Cyber Security Headlines (CISO Series)

Episode Summary:

Date: September 3, 2025
Host: Sarah Lane
Title: Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign

Episode Overview

This episode covers the top cybersecurity news stories of the day, with a particular focus on recent incidents and responses from major tech companies and government agencies. The main topics include Google's response to security rumors, Cloudflare's defense against a historic DDoS attack, a credential theft campaign halted by Amazon, and several key breach and vulnerability updates affecting both public and private sectors.

Key Discussion Points and Insights

1. Google Refutes Gmail Security Rumors

[00:10–01:00]

Recent rumors claimed up to 2.5 billion Gmail users were at risk after a Salesforce-related breach attributed to Shiny Hunters, leading to widespread concern about Gmail's security.
- Google firmly denied these allegations, stating:
  “2.5 billion Gmail users at risk [is] entirely false.” (Sarah Lane, 00:09)
- Gmail itself was not compromised; Google’s security measures reportedly block 99.9% of such threats.
- Quote:
  “Gmail itself was never compromised, adding that its protections block 99.9% of such threats and urged users to remain vigilant against scams.” (Sarah Lane, 00:25)

2. Cloudflare Thwarts Largest-Ever DDoS Attack

[01:01–01:45]

Cloudflare successfully blocked a record-breaking Distributed Denial of Service (DDoS) attack, which peaked at 11.5 terabits per second.
- The attack was a short-lived UDP flood, primarily originating from Google Cloud infrastructure.
- Cloudflare highlighted a surge in such attacks, with network-layer assaults up over 500% year-over-year.
- Noted that previous records stood at 7.3 Tbps in June 2025 and 3.8 Tbps in 2024.
- Quote:
  “Cloudflare says it blocked the largest DDoS attack ever recorded, which peaked at 11.5 teraBits per second…” (Sarah Lane, 01:10)

3. Jaguar Land Rover Cyber Attack Disrupts Operations

[01:46–02:10]

Jaguar Land Rover suffered a significant cyberattack disrupting production and retail systems.
- Operations shut down at sites such as the Solihull plant in the UK.
- No evidence of customer data theft as of reporting.
- The company is restoring systems but offered no details about the attack vector or timeline.

4. Amazon Halts APT29 Credential Theft Campaign

[02:11–02:58]

Amazon disrupted an advanced credential theft operation by APT29 (Russia-linked group behind the SolarWinds breach).
- Attackers compromised legit websites to send users to fake Cloudflare verification pages, abusing Microsoft’s device code authentication flow.
- The campaign used obfuscation and precision targeting.
- Amazon eliminated the threat infrastructure and advised reviewing Microsoft’s security guidance.
- Quote:
  “Amazon says it disrupted a credential theft campaign by a Russian state linked group behind the SolarWinds hack.” (Sarah Lane, 02:13)
- Advice to organizations: Restrict device authentication if not required.

5. CISA Appoints Nicholas Anderson as Executive Assistant Director

[03:27–03:58]

Nicholas Anderson appointed to lead cybersecurity at CISA.
- Formerly at Department of Energy and COO of Invictus International Consulting.
- Expected to strengthen ties with infrastructure partners.

6. JSON Config Leak Exposes Azure Directory Credentials

[03:59–04:29]

A misconfigured appsettings.json in ASP.NET Core apps exposed Azure Active Directory credentials.
- Leaked secrets allowed attackers access via OAuth 2.0 endpoints.
- Risk of data theft, privilege escalation, and malicious deployments highlighted.
- Insight:
  “Experts say the case underscores ongoing risks from cloud misconfigurations and hard coded secrets.” (Sarah Lane, 04:24)

7. Pennsylvania AG Resists Ransom, Recovers from Attack

[04:30–04:56]

Pennsylvania Attorney General's Office almost fully restored after an August 11 ransomware attack (linked to Citrix Bleed vulnerabilities).
- Ransom demands were refused.
- Some court case delays, but prosecutions and investigations continued unhindered.
- Reflects a growing trend of ransomware attacks on state and local governments.

8. Sangoma Patches Zero-Day Affecting FreePBX Servers

[04:57–05:37]

Emergency patch released for critical FreePBX zero-day vulnerability.
- Allowed admin panel access, DB manipulation, and remote code execution.
- Exploited in the wild since August 21, affecting versions 15–17.
- Added to CISA's Known Exploited Vulnerabilities catalog; federal agencies urged to patch by September 19.
- Sangoma shared indicators of compromise (IOCs) and mitigation tips.

