FTC's warning to 23andMe buyer, global phishing threats, Samsung breach - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines – April 1, 2025
Hosted by Lauren Verno, CISO Series

1. FTC’s Warning to 23andMe Buyer: Ensuring Data Privacy Continuity

In the opening segment, Lauren Verno discusses a significant development involving the Federal Trade Commission (FTC) and the genetic testing company 23andMe. On April 1, 2025, the FTC issued a stern warning to any prospective buyer of 23andMe, emphasizing the necessity to uphold existing privacy policies related to user genetic data.

“23andMe has explicitly promised not to share data with insurers, employers or law enforcement without legal orders, and that these protections extend to any new owner.” – FTC Chair Andrew Ferguson [02:15]

The FTC Chair, Andrew Ferguson, highlighted that these privacy assurances must remain intact even in scenarios such as bankruptcy or ownership changes. This move aims to protect consumers’ genetic information from unauthorized access and misuse, reinforcing trust in genetic data handling.

2. Escalating Global Phishing Threats: The Rise of Lucid

Lauren delved into the alarming expansion of phishing attacks globally, spearheaded by a phishing-as-a-service platform named Lucid. Operating under the Chinese cybercriminal group Shenzhen, Lucid now targets 169 entities across 88 countries.

“Lucid offers over 1000 phishing domains, auto-generated phishing sites, and pro-grade spamming tools to its subscribers.” – Lauren Verno [04:30]

Utilizing iMessage and Rich Communication Services (RCS), Lucid effectively bypasses traditional spam filters, facilitating large-scale phishing campaigns. Victims are redirected to counterfeit landing pages mimicking reputable companies like USPS, Amazon, and major banks, leading to the theft of personal and financial data.

3. Samsung Data Breach Tied to Persistent Stolen Credentials

A concerning breach at Samsung’s German ticketing system has come to light, attributed to the threat actor group Ghana (GHN A). The breach exploited credentials obtained from a 2021 raccoon infostealer infection, which remained unchanged for four years.

“Credentials compromised in a 2021 raccoon infostealer infection and never changed led to the leak of 270,000 customer records.” – Lauren Verno [06:45]

The breach exposed sensitive customer information, including names, addresses, emails, and transaction details. This incident underscores the critical importance of regular credential updates and robust password management practices to prevent long-term vulnerabilities.

4. North Korea’s Intensifying Fake Worker Schemes: A Growing Threat

North Korean operatives are escalating their cyber espionage tactics by securing full-time IT and engineering roles within Fortune 2000 companies. These insiders gain privileged access to enterprise networks, allowing them to infiltrate supply chain partners and siphon funds back to Pyongyang.

“These insiders are operating in Fortune 2000 companies with privileged access to systems, remote tools, and the ability to pivot into supply chain partners.” – Lauren Verno [08:10]

DTEX's investigation revealed that these teams, often masquerading as high-performing individuals, are not only financially motivated but may also shift towards espionage or sabotage. Experts advise recruiters to watch for social red flags during interviews, such as candidates avoiding casual conversation or appearing disengaged when prompted.

5. WordPress MU Plugins Exploited for Malware Distribution

The podcast highlighted a surge in malicious activities targeting WordPress MU (Must-Use) plugins. These plugins are automatically loaded on every page without activation, making them prime targets for hiding malware and evading standard security checks.

“Attackers are using files like redirect PHP and index PHP to redirect visitors to malicious sites, create web shells for command execution, and inject harmful content.” – Lauren Verno [10:20]

Cybersecurity experts recommend that WordPress administrators regularly update plugins, enforce strong credentials, and maintain up-to-date server configurations to mitigate these threats.

6. Canadian Hacker Arrested for Defacing Texas Republican Party Website

A significant legal action was reported against Canadian hacker Aubrey Cottle, also known as Curtanner, a member of the Anonymous group. Charged by the US Department of Justice, Cottle is accused of defacing the Texas Republican Party website in 2021 and stealing 180 gigabytes of personal data from their servers.

