Court filing system hack explained, PA AG weighs in on attack, Fortinet attacks raise concerns - Cybersecurity Headlines

Summary5 min read

Podcast Summary: Cyber Security Headlines Host: Sarah Lane | CISO Series | Release Date: August 14, 2025

Sarah Lane delivers a comprehensive overview of the latest developments in the cybersecurity landscape in this episode of "Cyber Security Headlines" from the CISO Series. Covering a range of critical incidents and emerging threats, the episode provides listeners with valuable insights into current vulnerabilities, attacks, and industry responses. Below is a detailed summary of the key topics discussed.

1. Federal Court Filing System Hack Exploits Long-Known Flaws

Timestamp: 00:07

Sarah Lane opens the episode by discussing a significant breach targeting the federal judiciary's CMECF case filing system. According to a report by Politico, the attack capitalized on security vulnerabilities identified as early as 2020. These flaws allowed suspected Russian hackers and other malicious groups to access sealed case data, source code, and sensitive court records across at least 12 district courts.

Key Points:

Exploited Vulnerabilities: The hack leveraged basic security flaws that had been recognized but remained unpatched due to inconsistent security measures and delayed implementation of fixes.
Impact: The decentralized nature of the CMECF system contributed to the persistence of these vulnerabilities, leaving crucial judicial data exposed for years.

Quote:

"...the decentralized system's inconsistent security and slow adoption of fixes have reportedly left vulnerabilities largely unaddressed for years." — Sarah Lane [00:07]

2. Pennsylvania Attorney General's Systems Disrupted by Cyberattack

Timestamp: 01:20

The Pennsylvania Attorney General's office experienced a cyberattack that disrupted phone, email, and website operations. Despite the outage, prosecutors continued their work, though the exact cause of the attack remains under investigation.

Key Points:

Potential Exploitation: Officials are investigating whether the attack exploited recently disclosed vulnerabilities in Citrix NetScaler, previously identified by security expert Kevin Beaumont on the office's network.
Broader Impact: Citrix NetScaler flaws have been leveraged in attacks against other governmental bodies, including the Dutch justice system and Caribbean courts.

Quote:

"Officials haven't confirmed whether it involved recently disclosed Citrix NetScaler vulnerabilities..." — Sarah Lane [01:35]

3. Surge in Fortinet VPN Brute Force Attacks Raises Zero-Day Concerns

Timestamp: 02:45

Gray Noise, a cybersecurity firm, reported a significant increase in brute force attacks targeting Fortinet SSL VPNs starting August 3, followed by attacks on FortaManager on August 5. This pattern has historically preceded the disclosure of new vulnerabilities in 80% of past instances.

Key Points:

Nature of Attacks: The current activity is likely adaptive testing by a specific attacker cluster rather than random researcher scans.
Implications for Defenders: Gray Noise advises cybersecurity teams to treat this spike as a possible precursor to a zero-day vulnerability, necessitating heightened vigilance.

Quote:

"Gray Noise now warns defenders to treat the spike as a potential zero day precursor." — Sarah Lane [03:15]

4. High-Severity Vulnerabilities in Matrix Messaging Protocol Addressed

Timestamp: 04:10

The Matrix Foundation has patched two critical vulnerabilities in its federated messaging protocol, which could have allowed attackers to seize control of sensitive chat rooms used by governments and enterprises.

Key Points:

Details of Vulnerabilities: One flaw involved room control permissions, and the other related to predictable room IDs.
Mitigation Measures: Fixes require disruptive room upgrades, and organizations using Matrix must thoroughly test deployments to ensure smooth implementation.

Quote:

"The fixes require disruptive room upgrades and organizations running Matrix need to test deployments before rollout." — Sarah Lane [04:25]

5. UK Expands Police Facial Recognition Capabilities

Timestamp: 05:00

The UK Home Office is enhancing police capabilities by deploying 10 new vans equipped with live facial recognition (LFR) technology to seven additional police regions. This expansion aims to make deployments intelligence-led, targeted, and compliant with the College of Policing guidance.