Notable Quotes & Memorable Moments

Sarah Lane [00:09]:

"2.5 billion Gmail users at risk entirely false, says Google."
Sarah Lane [01:10]:

"Cloudflare says it blocked the largest DDoS attack ever recorded, which peaked at 11.5 teraBits per second..."
Sarah Lane [02:13]:

"Amazon says it disrupted a credential theft campaign by a Russian state linked group behind the SolarWinds hack."
Sarah Lane [04:24]:

"Experts say the case underscores ongoing risks from cloud misconfigurations and hard coded secrets."

Timestamps for Important Segments

00:09 — Google refutes Gmail security rumors
01:10 — Cloudflare blocks record-setting DDoS attack
01:46 — Jaguar Land Rover production disruptions
02:13 — Amazon stymies APT29 credential theft
03:27 — CISA taps Nicholas Anderson
03:59 — JSON config file leaks Azure credentials
04:30 — Pennsylvania AG recovers from ransomware
04:57 — Sangoma patches FreePBX zero-day

Episode Tone and Language

Sarah Lane delivers headlines with clarity and urgency, using direct statements from companies and agencies while emphasizing vigilance and the ongoing nature of cybersecurity challenges. The episode retains a professional but accessible tone, appropriate for industry professionals and the broader public.

Conclusion

This episode of Cyber Security Headlines delivers a succinct yet thorough update on some of the most significant cybersecurity developments, from debunking rumors to record-breaking DDoS defenses, state-level ransomware resilience, critical patch alerts, and leadership changes at key federal agencies.

For full stories, listeners are encouraged to visit CISOseries.com.

Cyber Security Headlines (CISO Series)

Episode Summary:

Date: September 3, 2025
Host: Sarah Lane
Title: Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign

Episode Overview

Key Discussion Points and Insights

1. Google Refutes Gmail Security Rumors

[00:10–01:00]

Recent rumors claimed up to 2.5 billion Gmail users were at risk after a Salesforce-related breach attributed to Shiny Hunters, leading to widespread concern about Gmail's security.
- Google firmly denied these allegations, stating:
  “2.5 billion Gmail users at risk [is] entirely false.” (Sarah Lane, 00:09)
- Gmail itself was not compromised; Google’s security measures reportedly block 99.9% of such threats.
- Quote:
  “Gmail itself was never compromised, adding that its protections block 99.9% of such threats and urged users to remain vigilant against scams.” (Sarah Lane, 00:25)

2. Cloudflare Thwarts Largest-Ever DDoS Attack

[01:01–01:45]

Cloudflare successfully blocked a record-breaking Distributed Denial of Service (DDoS) attack, which peaked at 11.5 terabits per second.
- The attack was a short-lived UDP flood, primarily originating from Google Cloud infrastructure.
- Cloudflare highlighted a surge in such attacks, with network-layer assaults up over 500% year-over-year.
- Noted that previous records stood at 7.3 Tbps in June 2025 and 3.8 Tbps in 2024.
- Quote:
  “Cloudflare says it blocked the largest DDoS attack ever recorded, which peaked at 11.5 teraBits per second…” (Sarah Lane, 01:10)

3. Jaguar Land Rover Cyber Attack Disrupts Operations

[01:46–02:10]

Jaguar Land Rover suffered a significant cyberattack disrupting production and retail systems.
- Operations shut down at sites such as the Solihull plant in the UK.
- No evidence of customer data theft as of reporting.
- The company is restoring systems but offered no details about the attack vector or timeline.

4. Amazon Halts APT29 Credential Theft Campaign

[02:11–02:58]

Amazon disrupted an advanced credential theft operation by APT29 (Russia-linked group behind the SolarWinds breach).
- Attackers compromised legit websites to send users to fake Cloudflare verification pages, abusing Microsoft’s device code authentication flow.
- The campaign used obfuscation and precision targeting.
- Amazon eliminated the threat infrastructure and advised reviewing Microsoft’s security guidance.
- Quote:
  “Amazon says it disrupted a credential theft campaign by a Russian state linked group behind the SolarWinds hack.” (Sarah Lane, 02:13)
- Advice to organizations: Restrict device authentication if not required.

