GlobalX breach, Google settles lawsuits, UK software security guidelines

Tue May 13 2025

Global Crossing Airlines Group confirms cyberattack Google settles privacy lawsuits UK launches software security guidelines Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We...

Summary

Summary of "Cyber Security Headlines" – CISO Series Podcast Episode Released on May 13, 2025

Hosted by Rich Stroffelino, the "Cyber Security Headlines" episode from CISO Series delivers comprehensive updates on the latest developments in the information security landscape. This summary encapsulates the key topics discussed, enriched with notable quotes and structured for clarity.

1. GlobalX Breach: Cyberattack on Global Crossing Airlines Group

On May 5, 2025, Global Crossing Airlines Group, also known as Global X, experienced a significant cyberattack. According to a filing with the U.S. Securities and Exchange Commission:

Nature of the Attack: Attackers gained unauthorized access to systems supporting portions of Global X's business applications.
Extent of Compromise: Over the subsequent weekend, the attackers reportedly contacted 404 Media, offering sensitive information related to Global Crossing's ICE deportation flights, including flight records and passenger lists.
Impact on Operations: Despite the breach, Global X assured stakeholders that the attack did not disrupt operational activities and would not have a material financial effect on the company.

“The airline said the attack did not disrupt operations and would not create a material effect on its finances.” – Rich Stroffelino, [00:06]

2. Google Settles Privacy Lawsuits

Google has reached settlements in privacy-related lawsuits filed in 2022 by multiple states and the District of Columbia:

Legal Background: Attorneys General from Texas, Indiana, Washington State, and the District of Columbia accused Google of making it virtually impossible for users to opt out of location tracking. Additionally, Texas Attorney General Ken Paxton filed a lawsuit alleging unauthorized collection of biometric data.
Settlement Details: Google agreed to pay a combined total of $1.375 billion without admitting any liability. The company also committed to updating its products and practices to address the concerns raised.
Industry Context: This follows a precedent where Meta settled a similar case with Texas in July of the same year for unauthorized collection of biometric information.

“Google settled both cases, agreeing to pay a combined $1.375 billion and admitting no liability.” – Rich Stroffelino, [00:06]

3. UK Launches Software Security Guidelines

The UK's National Cybersecurity Center (NCSC) in collaboration with the Department for Science, Innovation and Technology has introduced a voluntary Software Security Code of Practice:

Scope of the Code: Comprising 14 principles, the guidelines cover secure design and development, building environments, deployment and maintenance, and customer communication.
Alignment with International Standards: The UK's guidelines mirror the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Secure by Design principles.
Future Prospects: While the current program is voluntary with no regulatory enforcement, there is potential for the NCSC to develop a certification program based on these standards in the future.

4. Arrest in Dutch Ransomware Attacks

Moldovan authorities have apprehended a 45-year-old individual allegedly involved in ransomware attacks targeting Dutch companies in 2021:

Targets and Damage: Notably, the Netherlands Organization for Scientific Research was affected, resulting in damages amounting to €4.5 million. These attacks were linked to the notorious DoppelPammer group.
Legal Proceedings: The suspect, who is internationally wanted for blackmail and money laundering, is undergoing extradition to the Netherlands for trial.

5. Hacktivist Attacks in India: Overhyped Threats

Recent weeks have seen numerous hacktivist groups claim over 100 successful cyberattacks against prominent Indian entities, including:

Targets: Election Commission of India, National Informatics Centre, and the Prime Minister's Office.
Analysis by Cloudsec: Investigations revealed that many of these attacks were largely symbolic, involving:
- DDoS Attacks: Causing minor, barely noticeable website downtimes.
- Website Defacements: Brief alterations lasting mere minutes.
- Data Exfiltration Claims: Mostly involving public data rather than sensitive information.
Linked Activities: These attacks were primarily hyped by Pakistan-linked accounts on platform X (formerly Twitter), associating them with supposed ongoing operations.
Recommended Vigilance: Experts advise organizations to be more wary of sophisticated threats from groups like APT36, which has recently launched a phishing campaign targeting Indian government bodies using emotionally charged lures to deploy the Crimson RAT via malicious documents.