Key Points:

Public Concerns: Privacy advocates have raised alarms about increased surveillance and potential violations of individual rights.
Ongoing Debates: The rollout coincides with a pending judicial review and ongoing controversy over police use of passport and immigration photo databases.

Quote:

"Privacy advocates warn of increased surveillance and potential rights violations." — Sarah Lane [05:30]

6. St. Paul’s Mayor Confirms Interlock Data Leak

Timestamp: 06:00

Melvin Carter, the Mayor of St. Paul, Minnesota, announced that the Interlock ransomware group leaked 43 gigabytes of data from a Parks and Recreation shared drive. The city refused to pay the ransom, leading to the public release of personal and work documents.

Key Points:

Scope of the Attack: The data leak affected 307,000 residents by forcing a full network shutdown, though emergency services remained operational.
Recovery Efforts: New security measures include password resets for 2,000 employees and enhanced protections on most devices, with assistance from the FBI and the Minnesota National Guard.

Quote:

"The attack on July 25 forced a full network shutdown, disrupting online services for 307,000 residents." — Sarah Lane [06:15]

7. Microsoft Phases Out PowerShell 2.0 from Windows

Timestamp: 06:45

Microsoft has announced the permanent removal of PowerShell 2.0 from Windows 11 (version 24H2) and Windows Server 2025, effectively ending support for this 14-year-old tool.

Key Points:

Transition Plan: Legacy scripts will default to PowerShell 5.1, but users are urged to migrate to newer versions (PowerShell 5.1 or 7) to prevent operational disruptions.
Rationale: This move aims to reduce legacy code, streamline Windows, and enhance security by eliminating outdated components.

Quote:

"The move is part of reducing legacy code, simplifying Windows, and improving security." — Sarah Lane [06:55]

8. Rise of Deepfake AI Trading Scams Targets Global Investors

Timestamp: 07:10

Group IB has uncovered a surge in deepfake-driven scams targeting investors across the globe. These sophisticated campaigns mimic legitimate news broadcasts, generate fake reviews and charts, and produce localized content tailored to the victim's language and region.

Key Points:

Modus Operandi: Victims are directed to fraudulent websites requesting deposits ranging from $100 to $250 and sensitive personal information.
Distribution Channels: The scams proliferate via YouTube, social media, and blogs, predominantly excluding US and Israeli IPs but linked to other fraudulent trading schemes.

Quote:

"Deepfake driven scams are targeting investors worldwide." — Sarah Lane [07:10]

Conclusion

Sarah Lane wraps up the episode by highlighting the persistent challenges in implementing robust cybersecurity measures, such as zero trust principles, despite widespread agreement on their importance. She encourages listeners to engage with the content and share their thoughts via email.

Quote:

"Everyone seems like they're on board with the principles of zero trust. So why do we see implementation lagging?" — Sarah Lane [07:00]

For more detailed stories behind these headlines, listeners are directed to visit [cso series.com](https://cso series.com).

Note: This summary excludes advertisements, introductions, and outros to focus solely on the core content of the episode.

