Hybrid Exchange flaw, France telecom breach, Dialysis company attack

Fri Aug 08 2025

Microsoft warns of high-severity flaw in hybrid Exchange deployments France’s third-largest mobile operator suffers breach Dialysis company’s April attack affects 900,000 people Huge thanks to our sponsor, ThreatLocker ® is a global leader in...

Summary

Cyber Security Headlines: August 8, 2025
Hosted by CISO Series

On August 8, 2025, the CISO Series delivered a comprehensive episode of "Cyber Security Headlines," hosted by Steve Prentiss. This episode delved into critical cybersecurity incidents and vulnerabilities affecting major organizations worldwide. Below is a detailed summary of the key topics discussed, enriched with notable quotes and structured to provide a clear understanding for those who haven't listened to the episode.

1. Microsoft Identifies High Severity Flaw in Hybrid Exchange Deployments

Steve Prentiss opened the discussion by highlighting a significant vulnerability reported by Microsoft:

Steve Prentiss (00:06): "Microsoft warns of high severity flaw in hybrid Exchange deployments... By abusing this shared identity, attackers who control the on-prem Exchange can potentially forge or manipulate trusted tokens or API calls that the cloud side will accept as legitimate as they implicitly trust the on-premise server."

Key Points:

Affected Systems: Exchange Server 2016, Exchange Server 2019, and the latest Microsoft Exchange Server Subscription Edition.
Vulnerability Details: The flaw allows attackers to escalate privileges within Exchange Online cloud environments by exploiting the trust relationship between on-premises and cloud servers.
Current Status: No known exploitation has been observed in the wild, but Microsoft has flagged the vulnerability as highly likely to be exploited.

2. France's BOUYGES Telecom Suffers Data Breach

Next, Prentiss addressed a major breach affecting France's telecommunications sector:

Steve Prentiss (02:15): "France's third largest mobile operator, BOUYGES Telecom, announced on Wednesday that it had been hit by a cyber attack that compromised the data of millions of customers."

Key Points:

Impact: Unauthorized access to personal data from 6.4 million customer accounts, encompassing both mobile and fiber-to-home services.
Company Response: The breach has been resolved, with BOUYGES Telecom emphasizing that specific account types affected were not distinguished in their statement.
Context: This incident follows a similar breach last week affecting Orange, France's largest telecom provider, although Orange did not disclose specific customer data compromises.
Further Updates: No reported impacts on other customers in either retail or enterprise segments.

3. DaVita's April Ransomware Attack Exposes Sensitive Health Information

Prentiss revisited a significant healthcare-related cybersecurity incident:

Steve Prentiss (04:50): "Dialysis company's April attack affects 900,000 people... DaVita, a Denver-based healthcare provider, revealed that a ransomware attack in April led to unauthorized access to personal and medical information of over 900,000 individuals."

Key Points:

Data Compromised: Personal information, health insurance details, and medical records.
Attackers: The Interloc ransomware gang claimed responsibility, asserting a 1.5 terabyte data haul.
Impact: DaVita's critical role in treating end-stage renal disease means the breach has serious implications for patient care continuity.
Significance: Highlights the vulnerability of healthcare providers to ransomware attacks and the potential human cost of such breaches.

4. Security Flaws Discovered in Axis Communications Video Surveillance Products

The episode also covered vulnerabilities in video surveillance systems:

Steve Prentiss (06:10): "Researchers from security firm Clarity have identified a number of security flaws in video surveillance products from Axis Communications... These could be vulnerable to RCE takeover attacks."

Key Points:

Affected Products: Axis Device Manager and Axis Camera Station.
Vulnerability Details: Over 6,500 servers expose the Axis proprietary remoting protocol and associated services online, with nearly 4,000 located in the U.S.
Severity: Four CVEs identified, with scores ranging from 4.8 to 9.0 on the CVSS scale.
Potential Exploits: Remote Code Execution (RCE) attacks that could allow attackers to take control of surveillance systems.

5. Data Breaches at Air France and KLM

Prentiss reported on cybersecurity incidents within the aviation industry:

Steve Prentiss (07:00): "Air France and KLM announced data breaches where attackers accessed a customer service platform, stealing data of an undisclosed number of customers."

Key Points:

Company: Part of the multinational Air France KLM Group.
Data Compromised: Although the group stated that financial and personal information was not affected, the exact scope remains unclear.
Attribution: Bleeping Computer linked this breach to the Shiny Hunters extortion group, known for targeting Salesforce instances through vishing and social engineering tactics.

6. Ghost Calls: A New Command and Control Evasion Technique

Concluding the episode, Prentiss discussed an innovative cyberattack method introduced at Black Hat USA:

Steve Prentiss (08:45): "Security researcher Adam Crosser described Ghost Calls, a post-exploitation C2 evasion method that abuses turn servers... allowing operators to blend command and control sessions into normal enterprise traffic patterns."

