Cyber Security Headlines: November 7, 2025

Host: Steve Prentiss
Main Focus: The latest cybersecurity news, featuring evolving tactics by hackers, concerning breaches, vulnerabilities in major systems, and ongoing policy debates in Europe.

Episode Overview

This episode centers on new methods cybercriminals are using to evade detection, critical security vulnerabilities across major platforms and organizations, persistent problems with weak passwords, and regulatory shifts in Europe regarding data sharing. Notably, the episode highlights how threat actors are leveraging virtualization to bypass EDR, major breaches in Poland, a revealing story of security failings at the Louvre after a high-profile robbery, and destructive cyberattacks targeting Ukraine’s grain sector.

Key Discussion Points & Insights

1. Hackers Exploit Windows Hyper-V to Evade EDR Detection

[00:15]
- Threat actor group “Curly Comrades” utilizes Windows Hyper-V to run a minimalist Alpine Linux VM within infected endpoints.
- Purpose: Deploy custom malware (“Curly Shell”—custom reverse shell, and “Curl Cat”—reverse proxy) beyond the reach of typical endpoint detection and response (EDR) solutions.
- Geographic focus: Georgia, South Caucasus.

2. Critical Cisco UCCX Flaw Enabling Root Command Execution

[01:00]
- Cisco patched a significant vulnerability in “Unified Contact Center Express” (UCCX).
- The flaw allowed attackers to execute commands as root due to “improper authentication mechanisms associated to specific Cisco Unified CCX features.”
- UCCX is essential for call centers (supports up to 400 agents).

3. Large-Scale Cyber Attacks in Poland

[01:55]
- Digital Affairs Minister Krzysztof Gachowski:
  
  “These [cyber attacks] are now a daily occurrence.” (paraphrased, 01:57)
- Three major victims:
  - Supergross (online loan platform): PII of at least 10,000 customers stolen.
  - Blick (mobile payments): DDoS caused brief disruption.
  - Noa Itaka (largest travel agency): hit by unspecified attack.
- No confirmed links between the incidents; attack on Blick reportedly from Russia.

4. Louvre Museum Security Failures Exposed Post-Jewel Theft

[03:10]
- After a notorious theft of the French crown jewels, a 2014 audit revealed:
  - Password for video surveillance was literally “Louvre.”
  - Key security software was over 20 years old and unsupported.
  - “Significant delays and omissions in updating and expanding the museum's security.”
- Museum director Laurence Descartes’ resignation was refused by the French Culture Minister despite mounting pressure.

5. Popular Passwords in 2025 Remain Predictable

[04:10]
- Comparatech’s new report: Top 10 passwords include variations on “123456,” “password,” and “admin.”
- Others—“gin,” “a row of 10/8,” “root,” “India123,” “Minecraft”—round out the set.
- Paul Bischoff, Comparatech:
  
  “Companies that do not enforce good password techniques represent the most pressing problem.” (email interview, 04:32)

6. SonicWall Customer Portal Attack Attributed to Nation-State

[05:08]
- October brute-force and API attack on SonicWall cloud backup service.
- Bob Vankirk (CEO):
  
  “There was no impact to any SonicWall product, firmware, source code, production network or to any customer data or any other SonicWall system.” (video update, 05:36)
- Contrary advice from external experts: leaked configuration files include sensitive data (firewall rules, encrypted credentials).

7. EU Parliament Advances Europol Data Sharing Proposal

[06:00]
- Lawmakers voted to expand Europol’s capacity to share data and collect biometrics to combat human trafficking and migrant smuggling.
- Next step: full plenary vote before becoming law.

8. Sandworm Hacker Group Wiper Attacks on Ukraine’s Grain Sector

[06:26]
- Russian “Sandworm” group deployed multiple wiper malware campaigns against Ukraine in June and September.
- Focus: education, government, and especially the grain sector—the country’s main revenue.
- Tactic: Data is not ransomed, but outright destroyed, as part of sabotage.