5. CISA Appoints Nicholas Anderson as Executive Assistant Director

[03:27–03:58]

Nicholas Anderson appointed to lead cybersecurity at CISA.
- Formerly at Department of Energy and COO of Invictus International Consulting.
- Expected to strengthen ties with infrastructure partners.

6. JSON Config Leak Exposes Azure Directory Credentials

[03:59–04:29]

A misconfigured appsettings.json in ASP.NET Core apps exposed Azure Active Directory credentials.
- Leaked secrets allowed attackers access via OAuth 2.0 endpoints.
- Risk of data theft, privilege escalation, and malicious deployments highlighted.
- Insight:
  “Experts say the case underscores ongoing risks from cloud misconfigurations and hard coded secrets.” (Sarah Lane, 04:24)

7. Pennsylvania AG Resists Ransom, Recovers from Attack

[04:30–04:56]

Pennsylvania Attorney General's Office almost fully restored after an August 11 ransomware attack (linked to Citrix Bleed vulnerabilities).
- Ransom demands were refused.
- Some court case delays, but prosecutions and investigations continued unhindered.
- Reflects a growing trend of ransomware attacks on state and local governments.

8. Sangoma Patches Zero-Day Affecting FreePBX Servers

[04:57–05:37]

Emergency patch released for critical FreePBX zero-day vulnerability.
- Allowed admin panel access, DB manipulation, and remote code execution.
- Exploited in the wild since August 21, affecting versions 15–17.
- Added to CISA's Known Exploited Vulnerabilities catalog; federal agencies urged to patch by September 19.
- Sangoma shared indicators of compromise (IOCs) and mitigation tips.

Notable Quotes & Memorable Moments

Sarah Lane [00:09]:

"2.5 billion Gmail users at risk entirely false, says Google."
Sarah Lane [01:10]:

"Cloudflare says it blocked the largest DDoS attack ever recorded, which peaked at 11.5 teraBits per second..."
Sarah Lane [02:13]:

"Amazon says it disrupted a credential theft campaign by a Russian state linked group behind the SolarWinds hack."
Sarah Lane [04:24]:

"Experts say the case underscores ongoing risks from cloud misconfigurations and hard coded secrets."

Timestamps for Important Segments

00:09 — Google refutes Gmail security rumors
01:10 — Cloudflare blocks record-setting DDoS attack
01:46 — Jaguar Land Rover production disruptions
02:13 — Amazon stymies APT29 credential theft
03:27 — CISA taps Nicholas Anderson
03:59 — JSON config file leaks Azure credentials
04:30 — Pennsylvania AG recovers from ransomware
04:57 — Sangoma patches FreePBX zero-day

Episode Tone and Language

Conclusion

For full stories, listeners are encouraged to visit CISOseries.com.

wavePod

Google: Gmail is secure, Cloudflare blocks largest DDoS attack, Amazon shutters theft campaign

Powered by Wave AI

Summary

Cyber Security Headlines (CISO Series)

Episode Summary:

Episode Overview

Key Discussion Points and Insights

1. Google Refutes Gmail Security Rumors

2. Cloudflare Thwarts Largest-Ever DDoS Attack

3. Jaguar Land Rover Cyber Attack Disrupts Operations

4. Amazon Halts APT29 Credential Theft Campaign

5. CISA Appoints Nicholas Anderson as Executive Assistant Director

6. JSON Config Leak Exposes Azure Directory Credentials

7. Pennsylvania AG Resists Ransom, Recovers from Attack

8. Sangoma Patches Zero-Day Affecting FreePBX Servers

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone and Language

Conclusion

Summary

Cyber Security Headlines (CISO Series)

Episode Summary:

Episode Overview

Key Discussion Points and Insights

1. Google Refutes Gmail Security Rumors

2. Cloudflare Thwarts Largest-Ever DDoS Attack

3. Jaguar Land Rover Cyber Attack Disrupts Operations

4. Amazon Halts APT29 Credential Theft Campaign

5. CISA Appoints Nicholas Anderson as Executive Assistant Director

6. JSON Config Leak Exposes Azure Directory Credentials

7. Pennsylvania AG Resists Ransom, Recovers from Attack

8. Sangoma Patches Zero-Day Affecting FreePBX Servers

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Episode Tone and Language

Conclusion