← Cybersecurity Headlines
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Tuesday, July 15, 2025. I'm Rich Stofalino. EU states test age Verification App the European Commission announced that Denmark, France, Greece, Italy and Spain will test a blueprint for an age verification app. This takes a white label approach with a base app built on the technical specifications that the European Digital Identity Wallet uses that's set to debut year. The specifications are open source and the EC expects online platforms and other interested parties to start testing and integrating this blueprint as well. The Commission also recently published its guidelines for protecting miners as part of the Digital Services Act. AAR pledges to start fixing 20 year old vulnerability next year Modern trains use an end of train device to transmit status data from, you guessed it, the end of the train to the head of train or hot device. It can also receive braking instructions from the hot CISA issued a new advisory warning that the protocol that links these two devices is not secure. There's no authentication or encryption allowing a threat actor to send rogue break control commands to the EOT. Researcher Neil Smith discovered the vulnerability back in 2012 while doing research for ICS certified, but that agency failed to reach a consensus with the association of American Railroads, or AAR, to get it fixed. Then in 2018, Erich Reuter disclosed technical details of the vulnerability at DEFCON. Smith claims that another researcher published details of the flaw as far back as 2005. In response to Cease's advisory, the AAR said it's pursuing new equipment and protocols which should replace traditional end of train and head of train devices. With the process expected to begin in 2026. Don't worry, only about 70,000 total devices need to be upgraded. Fortunately for the 20 year old vulnerability, there's no evidence of exploitation in the wild. Grok4 jailbroken in two days Researchers at Neural Trust were able to get Xai's latest LLM model to give step by step instructions to make a Molotov cocktail and other responses otherwise barred by its guardrails. This combined two jailbreaking techniques, first using an echo chamber attack to subtly nudge the conversational context toward unsafe behavior. Once shifting the model's output tone, the researchers then used a crescendo technique to intensify prompts to escalate the model's output. They were able to get instructions for Molotov cocktails 67% of the time had a 5050 chance of getting meth making instructions. While toxin related responses were successful, 30% of the time. The key takeaway from the researchers was attacks can bypass intent or keyword based filtering by exploiting the broader conversational context. DoD awards contracts for agentic AI the U.S. department of Defense awarded contracts with up to $200 million each to anthropic, Google, OpenAI and XAI. DoD chief digital and AI Officer Doug Mattey said these contracts will be used to create agentic AI workflows for critical national security challenges, although outside of support our warfighters and maintain strategic advantage over our adversaries. The announcement was light on specifics. This comes after an executive order in April which directed federal agencies to develop AI strategies and remove barriers to responsible AI usage. And now, thanks to Our Episode Sponsor ThreatLocker, ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's T H R E A T L-O-C-K-E-R.com CISO ESIM vulnerability exposes billions of IoT devices Researchers at Security Explorations discovered a vulnerability in Keegan Embedded Universal Integrated Circuit Card, or euicc chips. These chips are where an ESIM lives. Using publicly known keys, a threat actor with physical access could install a malicious Java card applet and extract the EUICC identity certificate. This certificate opens the door to downloading profiles from a mobile network operator in cleartext, accessing secrets, and then transferring a profile to another EUICC chip. Only chips running GSMats 48 generic test profile V6 are vulnerable. That profile is used for ESIM compliance testing. The latest V7 release patches the issue UK launches vulnerability research Initiative. This is a new effort that will work in parallel and partnership with the UK's National Cybersecurity Center. The NCSE will continue its extensive internal research, while the Vulnerability Research Initiative will focus on quickly sharing insights from the community and private industry. NCSE will also direct researchers partnered with VRI to investigate specific products of interest or proposed mitigations. The researchers will also share any tools or methodologies used in their research to help NCSE build out frameworks and best practices. Interlock ransomware uses FileFix for malware Researchers at the DFIR report and Proofpoint noticed a change in tactics for interlock ransomware operators. Previously, the group used a click fix type attack using fake captchas to paste a run dialog saved to the clipboard that then ran a PowerShell script to pull down a payload. The group has hit some notable targets with this approach, including Texas Tech and Kettering Health. Since June, the researchers have observed interlock shifting to a file fix variation, which mimics the Windows UI, specifically File Explorer, to prompt users to execute JavaScript or a PowerShell command with a fake file path. Once executed, this downloads the PHP RAT to exfiltrate system data and receive further updates from a C2 server. Disinformation Group Spoofs European Journalists the fact checking initiative NIDA project published details about a campaign attributed to the Russian threat actor Storm 1516, which impersonated journalists across Armenia, France, Germany, Moldova and Norway. Active since at least 2023, the campaign used the names and likenesses of real reporters on fake news sites in attempts to discredit Ukraine and create discord between European allies. Many journalists only became aware of the spoofing with the release of the report back in May. French authorities said the group presented a marked threat to European public debate. Elmo Gets Hacked in We can't have nice things News Sesame Workshop announced the X account for Elmo, the eternally three and a half year old muppet beloved by toddlers, has been hacked. The compromised account began posting disgusting messages, including anti Semitic and racist posts, as of July 14. Sesame Workshop is still trying to regain control of the account. Some of the offending messages have been deleted, but a link to a Telegram channel remains in the profile. No word on how the account was breached or how Big Bird is taking the news. The user experience for security products is a mess. Does it have to be? Security practitioners often bemoan that interfaces aren't designed by anyone who actually has to use the product. But how can we optimize interfaces when these products often have to span disparate roles and use cases? That's one of the segments we'll dig into on our latest episode of the CISO series podcast. Look for the episode once you memorize the manual. Our user interface is very intuitive wherever you get your podcasts. And if you have some thoughts on the news from the week or about the show in general, be sure to reach out to us@feedbacksocisoseries.com we'd love to hear from you. Reporting for the CISO series, I'm Rich Stroffelino, reminding you to have a super sparkly day.
- [08:10]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.