Notable Quotes & Memorable Moments

On Museum Security:

“The password for the video surveillance system, for example, was Louvre L O U V R E, and this was according to a security audit performed in 2014.” — Steve Prentiss [03:18]
On Password Trends:

“Among the top 100 most used passwords of 2025, eight out of the top 10 are variations of 1, 2, 3, 4, 5, 6, with the other two being password and admin.” — Steve Prentiss [04:13]
On the SonicWall Leak:

“Those files contain a treasure trove of sensitive data, including firewall rules, encrypted credentials, routing configurations and more.” — Ryan Dewhurst, Watchtower [05:46]

Timestamps for Important Segments

[00:15] — Hackers use Hyper-V to deploy malware in Georgia.
[01:00] — Critical Cisco UCCX flaw patched.
[01:55] — Major cyber attacks reported in Poland.
[03:10] — Reveal of security failures at the Louvre post-robbery.
[04:10] — 2025 password trends: old habits persist.
[05:08] — SonicWall breach attributed to nation-state actor.
[06:00] — EU Parliament moves data sharing proposal ahead.
[06:26] — Sandworm’s continued cyber sabotage in Ukraine.

Tone & Style

The episode maintains a brisk, news-centric tone—concise, matter-of-fact, yet occasionally incredulous at persistent or glaring security missteps (e.g., “Louvre” as a password). The host, Steve Prentiss, delivers the headlines with clarity and urgency, stressing both immediate technical details and broader implications for organizations and industry observers.

Conclusion

This episode underscores several urgent themes: attacker innovation (virtualization for EDR evasion), the persistence of simple security failings (weak passwords, outdated software), the increasing severity and political impact of nation-state attacks, and the policy shifts required to meet these challenges. Organizations are urged to address not just sophisticated threats, but also the ongoing basics—such as password hygiene and timely system upgrades—while keeping watch on regulatory developments in Europe that may reshape enforcement and data sharing.

Cyber Security Headlines: November 7, 2025

Episode Overview

Key Discussion Points & Insights

1. Hackers Exploit Windows Hyper-V to Evade EDR Detection

[00:15]
- Threat actor group “Curly Comrades” utilizes Windows Hyper-V to run a minimalist Alpine Linux VM within infected endpoints.
- Purpose: Deploy custom malware (“Curly Shell”—custom reverse shell, and “Curl Cat”—reverse proxy) beyond the reach of typical endpoint detection and response (EDR) solutions.
- Geographic focus: Georgia, South Caucasus.

2. Critical Cisco UCCX Flaw Enabling Root Command Execution

[01:00]
- Cisco patched a significant vulnerability in “Unified Contact Center Express” (UCCX).
- The flaw allowed attackers to execute commands as root due to “improper authentication mechanisms associated to specific Cisco Unified CCX features.”
- UCCX is essential for call centers (supports up to 400 agents).

3. Large-Scale Cyber Attacks in Poland

[01:55]
- Digital Affairs Minister Krzysztof Gachowski:
  
  “These [cyber attacks] are now a daily occurrence.” (paraphrased, 01:57)
- Three major victims:
  - Supergross (online loan platform): PII of at least 10,000 customers stolen.
  - Blick (mobile payments): DDoS caused brief disruption.
  - Noa Itaka (largest travel agency): hit by unspecified attack.
- No confirmed links between the incidents; attack on Blick reportedly from Russia.

4. Louvre Museum Security Failures Exposed Post-Jewel Theft

[03:10]
- After a notorious theft of the French crown jewels, a 2014 audit revealed:
  - Password for video surveillance was literally “Louvre.”
  - Key security software was over 20 years old and unsupported.
  - “Significant delays and omissions in updating and expanding the museum's security.”
- Museum director Laurence Descartes’ resignation was refused by the French Culture Minister despite mounting pressure.