Loading summary

Transcript3 lines

[00:00]
Unknown Host
From the CISO series, it's Cybersecurity Headlines.
[00:07]
Sarah Lane
These are the cybersecurity headlines for Thursday, August 14, 2025. I'm Sarah Lane. Hack of federal court filing system exploited security flaws known since 2020 Politico reports that a sweeping hack of the federal judiciary's CMECF case filing system exploited basic security flaws first identified in letting suspected Russian attackers and other groups steal sealed case data, source code and sensitive court records from at least 12 district courts. The decentralized system's inconsistent security and slow adoption of fixes have reportedly left vulnerabilities largely unaddressed for years. Pennsylvania attorney General says cyber attack knocked phone, email systems offline A cyber attack took down the Pennsylvania attorney general's phone, email and website. Though prosecutors continued to work on cases, the cause is under investigation. Officials haven't confirmed whether it involved recently disclosed Citrix NetScaler vulnerabilities, which security expert Kevin Beaumont previously found on the office's network. Citrix netscalar flaws have been exploited globally, including against the Dutch justice system and Caribbean courts. Spike in Fortinet VPN Brute force attacks raises zero day concerns Gray Noise detected major brute force spikes on Fortinet SSL VPNs on August 3, followed by FortaManager targeting on August 5, a pattern that has preceded new vulnerability disclosures in 80% of past cases. Gray Noise now says the activity traced to a specific attacker cluster is is likely adaptive testing rather than researcher scans. Gray Noise now warns defenders to treat the spike as a potential zero day precursor. Block 10 listed IPs and Harden Fortinet Device access alarm raised over High severity vulnerabilities in Matrix messaging Protocol the Matrix foundation patched two high severity vulnerabilities in its federated messaging protocol that could have let hostile actors seize control of sensitive chat rooms used by governments and enterprises. Discovered during joint research with Elements, the flaws were fixed under an embargo and have not been exploited in the wild. One bug involves room control permissions, the other relates to predictable room IDs. The fixes require disruptive room upgrades and organizations running Matrix need to test deployments before rollout. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Like right now? Right right right now we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frame like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's vanta.com headlines UK expands police facial recognition rollout with 10 new vans Head headed to a town near you the UK Home office is expanding police access to live facial recognition, or LFR, with 10 new vans, extending the tech to seven more police regions. Officials say deployments will be intelligence led, targeted and compliant with College of Policing guidance. Privacy advocates warn of increased surveillance and potential rights violations. The expansion comes alongside a pending judicial review and controversy over police use of passport and immigration photo databases. St. Paul's mayor confirms Interlock data leak St. Paul, Minnesota Mayor Melvin Carter confirmed the Interlock ransomware group leaked 43 gigabytes of data from a Parks and Recreation shared drive after the city refused to pay. The files include personal and work documents, but not core systems, and all city data is backed up. The attack on July 25 forced a full network shutdown, disrupting online services for 307,000 residents, although emergency services did stay up. New security measures include Password resets for 2000 employees and advanced protections on most devices, with help from the FBI and the Minnesota national guard. Microsoft removes PowerShell 2.0 from Windows 11 Windows Server Microsoft will permanently remove PowerShell 2.0 from Windows this month with Windows 11 version 24H2 and from Windows Server 2025 in September, ending support for the 14 year old tool. Eight years after its deprecation. Legacy scripts will default to PowerShell 5.1, but Microsoft urges users to migrate to PowerShell 5.1 or 7 to avoid disruptions, as some older applications and installers may fail without it. The move is part of reducing legacy code, simplifying Windows and improving security. Deepfake AI trading scams target global investors an investigation by Group IB shows that deepfake driven scams are targeting investors worldwide. These campaigns mimic news broadcasts, publish fabricated reviews and charts, and localized content to match a user's language and country. Victims are then funneled to sites asking for somewhere between 100 or $250 deposits and sensitive personal data. The scams are then spread through YouTube, social media and blogs. They appear to exclude US and Israeli IPs, but are linked to domains tied to other fraudulent trading schemes. Everyone seems like they're on board with the principles of zero trust. So why do we see implementation lagging? That's what we're trying to answer on this week's episode of Defense In Depth. Look for the episode where are We Struggling with Zero Trust. Wherever you get your podcasts and if you have thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Sarah Lane reporting for the CISO series. Thank you so much for listening. We'll talk to you next time.
[07:06]
Unknown Host
Cybersecurity headlines are available every weekday. Head to csoseries.com for the full stories behind the headlines.

Podcast Summary: Cyber Security Headlines Host: Sarah Lane | CISO Series | Release Date: August 14, 2025

1. Federal Court Filing System Hack Exploits Long-Known Flaws

Timestamp: 00:07

Key Points:

Exploited Vulnerabilities: The hack leveraged basic security flaws that had been recognized but remained unpatched due to inconsistent security measures and delayed implementation of fixes.
Impact: The decentralized nature of the CMECF system contributed to the persistence of these vulnerabilities, leaving crucial judicial data exposed for years.