“Cottle faces identity theft charges and up to five years in prison if convicted.” – Lauren Verno [12:35]

Cottle allegedly accessed the website through a breach of its hosting provider, Epic, exacerbating the security lapse. This case serves as a stark reminder of the legal consequences cybercriminals face when engaging in illicit activities.

7. QuackBot Banking Trojan Resurgence: A Persistent Threat

The QuackBot Banking Trojan has made a notorious return, employing the emerging “click fix” technique. This method uses fake Captcha verifications to deceive users into executing malicious payloads, targeting sectors such as healthcare, government, and construction.

“Despite an international effort to dismantle QuackBot's infrastructure back in 2023, the malware continues to evolve, using social engineering tactics to gain initial access and deploy further malicious software.” – Lauren Verno [14:50]

Attackers disseminate malicious links through LinkedIn and other social media platforms, exploiting the trust users place in these channels. Continuous vigilance and advanced threat detection mechanisms are essential to counteract such sophisticated malware.

8. European Union Allocates €1.3 Billion for Cybersecurity and Digital Initiatives

In a significant boost to cybersecurity infrastructure, the European Commission has allocated €1.3 billion (approximately $1.4 billion) towards cybersecurity, artificial intelligence (AI), and digital skills as part of the Digital Europe program for 2025-2027.

“A portion of the funds will strengthen cybersecurity resilience, focusing on critical infrastructures like hospitals and submarine cables and supporting the deployment of the EU's digital identity wallet.” – Lauren Verno [16:05]

This investment aims to enhance the EU's cybersecurity defenses, support generative AI applications, establish digital innovation hubs, and provide extensive digital skills training. While sanctions against hackers are increasing, the EU acknowledges that effective security controls must extend beyond mere compliance to achieve meaningful security outcomes.

Conclusion and Upcoming Episodes

Lauren concluded the episode by teasing discussions on security controls that prioritize genuine security outcomes over mere compliance, referencing the latest episode titled “This Security Control Is So Good We Don't Even Have to Turn It On.”

Additionally, Lauren announced her temporary departure for maternity leave, expressing gratitude to listeners and promising a return after welcoming her first child.

“This is going to be my last cybersecurity headline show for a little while as I sign off for my maternity leave while my husband and I welcome our first child to the world.” – Lauren Verno [17:30]

Stay Updated:
For detailed stories behind these headlines and more, visit CISOseries.com.