5. Popular Passwords in 2025 Remain Predictable

[04:10]
- Comparatech’s new report: Top 10 passwords include variations on “123456,” “password,” and “admin.”
- Others—“gin,” “a row of 10/8,” “root,” “India123,” “Minecraft”—round out the set.
- Paul Bischoff, Comparatech:
  
  “Companies that do not enforce good password techniques represent the most pressing problem.” (email interview, 04:32)

6. SonicWall Customer Portal Attack Attributed to Nation-State

[05:08]
- October brute-force and API attack on SonicWall cloud backup service.
- Bob Vankirk (CEO):
  
  “There was no impact to any SonicWall product, firmware, source code, production network or to any customer data or any other SonicWall system.” (video update, 05:36)
- Contrary advice from external experts: leaked configuration files include sensitive data (firewall rules, encrypted credentials).

7. EU Parliament Advances Europol Data Sharing Proposal

[06:00]
- Lawmakers voted to expand Europol’s capacity to share data and collect biometrics to combat human trafficking and migrant smuggling.
- Next step: full plenary vote before becoming law.

8. Sandworm Hacker Group Wiper Attacks on Ukraine’s Grain Sector

[06:26]
- Russian “Sandworm” group deployed multiple wiper malware campaigns against Ukraine in June and September.
- Focus: education, government, and especially the grain sector—the country’s main revenue.
- Tactic: Data is not ransomed, but outright destroyed, as part of sabotage.

Notable Quotes & Memorable Moments

On Museum Security:

“The password for the video surveillance system, for example, was Louvre L O U V R E, and this was according to a security audit performed in 2014.” — Steve Prentiss [03:18]
On Password Trends:

“Among the top 100 most used passwords of 2025, eight out of the top 10 are variations of 1, 2, 3, 4, 5, 6, with the other two being password and admin.” — Steve Prentiss [04:13]
On the SonicWall Leak:

“Those files contain a treasure trove of sensitive data, including firewall rules, encrypted credentials, routing configurations and more.” — Ryan Dewhurst, Watchtower [05:46]

Timestamps for Important Segments

[00:15] — Hackers use Hyper-V to deploy malware in Georgia.
[01:00] — Critical Cisco UCCX flaw patched.
[01:55] — Major cyber attacks reported in Poland.
[03:10] — Reveal of security failures at the Louvre post-robbery.
[04:10] — 2025 password trends: old habits persist.
[05:08] — SonicWall breach attributed to nation-state actor.
[06:00] — EU Parliament moves data sharing proposal ahead.
[06:26] — Sandworm’s continued cyber sabotage in Ukraine.

wavePod

Hackers use Hyper-V, Cisco UCCX flaw, The Louvre's password

Powered by Wave AI

Summary

Cyber Security Headlines: November 7, 2025

Episode Overview

Key Discussion Points & Insights

1. Hackers Exploit Windows Hyper-V to Evade EDR Detection

2. Critical Cisco UCCX Flaw Enabling Root Command Execution

3. Large-Scale Cyber Attacks in Poland

4. Louvre Museum Security Failures Exposed Post-Jewel Theft

5. Popular Passwords in 2025 Remain Predictable

6. SonicWall Customer Portal Attack Attributed to Nation-State

7. EU Parliament Advances Europol Data Sharing Proposal

8. Sandworm Hacker Group Wiper Attacks on Ukraine’s Grain Sector

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone & Style

Conclusion

Summary

Cyber Security Headlines: November 7, 2025

Episode Overview

Key Discussion Points & Insights

1. Hackers Exploit Windows Hyper-V to Evade EDR Detection

2. Critical Cisco UCCX Flaw Enabling Root Command Execution

3. Large-Scale Cyber Attacks in Poland

4. Louvre Museum Security Failures Exposed Post-Jewel Theft

5. Popular Passwords in 2025 Remain Predictable

6. SonicWall Customer Portal Attack Attributed to Nation-State

7. EU Parliament Advances Europol Data Sharing Proposal

8. Sandworm Hacker Group Wiper Attacks on Ukraine’s Grain Sector

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Tone & Style

Conclusion