Transcript
Unknown Host (0:00)
From the CISO series, it's Cybersecurity Headlines.
Sarah Lane (0:07)
These are the cybersecurity headlines for Thursday, August 14, 2025. I'm Sarah Lane. Hack of federal court filing system exploited security flaws known since 2020 Politico reports that a sweeping hack of the federal judiciary's CMECF case filing system exploited basic security flaws first identified in letting suspected Russian attackers and other groups steal sealed case data, source code and sensitive court records from at least 12 district courts. The decentralized system's inconsistent security and slow adoption of fixes have reportedly left vulnerabilities largely unaddressed for years. Pennsylvania attorney General says cyber attack knocked phone, email systems offline A cyber attack took down the Pennsylvania attorney general's phone, email and website. Though prosecutors continued to work on cases, the cause is under investigation. Officials haven't confirmed whether it involved recently disclosed Citrix NetScaler vulnerabilities, which security expert Kevin Beaumont previously found on the office's network. Citrix netscalar flaws have been exploited globally, including against the Dutch justice system and Caribbean courts. Spike in Fortinet VPN Brute force attacks raises zero day concerns Gray Noise detected major brute force spikes on Fortinet SSL VPNs on August 3, followed by FortaManager targeting on August 5, a pattern that has preceded new vulnerability disclosures in 80% of past cases. Gray Noise now says the activity traced to a specific attacker cluster is is likely adaptive testing rather than researcher scans. Gray Noise now warns defenders to treat the spike as a potential zero day precursor. Block 10 listed IPs and Harden Fortinet Device access alarm raised over High severity vulnerabilities in Matrix messaging Protocol the Matrix foundation patched two high severity vulnerabilities in its federated messaging protocol that could have let hostile actors seize control of sensitive chat rooms used by governments and enterprises. Discovered during joint research with Elements, the flaws were fixed under an embargo and have not been exploited in the wild. One bug involves room control permissions, the other relates to predictable room IDs. The fixes require disruptive room upgrades and organizations running Matrix need to test deployments before rollout. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Like right now? Right right right now we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frame like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's vanta.com headlines UK expands police facial recognition rollout with 10 new vans Head headed to a town near you the UK Home office is expanding police access to live facial recognition, or LFR, with 10 new vans, extending the tech to seven more police regions. Officials say deployments will be intelligence led, targeted and compliant with College of Policing guidance. Privacy advocates warn of increased surveillance and potential rights violations. The expansion comes alongside a pending judicial review and controversy over police use of passport and immigration photo databases. St. Paul's mayor confirms Interlock data leak St. Paul, Minnesota Mayor Melvin Carter confirmed the Interlock ransomware group leaked 43 gigabytes of data from a Parks and Recreation shared drive after the city refused to pay. The files include personal and work documents, but not core systems, and all city data is backed up. The attack on July 25 forced a full network shutdown, disrupting online services for 307,000 residents, although emergency services did stay up. New security measures include Password resets for 2000 employees and advanced protections on most devices, with help from the FBI and the Minnesota national guard. Microsoft removes PowerShell 2.0 from Windows 11 Windows Server Microsoft will permanently remove PowerShell 2.0 from Windows this month with Windows 11 version 24H2 and from Windows Server 2025 in September, ending support for the 14 year old tool. Eight years after its deprecation. Legacy scripts will default to PowerShell 5.1, but Microsoft urges users to migrate to PowerShell 5.1 or 7 to avoid disruptions, as some older applications and installers may fail without it. The move is part of reducing legacy code, simplifying Windows and improving security. Deepfake AI trading scams target global investors an investigation by Group IB shows that deepfake driven scams are targeting investors worldwide. These campaigns mimic news broadcasts, publish fabricated reviews and charts, and localized content to match a user's language and country. Victims are then funneled to sites asking for somewhere between 100 or $250 deposits and sensitive personal data. The scams are then spread through YouTube, social media and blogs. They appear to exclude US and Israeli IPs, but are linked to domains tied to other fraudulent trading schemes. Everyone seems like they're on board with the principles of zero trust. So why do we see implementation lagging? That's what we're trying to answer on this week's episode of Defense In Depth. Look for the episode where are We Struggling with Zero Trust. Wherever you get your podcasts and if you have thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Sarah Lane reporting for the CISO series. Thank you so much for listening. We'll talk to you next time.