This summary encapsulates the key points, discussions, and insights shared in the April 1, 2025 episode of Cyber Security Headlines by CISO Series. Whether you're a seasoned cybersecurity professional or simply interested in the latest cyber threats and defenses, these updates provide valuable information to stay informed and protected.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Tuesday, April 1st, 2025. I'm Lauren Verno. FTC sends warning to future 23andMe buyer an update to the 23andMe data privacy concerns On Monday, the Federal Trade Commission sent a warning to the Department of Justice that any buyer of 23andMe must honor its existing privacy policies ensuring users remain in control of their genetic data even in bankruptcy. FTC Chair Andrew Ferguson emphasized that 23andMe has explicitly promised not to share data with insurers, employers or law enforcement without legal orders, and that these protections extend to any new owner. Global Phishing threat targets 88 countries A phishing as a service platform called Lucid is targeting 169 entities across 88 countries using iMessage and RCS to bypass spam filters and deliver large scale phishing campaigns. Run by the Chinese cybercriminal group Shenzhen, Lucid offers over 1000 phishing domains, auto generated phishing sites and pro grade spamming tools to its subscribers. Victims clicking the links are redirected to fake landing pages, impersonating companies like usps, Amazon and major banks where their personal and financial data is ultimately stolen. Samsung data breach tied to old stolen credentials Credentials compromised in a 2021 raccoon infosteeller infection and never changed led to the leak of 270,000 customer records from Samsung's Germany's ticketing system, the threat actor Ghana. That's G H N A exploited these stolen Spectos GmbH credentials, which remained unchanged for four years, to access Samsung system and expose sensitive customer data including names, addresses, emails and transaction details. North Korea's Fake Worker Schemes Getting Worse North Korean operatives aren't just freelancing, they're securing full time IT and engineering roles, gaining deep access to enterprise networks under legitimate employment. DTEX's investigation found these insiders operating in Fortune 2000 companies with privileged access to systems, remote tools and the ability to pivot into supply chain partners. Now the workers, often teams posing as one high performing individual are funneling salaries back to Pyongyang. But experts warn financial motives could shift to espionage or sabotage. And a note for recruiters forcing job candidates to be on camera and show government issued ID is also not proving to be enough. Researchers suggest watching for social red flags such as candidates looking away for prompts during interviews or avoiding casual conversation about personal interest. A huge thanks to our sponsor Qualys. Overwhelmed by noise in your cybersecurity processes? Cut through the clutter with Qualys Enterprise True Risk Management Quantify your cyber risk, including clear financial terms, and focus on what matters most. Actionable insights help you prioritize critical threats, streamline remediation, and accelerate risk reduction while effectively communicating impact to stakeholders. Empower your cybersecurity strategy with tools that drive faster, smarter and more efficient risk management. Your secure future starts today with Qualys Enterprise Truerisk Management. Visit Qualys.com ETM for more information. That's Quailys WordPress MU plugins exploited Malicious actors have been exploiting the MU plugins directory in WordPress to hide malware and evade standard security checks. Now these must use or MU plugins are automatically loaded on every page without activation, making them ideal for these kinds of attacks. Attackers are using files like redirect PHP and index PHP to redirect visitors to malicious sites, create web shells for command execution and and then inject harmful content. A good reminder to work with your WordPress admin to update plugins, weak credentials or outdated server configurations. Canadian hacker Arrested Canadian hacker Aubrey Cottle, known by the handle Curtanner and a member of the Anonymous group, has been charged by the US Department of Justice for defacing the Texas Republican Party website back in 2021 and stealing personal data from their server. Cottle allegedly accessed the website through a breach of its hosting provider, epic, and released 180 gigabytes of stolen data. Cottle faces identity theft charges and up to five years in prison if convicted. Quackbot Banking Trojan is back the Quackbot Banking Trojan has resurfaced in a wave of attacks, leveraging the emerging click fix technique, which uses fake Captcha verifications to trick users into executing malicious payloads. The attacks target industries like healthcare, government and construction, with links posted on LinkedIn and and other social media sites. Despite an international effort to dismantle QuackBot's infrastructure back in 2023, the malware continues to evolve, using social engineering tactics to gain initial access and deploy further malicious software. EU to invest billions in cybersecurity the European Commission has allocated 1.3 billion euros, or $1.4 billion, for cybersecurity, AI and digital skills as part of its Digital Europe program for 2025 2027. A portion of the funds will strengthen cybersecurity resilience, focusing on critical infrastructures like hospitals and submarine cables and supporting the deployment of the EU's digital identity wallet. Additionally, the funding will enhance generative AI applications, digital innovation hubs, and digital skills training. While the EU ramps up sanctions against hackers, not all security controls are created equal. Some are the result of a thoughtful security program. Others come from compliance requirements. But what do you do with controls that come from leadership that are more about optics than security outcomes? That's one of the topics we're digging into on our latest episode of the CISO Series podcast. Look for the episode this security control is so good we don't even have to turn it on. Wherever you get your podcast. And on a quick personal note, this is going to be my last cybersecurity headline show for a little while as I sign off for my maternity leave while my husband and I welcome our first child to the world. So long for now. Until then, I'm Lauren Verno reporting for the CISO series.
[09:01]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.