6. Andy Frane Discloses Data Breach

Andy Frane, a company providing physical security services to venues, businesses, and airports, has reported a significant data breach:

Breach Details: Discovered in October 2024, the cyberattack impacted over 100,000 individuals. The ransomware group Black Basta claimed responsibility in November, declaring the theft of approximately 750 GB of data.
Company Response: Andy Frane is offering affected individuals up to 24 months of credit and identity monitoring services. It remains unclear whether a ransom was paid.
Black Basta Status: Following the attack, Black Basta has largely ceased operations, possibly due to internal conflicts within the group.

7. IoT Devices Exploited as Proxies for Rental Services

Researchers from Lumens Black Lotus Labs, collaborating with the U.S. Department of Justice, FBI, and Dutch national police, uncovered a campaign leveraging Internet of Things (IoT) devices:

Campaign Origin: Based in Turkey, the operation targeted IoT and End-of-Life SOHO devices to build a botnet.
Botnet Scale: Initially claimed to comprise over 7,000 active proxies daily across more than 80 countries. However, actual active proxies were closer to 1,000, predominantly located in the U.S., Ecuador, and Canada.
Monetization: The botnet was rented out for activities such as ad fraud, DDoS attacks, and credential stuffing.
Mitigation Efforts: Lumens collaborated with law enforcement to disrupt the botnet by routing traffic through its backbone, complying with DNS blocking orders.

8. DNS Resolvers' Compliance with EU Court Orders

A report by TorrentFreak's Ernesto van der Saar examines how major DNS resolvers are responding to EU court-mandated blocks on piracy-related domains:

Actions by Specific Providers:
- Cisco's OpenDNS: In response to blocking orders in France and Belgium, OpenDNS withdrew its services from these markets entirely.
- Cloudflare: Asserted that it did not block content on its public 1.1.1.1 DNS resolver. Instead, it implemented alternative mechanisms to adhere to court orders, resulting in blocked sites displaying an HTTP 451 error.
- Google's DNS Resolver: Chose to refuse DNS queries entirely for blocked sites, without providing contextual information or redirecting to an explanation, which contradicts Belgian court directives requiring explanatory redirects.
Implications: These measures have sparked debate over transparency and adherence to court-mandated protocols, with concerns that some resolvers may be overstepping or not fully complying with legal expectations.

9. Reflections on Cybersecurity Best Practices

Rich Stroffelino concludes the episode by addressing a critical aspect of cybersecurity culture:

Observation: Professionals in the field often become overly fixated on perfecting every detail, potentially neglecting broader, meaningful improvements.
Challenge: The industry needs to balance the pursuit of best practices with practical implementation, avoiding the pitfalls of demanding absolute perfection which can stifle progress.
Encouragement: Emphasizing the importance of embracing incremental and impactful enhancements rather than holding out for unattainable purity in security measures.

“Too often professionals lose the forest for the trees, insisting on perfection instead of encouraging practices that are still a net positive for organizations.” – Rich Stroffelino, [07:36]

Conclusion

The episode of "Cyber Security Headlines" by CISO Series provides a thorough overview of recent cybersecurity incidents, legal developments, and industry responses. From major corporate breaches and legal settlements to governmental guidelines and sophisticated cyber threats, Rich Stroffelino delivers insights that are essential for professionals seeking to stay informed and adapt to the evolving digital threat landscape. The discussion culminates in a thoughtful reflection on fostering a balanced approach to cybersecurity practices, advocating for meaningful progress over unattainable ideals.

For more in-depth stories and updates, listeners are encouraged to visit CISOseries.com.

