on June 5. Bloomberg sources say the disruption isn't anticipated to impact the company's payroll processing, but that some worker shifts have been canceled due to shuttered operations, even as managers cannot call staff to tell them not to come in. Anecdotal evidence shows some whole foods impacted by the outage, with significantly empty shelves on some items and now a huge thanks to our sponsor for today. Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots and manual processes. Vanta with Vanta GRC can be so much easier while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program, including compliance, risk and customer trust, and streamlines the way you manage information. The impact is real. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get back time to focus on strengthening security and scaling your business. Get started@vanta.com headlines that's V A N T A dot com headlines WhatsApp to back Apple in dispute with UK Home Office back in March, Apple filed an appeal to the UK's Investigatory Powers Tribunal after receiving a secret order from the Home Office to pass on encrypted data from users in the event of a national security threat. You may recall, Apple decided to remove its Advanced Data Protection feature in the UK over the dispute. Now there's not a lot of love lost between Apple and Meta, which makes it notable that WhatsApp head will Cathcart said the company applied to submit evidence to the court in support of Apple's appeal. Cathcart noted the messaging giant would challenge any law or government request that seeks to weaken the encryption of our services. Bill Seeks to Strengthen healthcare Security Congressman Jason Crow introduced a bipartisan healthcare Cybersecurity bill to Congress. If passed, the bill would require CISA and the U.S. department of Health and Human Services to work together on measures to improve cybersecurity across the sector, including sharing of threat intelligence. CISA provided training to healthcare orgs, the creation of healthcare risk management plans with best practices, and creating an objective basis for determining high risk assets. This follows plans to update HIPAA security rules announced back in January, which requires additional security measures for protected health information. IoT slop spam campaign hits abandoned sites 404 media reports that domains owned by prominent companies and organizations include including Nvidia, Stanford, NPR and the U.S. department of Health and Human Services. Vaccines.gov were seemingly infiltrated by a spam marketing campaign. These sites hosted thousands of AI generated articles, each ranging from travel guides to video game reviews and the absurdly lewd. Most of these domains are no longer active, like NPR's Generation Listen project from 2014. All sites carried a byline of Ashley on articles with the same disclaimer DMCA Privacy Policy and Terms of Use pages. Clicking through any links on the sites goes to an SEO spam page based on site archives. Some domains were hijacked for over a month Danabot Leaked data for three Years Last month we covered that an international law enforcement effort disrupted the Danabot botnet, a malware as a service platform operating since 2018. Following the takedown, security researchers at Zscaler disclosed that A flaw in Danabot's C2 servers caused a memory leak from June 2022 to early 2025. Dubbed Danableed, the flaw leaked up to 1,792 arbitrary bytes per server response. Researchers obtained victim data, usernames, IP addresses, malware version updates, and private cryptographic keys through the leak. It remains unclear if this disruption effort and leaked data will lead to a permanent takedown of the operation. Remember to register for our upcoming Super Cyber Friday conversation coming up next week, all about what it takes to become a ciso. If you're an aspiring CISO or just looking to get into security leadership, you need to join us next Friday, June 20th at 1pm Eastern. Be sure to register over on our event page@cisoseries.com and if you have some thoughts on the news from today or just about the show in general, be sure to reach out to us@feedbacksoseries.com we'd love to hear from you. Reporting for the CISO series, I'm Rich Strofalino, reminding you to have a super sparkly day.
- [07:27]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
- [07:39]
B
It.