Quote:

"...the decentralized system's inconsistent security and slow adoption of fixes have reportedly left vulnerabilities largely unaddressed for years." — Sarah Lane [00:07]

2. Pennsylvania Attorney General's Systems Disrupted by Cyberattack

Timestamp: 01:20

Key Points:

Potential Exploitation: Officials are investigating whether the attack exploited recently disclosed vulnerabilities in Citrix NetScaler, previously identified by security expert Kevin Beaumont on the office's network.
Broader Impact: Citrix NetScaler flaws have been leveraged in attacks against other governmental bodies, including the Dutch justice system and Caribbean courts.

Quote:

"Officials haven't confirmed whether it involved recently disclosed Citrix NetScaler vulnerabilities..." — Sarah Lane [01:35]

3. Surge in Fortinet VPN Brute Force Attacks Raises Zero-Day Concerns

Timestamp: 02:45

Key Points:

Nature of Attacks: The current activity is likely adaptive testing by a specific attacker cluster rather than random researcher scans.
Implications for Defenders: Gray Noise advises cybersecurity teams to treat this spike as a possible precursor to a zero-day vulnerability, necessitating heightened vigilance.

Quote:

"Gray Noise now warns defenders to treat the spike as a potential zero day precursor." — Sarah Lane [03:15]

4. High-Severity Vulnerabilities in Matrix Messaging Protocol Addressed

Timestamp: 04:10

Key Points:

Details of Vulnerabilities: One flaw involved room control permissions, and the other related to predictable room IDs.
Mitigation Measures: Fixes require disruptive room upgrades, and organizations using Matrix must thoroughly test deployments to ensure smooth implementation.

Quote:

"The fixes require disruptive room upgrades and organizations running Matrix need to test deployments before rollout." — Sarah Lane [04:25]

5. UK Expands Police Facial Recognition Capabilities

Timestamp: 05:00

Key Points:

Public Concerns: Privacy advocates have raised alarms about increased surveillance and potential violations of individual rights.
Ongoing Debates: The rollout coincides with a pending judicial review and ongoing controversy over police use of passport and immigration photo databases.

Quote:

"Privacy advocates warn of increased surveillance and potential rights violations." — Sarah Lane [05:30]

6. St. Paul’s Mayor Confirms Interlock Data Leak

Timestamp: 06:00

Key Points:

Scope of the Attack: The data leak affected 307,000 residents by forcing a full network shutdown, though emergency services remained operational.
Recovery Efforts: New security measures include password resets for 2,000 employees and enhanced protections on most devices, with assistance from the FBI and the Minnesota National Guard.

Quote:

"The attack on July 25 forced a full network shutdown, disrupting online services for 307,000 residents." — Sarah Lane [06:15]

7. Microsoft Phases Out PowerShell 2.0 from Windows

Timestamp: 06:45

Microsoft has announced the permanent removal of PowerShell 2.0 from Windows 11 (version 24H2) and Windows Server 2025, effectively ending support for this 14-year-old tool.

Key Points:

Transition Plan: Legacy scripts will default to PowerShell 5.1, but users are urged to migrate to newer versions (PowerShell 5.1 or 7) to prevent operational disruptions.
Rationale: This move aims to reduce legacy code, streamline Windows, and enhance security by eliminating outdated components.

Quote:

"The move is part of reducing legacy code, simplifying Windows, and improving security." — Sarah Lane [06:55]

8. Rise of Deepfake AI Trading Scams Targets Global Investors

Timestamp: 07:10

Key Points:

Modus Operandi: Victims are directed to fraudulent websites requesting deposits ranging from $100 to $250 and sensitive personal information.
Distribution Channels: The scams proliferate via YouTube, social media, and blogs, predominantly excluding US and Israeli IPs but linked to other fraudulent trading schemes.

Quote:

"Deepfake driven scams are targeting investors worldwide." — Sarah Lane [07:10]

Conclusion

Quote:

"Everyone seems like they're on board with the principles of zero trust. So why do we see implementation lagging?" — Sarah Lane [07:00]

For more detailed stories behind these headlines, listeners are directed to visit [cso series.com](https://cso series.com).

Note: This summary excludes advertisements, introductions, and outros to focus solely on the core content of the episode.