Summary

Summary of "Cyber Security Headlines" – CISO Series Podcast Episode Released on May 13, 2025

1. GlobalX Breach: Cyberattack on Global Crossing Airlines Group

On May 5, 2025, Global Crossing Airlines Group, also known as Global X, experienced a significant cyberattack. According to a filing with the U.S. Securities and Exchange Commission:

Nature of the Attack: Attackers gained unauthorized access to systems supporting portions of Global X's business applications.
Extent of Compromise: Over the subsequent weekend, the attackers reportedly contacted 404 Media, offering sensitive information related to Global Crossing's ICE deportation flights, including flight records and passenger lists.
Impact on Operations: Despite the breach, Global X assured stakeholders that the attack did not disrupt operational activities and would not have a material financial effect on the company.

“The airline said the attack did not disrupt operations and would not create a material effect on its finances.” – Rich Stroffelino, [00:06]

2. Google Settles Privacy Lawsuits

Google has reached settlements in privacy-related lawsuits filed in 2022 by multiple states and the District of Columbia:

Legal Background: Attorneys General from Texas, Indiana, Washington State, and the District of Columbia accused Google of making it virtually impossible for users to opt out of location tracking. Additionally, Texas Attorney General Ken Paxton filed a lawsuit alleging unauthorized collection of biometric data.
Settlement Details: Google agreed to pay a combined total of $1.375 billion without admitting any liability. The company also committed to updating its products and practices to address the concerns raised.
Industry Context: This follows a precedent where Meta settled a similar case with Texas in July of the same year for unauthorized collection of biometric information.

“Google settled both cases, agreeing to pay a combined $1.375 billion and admitting no liability.” – Rich Stroffelino, [00:06]

3. UK Launches Software Security Guidelines

The UK's National Cybersecurity Center (NCSC) in collaboration with the Department for Science, Innovation and Technology has introduced a voluntary Software Security Code of Practice:

Scope of the Code: Comprising 14 principles, the guidelines cover secure design and development, building environments, deployment and maintenance, and customer communication.
Alignment with International Standards: The UK's guidelines mirror the U.S. Cybersecurity and Infrastructure Security Agency's (CISA) Secure by Design principles.
Future Prospects: While the current program is voluntary with no regulatory enforcement, there is potential for the NCSC to develop a certification program based on these standards in the future.

4. Arrest in Dutch Ransomware Attacks

Moldovan authorities have apprehended a 45-year-old individual allegedly involved in ransomware attacks targeting Dutch companies in 2021:

Targets and Damage: Notably, the Netherlands Organization for Scientific Research was affected, resulting in damages amounting to €4.5 million. These attacks were linked to the notorious DoppelPammer group.
Legal Proceedings: The suspect, who is internationally wanted for blackmail and money laundering, is undergoing extradition to the Netherlands for trial.

5. Hacktivist Attacks in India: Overhyped Threats

Recent weeks have seen numerous hacktivist groups claim over 100 successful cyberattacks against prominent Indian entities, including:

Targets: Election Commission of India, National Informatics Centre, and the Prime Minister's Office.
Analysis by Cloudsec: Investigations revealed that many of these attacks were largely symbolic, involving:
- DDoS Attacks: Causing minor, barely noticeable website downtimes.
- Website Defacements: Brief alterations lasting mere minutes.
- Data Exfiltration Claims: Mostly involving public data rather than sensitive information.
Linked Activities: These attacks were primarily hyped by Pakistan-linked accounts on platform X (formerly Twitter), associating them with supposed ongoing operations.
Recommended Vigilance: Experts advise organizations to be more wary of sophisticated threats from groups like APT36, which has recently launched a phishing campaign targeting Indian government bodies using emotionally charged lures to deploy the Crimson RAT via malicious documents.

6. Andy Frane Discloses Data Breach

Andy Frane, a company providing physical security services to venues, businesses, and airports, has reported a significant data breach:

Breach Details: Discovered in October 2024, the cyberattack impacted over 100,000 individuals. The ransomware group Black Basta claimed responsibility in November, declaring the theft of approximately 750 GB of data.
Company Response: Andy Frane is offering affected individuals up to 24 months of credit and identity monitoring services. It remains unclear whether a ransom was paid.
Black Basta Status: Following the attack, Black Basta has largely ceased operations, possibly due to internal conflicts within the group.

