Episource Breach, Predatory Sparrow strikes again, Swiss banks data leak

Summary

Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: June 19, 2025

The latest episode of "Cyber Security Headlines" by CISO Series, hosted by Rich Stroffelino, delves into significant cybersecurity incidents and developments impacting various sectors. This comprehensive summary captures the key discussions, insights, and conclusions from the episode, providing valuable information for those who haven't tuned in.

1. Episource Breach Impacts Over 5 Million Individuals

Incident Overview: Episource, a healthcare technology services provider, disclosed a substantial data breach impacting over 5.4 million individuals. The breach involved unauthorized access to Episource’s systems from January 27 to February 6, 2025.

Details:

Stolen Information: The breach compromised sensitive data, including Social Security numbers, insurance and Medicaid/Medicare numbers, and medical records.
Response Measures: Episource is collaborating with partner doctors and health plan providers to notify all affected victims. The company advises victims to monitor their benefit statements for potential fraud.
Historical Context: This incident mirrors a previous data loss Episource experienced in 2023 due to a cyberattack.

Notable Quote: Rich Stroffelino highlighted the severity of the breach: “Episource is urging all impacted victims to review their benefit statements closely for any signs of fraud” [02:30].

2. Predatory Sparrow Strikes Iran’s Financial Sector Again

Incident Overview: The pro-Israeli hacktivist group, Predatory Sparrow, has once again targeted Iran’s financial sector, successfully siphoning over $90 million from Nobatex, Iran’s largest cryptocurrency exchange.

Details:

Attack Modus Operandi: Predatory Sparrow took credit for the attack via social media and threatened to release Nobatex's source code and internal information.
Verification: Researchers at Elliptic confirmed the $90 million asset transfer, validating Predatory Sparrow's claims through the use of vanity addresses.
Recent Activity: This attack follows a similar incident the previous day, where the group targeted Swiss banks, specifically UBS and Paquette, leading to significant data leaks.

Notable Quote: Rich Stroffelino emphasized the impact: “Predatory Sparrow’s latest move not only steals substantial assets but also threatens to expose critical internal information” [04:15].

3. Swiss Banks Data Leak Through External Supplier

Incident Overview: Both UBS and Paquette, prominent Swiss banks, confirmed internal data leaks stemming from breaches at their external supplier, ChainIQ.

Details:

Leaked Data: The breach exposed tens of millions of UBS employees’ data, direct internal phone lines to executives, and Paquette's invoice information.
Client Data Security: Importantly, both banks assured that no client information was compromised.
Public Disclosure: Data from the attack was published on illicit forums as of June 12. ChainIQ has opted not to reveal details about negotiations or ransom demands.

Notable Quote: Rich Stroffelino noted the strategic nature of the leak: “While employee and internal data was exposed, the assurance that client information remained secure is a critical aspect of this breach” [05:00].

4. Microsoft 365 Enhances Security by Blocking Legacy Authentication Protocols

Update Overview: Starting mid-July, Microsoft will implement changes to enhance security across Microsoft 365 tenants by blocking legacy authentication protocols in SharePoint, OneDrive, and Office files.

Details:

Implementation Timeline: The transition is expected to be completed by August.
Affected Protocols: This includes blocking browser authentication for SharePoint and OneDrive via Relaying Party Suite (RPS) and preventing Office files from being opened through front-page remote procedure calls.
Security Rationale: Legacy protocols are vulnerable to brute force and phishing attacks, prompting Microsoft’s proactive measures.
Policy Enhancements: App consent policies will be updated to require administrative approval before users can grant third-party apps file access.

Notable Quote: Rich Stroffelino explained Microsoft's stance: “Blocking these legacy protocols is a necessary step to mitigate the increasing threats of brute force and phishing attacks” [06:00].

5. State Healthcare Exchanges Share Sensitive Data with Big Tech

Investigation Findings: An investigation by The Markup and CalMatters revealed that four state-run insurance marketplace websites inadvertently shared sensitive information with major technology companies through embedded advertising trackers.

Details:

Data Shared: States like Nevada, Maine, Rhode Island, and Massachusetts shared varying sensitive information, including prescription details, dosage information, and medical visits, with platforms like LinkedIn, Snapchat, and Google.
Mechanism: The issue arose from using separate sites to connect users with insurance plans, which employed embedded trackers.
Response: Upon notification, all affected exchanges removed the trackers, asserting that no personally identifiable information (PII) was stored.

Notable Quote: Rich Stroffelino highlighted the privacy concerns: “The inadvertent sharing of sensitive healthcare data through embedded trackers underscores the need for stringent data handling practices” [03:45].