7. IoT Devices Exploited as Proxies for Rental Services

Researchers from Lumens Black Lotus Labs, collaborating with the U.S. Department of Justice, FBI, and Dutch national police, uncovered a campaign leveraging Internet of Things (IoT) devices:

Campaign Origin: Based in Turkey, the operation targeted IoT and End-of-Life SOHO devices to build a botnet.
Botnet Scale: Initially claimed to comprise over 7,000 active proxies daily across more than 80 countries. However, actual active proxies were closer to 1,000, predominantly located in the U.S., Ecuador, and Canada.
Monetization: The botnet was rented out for activities such as ad fraud, DDoS attacks, and credential stuffing.
Mitigation Efforts: Lumens collaborated with law enforcement to disrupt the botnet by routing traffic through its backbone, complying with DNS blocking orders.

8. DNS Resolvers' Compliance with EU Court Orders

A report by TorrentFreak's Ernesto van der Saar examines how major DNS resolvers are responding to EU court-mandated blocks on piracy-related domains:

Actions by Specific Providers:
- Cisco's OpenDNS: In response to blocking orders in France and Belgium, OpenDNS withdrew its services from these markets entirely.
- Cloudflare: Asserted that it did not block content on its public 1.1.1.1 DNS resolver. Instead, it implemented alternative mechanisms to adhere to court orders, resulting in blocked sites displaying an HTTP 451 error.
- Google's DNS Resolver: Chose to refuse DNS queries entirely for blocked sites, without providing contextual information or redirecting to an explanation, which contradicts Belgian court directives requiring explanatory redirects.
Implications: These measures have sparked debate over transparency and adherence to court-mandated protocols, with concerns that some resolvers may be overstepping or not fully complying with legal expectations.

9. Reflections on Cybersecurity Best Practices

Rich Stroffelino concludes the episode by addressing a critical aspect of cybersecurity culture:

Observation: Professionals in the field often become overly fixated on perfecting every detail, potentially neglecting broader, meaningful improvements.
Challenge: The industry needs to balance the pursuit of best practices with practical implementation, avoiding the pitfalls of demanding absolute perfection which can stifle progress.
Encouragement: Emphasizing the importance of embracing incremental and impactful enhancements rather than holding out for unattainable purity in security measures.

“Too often professionals lose the forest for the trees, insisting on perfection instead of encouraging practices that are still a net positive for organizations.” – Rich Stroffelino, [07:36]

Conclusion

For more in-depth stories and updates, listeners are encouraged to visit CISOseries.com.

wavePod

GlobalX breach, Google settles lawsuits, UK software security guidelines

Powered by Wave AI

Summary

1. GlobalX Breach: Cyberattack on Global Crossing Airlines Group

2. Google Settles Privacy Lawsuits

3. UK Launches Software Security Guidelines

4. Arrest in Dutch Ransomware Attacks

5. Hacktivist Attacks in India: Overhyped Threats

6. Andy Frane Discloses Data Breach

7. IoT Devices Exploited as Proxies for Rental Services

8. DNS Resolvers' Compliance with EU Court Orders

9. Reflections on Cybersecurity Best Practices

Conclusion

Summary

1. GlobalX Breach: Cyberattack on Global Crossing Airlines Group

2. Google Settles Privacy Lawsuits

3. UK Launches Software Security Guidelines

4. Arrest in Dutch Ransomware Attacks

5. Hacktivist Attacks in India: Overhyped Threats

6. Andy Frane Discloses Data Breach

7. IoT Devices Exploited as Proxies for Rental Services

8. DNS Resolvers' Compliance with EU Court Orders

9. Reflections on Cybersecurity Best Practices

Conclusion