6. Linux Distributions Vulnerable to Local Privilege Escalation (LPE)

Vulnerability Report: Researchers at the Qualys Threat Research Unit identified two new LPE vulnerabilities affecting several prominent Linux distributions.

Details:

Affected Systems:
- SUSE Linux 15: A flaw in the Pluggable Authentication Modules (PAM) framework allows attackers to escalate user privileges.
- Udisk Daemon Vulnerability: Impacts the default storage management service across most distributions via a flaw in Libblock dev.
Exploitation Potential: These vulnerabilities can be easily chained to gain root privileges on systems like SUSE, Ubuntu, Debian, and Fedora.
Mitigation: Patches are now available for both vulnerabilities, with Proofs of Concept (POCs) demonstrating potential exploits.

Notable Quote: Rich Stroffelino stressed the urgency: “With patches available, it's critical for administrators to apply updates promptly to safeguard against potential escalations” [04:45].

7. Federal Government Seizes $224 Million in Cryptocurrency Linked to Scams

Seizure Details: The U.S. Department of Justice announced the filing of a civil forfeiture action to seize over $224 million in cryptocurrency associated with investment and romance scams.

Details:

Scam Tactics: Fraudsters deceived at least 400 victims globally by promoting fake crypto ventures and engaging in romantic relationships to extract funds.
Collaboration: The U.S. Secret Service and FBI worked alongside Tether to trace and reclaim the stolen assets.
Objective: The DOJ aims to use the forfeited funds to compensate the victims affected by these scams.

Notable Quote: Rich Stroffelino highlighted the significance of the action: “This substantial forfeiture not only disrupts the scammers’ operations but also provides a pathway to restitution for the victims” [05:30].

8. Targeted Hacking Campaign Compromises Russian Military Expert Keir Giles

Incident Overview: Reports from Citizen Lab and Google Threat Intelligence Group revealed a sophisticated hacking campaign targeting Keir Giles, a Russian military expert, attributed to the Russian-linked threat group UNC 6293.

Details:

Attack Strategy: Unlike typical broad attacks, this campaign focused meticulously on a single individual, employing a slower, more targeted approach.
Compromise Method: The attackers eventually persuaded Giles to share a screenshot of an app-specific password, granting them full access to his Google accounts.
Expert Insight: John Scott Railton of Citizen Lab remarked, “It’s as if they knew everything we'd been taught to expect from Russian hackers and then did the opposite” [06:30].

Notable Quote: Rich Stroffelino emphasized the uniqueness of the attack: “Targeting an individual with such precision showcases the evolving tactics of threat groups like UNC 6293” [06:45].

Conclusion: This episode of "Cyber Security Headlines" underscores the ever-evolving landscape of cybersecurity threats, ranging from large-scale data breaches and sophisticated hacking campaigns to governmental actions against cryptocurrency scams. The discussions highlight the critical need for robust security measures, timely patching of vulnerabilities, and vigilant monitoring of data-sharing practices to safeguard sensitive information across various sectors.

For more detailed stories and daily updates, visit CISOseries.com.

Summary

Cyber Security Headlines - Episode Summary Hosted by CISO Series | Release Date: June 19, 2025

1. Episource Breach Impacts Over 5 Million Individuals

Details:

Stolen Information: The breach compromised sensitive data, including Social Security numbers, insurance and Medicaid/Medicare numbers, and medical records.
Response Measures: Episource is collaborating with partner doctors and health plan providers to notify all affected victims. The company advises victims to monitor their benefit statements for potential fraud.
Historical Context: This incident mirrors a previous data loss Episource experienced in 2023 due to a cyberattack.

Notable Quote: Rich Stroffelino highlighted the severity of the breach: “Episource is urging all impacted victims to review their benefit statements closely for any signs of fraud” [02:30].

2. Predatory Sparrow Strikes Iran’s Financial Sector Again

Details:

Attack Modus Operandi: Predatory Sparrow took credit for the attack via social media and threatened to release Nobatex's source code and internal information.
Verification: Researchers at Elliptic confirmed the $90 million asset transfer, validating Predatory Sparrow's claims through the use of vanity addresses.
Recent Activity: This attack follows a similar incident the previous day, where the group targeted Swiss banks, specifically UBS and Paquette, leading to significant data leaks.

3. Swiss Banks Data Leak Through External Supplier

Incident Overview: Both UBS and Paquette, prominent Swiss banks, confirmed internal data leaks stemming from breaches at their external supplier, ChainIQ.

Details:

Leaked Data: The breach exposed tens of millions of UBS employees’ data, direct internal phone lines to executives, and Paquette's invoice information.
Client Data Security: Importantly, both banks assured that no client information was compromised.
Public Disclosure: Data from the attack was published on illicit forums as of June 12. ChainIQ has opted not to reveal details about negotiations or ransom demands.

4. Microsoft 365 Enhances Security by Blocking Legacy Authentication Protocols

Details:

Implementation Timeline: The transition is expected to be completed by August.
Affected Protocols: This includes blocking browser authentication for SharePoint and OneDrive via Relaying Party Suite (RPS) and preventing Office files from being opened through front-page remote procedure calls.
Security Rationale: Legacy protocols are vulnerable to brute force and phishing attacks, prompting Microsoft’s proactive measures.
Policy Enhancements: App consent policies will be updated to require administrative approval before users can grant third-party apps file access.

5. State Healthcare Exchanges Share Sensitive Data with Big Tech

Details:

Data Shared: States like Nevada, Maine, Rhode Island, and Massachusetts shared varying sensitive information, including prescription details, dosage information, and medical visits, with platforms like LinkedIn, Snapchat, and Google.
Mechanism: The issue arose from using separate sites to connect users with insurance plans, which employed embedded trackers.
Response: Upon notification, all affected exchanges removed the trackers, asserting that no personally identifiable information (PII) was stored.

6. Linux Distributions Vulnerable to Local Privilege Escalation (LPE)

Vulnerability Report: Researchers at the Qualys Threat Research Unit identified two new LPE vulnerabilities affecting several prominent Linux distributions.

Details:

Affected Systems:
- SUSE Linux 15: A flaw in the Pluggable Authentication Modules (PAM) framework allows attackers to escalate user privileges.
- Udisk Daemon Vulnerability: Impacts the default storage management service across most distributions via a flaw in Libblock dev.
Exploitation Potential: These vulnerabilities can be easily chained to gain root privileges on systems like SUSE, Ubuntu, Debian, and Fedora.
Mitigation: Patches are now available for both vulnerabilities, with Proofs of Concept (POCs) demonstrating potential exploits.

Notable Quote: Rich Stroffelino stressed the urgency: “With patches available, it's critical for administrators to apply updates promptly to safeguard against potential escalations” [04:45].

7. Federal Government Seizes $224 Million in Cryptocurrency Linked to Scams

Seizure Details: The U.S. Department of Justice announced the filing of a civil forfeiture action to seize over $224 million in cryptocurrency associated with investment and romance scams.

Details:

Scam Tactics: Fraudsters deceived at least 400 victims globally by promoting fake crypto ventures and engaging in romantic relationships to extract funds.
Collaboration: The U.S. Secret Service and FBI worked alongside Tether to trace and reclaim the stolen assets.
Objective: The DOJ aims to use the forfeited funds to compensate the victims affected by these scams.

8. Targeted Hacking Campaign Compromises Russian Military Expert Keir Giles

Details:

Attack Strategy: Unlike typical broad attacks, this campaign focused meticulously on a single individual, employing a slower, more targeted approach.
Compromise Method: The attackers eventually persuaded Giles to share a screenshot of an app-specific password, granting them full access to his Google accounts.
Expert Insight: John Scott Railton of Citizen Lab remarked, “It’s as if they knew everything we'd been taught to expect from Russian hackers and then did the opposite” [06:30].

Notable Quote: Rich Stroffelino emphasized the uniqueness of the attack: “Targeting an individual with such precision showcases the evolving tactics of threat groups like UNC 6293” [06:45].

For more detailed stories and daily updates, visit CISOseries.com.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

1. Episource Breach Impacts Over 5 Million Individuals

2. Predatory Sparrow Strikes Iran’s Financial Sector Again

3. Swiss Banks Data Leak Through External Supplier

4. Microsoft 365 Enhances Security by Blocking Legacy Authentication Protocols

5. State Healthcare Exchanges Share Sensitive Data with Big Tech

6. Linux Distributions Vulnerable to Local Privilege Escalation (LPE)

7. Federal Government Seizes $224 Million in Cryptocurrency Linked to Scams

8. Targeted Hacking Campaign Compromises Russian Military Expert Keir Giles

Summary

1. Episource Breach Impacts Over 5 Million Individuals

2. Predatory Sparrow Strikes Iran’s Financial Sector Again

3. Swiss Banks Data Leak Through External Supplier

4. Microsoft 365 Enhances Security by Blocking Legacy Authentication Protocols

5. State Healthcare Exchanges Share Sensitive Data with Big Tech

6. Linux Distributions Vulnerable to Local Privilege Escalation (LPE)

7. Federal Government Seizes $224 Million in Cryptocurrency Linked to Scams

8. Targeted Hacking Campaign Compromises Russian Military Expert Keir Giles