Key Points:

Mechanism: Exploits WebRTC protocols and temporary TURN credentials used in video calls to establish covert communication channels.
Impact: Enables attackers to bypass traditional defenses without relying on exploits, making detection significantly more challenging.
Implications: Organizations need to enhance monitoring of WebRTC traffic and scrutinize unusual patterns that may indicate covert C2 activities.

Additional Insights and Events

Beyond the primary topics, the episode briefly mentioned upcoming live events hosted by CISO Series:

Super Cyber Friday (13:00): Focused on "Hacking Toxic Culture," encouraging critical thinking about cultural issues within cybersecurity.
Week in Review (15:30 Eastern): Featuring Montes Fitzpatrick, CISO at Navis, offering expert commentary on recent cybersecurity news.

Listeners were encouraged to participate and provide feedback via the CISO Series website.

Conclusion

The August 8, 2025, episode of "Cyber Security Headlines" provided an in-depth overview of current cybersecurity threats and vulnerabilities impacting various sectors, from technology and telecommunications to healthcare and aviation. With insights into emerging attack techniques like Ghost Calls and the ongoing challenges faced by major organizations, the episode underscored the evolving landscape of cybersecurity and the critical need for robust defense mechanisms.

For more detailed stories and updates, listeners are directed to visit CISOseries.com.

Summary

Cyber Security Headlines: August 8, 2025
Hosted by CISO Series

1. Microsoft Identifies High Severity Flaw in Hybrid Exchange Deployments

Steve Prentiss opened the discussion by highlighting a significant vulnerability reported by Microsoft:

Steve Prentiss (00:06): "Microsoft warns of high severity flaw in hybrid Exchange deployments... By abusing this shared identity, attackers who control the on-prem Exchange can potentially forge or manipulate trusted tokens or API calls that the cloud side will accept as legitimate as they implicitly trust the on-premise server."

Key Points:

Affected Systems: Exchange Server 2016, Exchange Server 2019, and the latest Microsoft Exchange Server Subscription Edition.
Vulnerability Details: The flaw allows attackers to escalate privileges within Exchange Online cloud environments by exploiting the trust relationship between on-premises and cloud servers.
Current Status: No known exploitation has been observed in the wild, but Microsoft has flagged the vulnerability as highly likely to be exploited.

2. France's BOUYGES Telecom Suffers Data Breach

Next, Prentiss addressed a major breach affecting France's telecommunications sector:

Steve Prentiss (02:15): "France's third largest mobile operator, BOUYGES Telecom, announced on Wednesday that it had been hit by a cyber attack that compromised the data of millions of customers."

Key Points:

Impact: Unauthorized access to personal data from 6.4 million customer accounts, encompassing both mobile and fiber-to-home services.
Company Response: The breach has been resolved, with BOUYGES Telecom emphasizing that specific account types affected were not distinguished in their statement.
Context: This incident follows a similar breach last week affecting Orange, France's largest telecom provider, although Orange did not disclose specific customer data compromises.
Further Updates: No reported impacts on other customers in either retail or enterprise segments.

3. DaVita's April Ransomware Attack Exposes Sensitive Health Information

Prentiss revisited a significant healthcare-related cybersecurity incident:

Steve Prentiss (04:50): "Dialysis company's April attack affects 900,000 people... DaVita, a Denver-based healthcare provider, revealed that a ransomware attack in April led to unauthorized access to personal and medical information of over 900,000 individuals."

Key Points:

Data Compromised: Personal information, health insurance details, and medical records.
Attackers: The Interloc ransomware gang claimed responsibility, asserting a 1.5 terabyte data haul.
Impact: DaVita's critical role in treating end-stage renal disease means the breach has serious implications for patient care continuity.
Significance: Highlights the vulnerability of healthcare providers to ransomware attacks and the potential human cost of such breaches.

4. Security Flaws Discovered in Axis Communications Video Surveillance Products

The episode also covered vulnerabilities in video surveillance systems:

Steve Prentiss (06:10): "Researchers from security firm Clarity have identified a number of security flaws in video surveillance products from Axis Communications... These could be vulnerable to RCE takeover attacks."

Key Points:

Affected Products: Axis Device Manager and Axis Camera Station.
Vulnerability Details: Over 6,500 servers expose the Axis proprietary remoting protocol and associated services online, with nearly 4,000 located in the U.S.
Severity: Four CVEs identified, with scores ranging from 4.8 to 9.0 on the CVSS scale.
Potential Exploits: Remote Code Execution (RCE) attacks that could allow attackers to take control of surveillance systems.

5. Data Breaches at Air France and KLM

Prentiss reported on cybersecurity incidents within the aviation industry:

Steve Prentiss (07:00): "Air France and KLM announced data breaches where attackers accessed a customer service platform, stealing data of an undisclosed number of customers."

Key Points:

Company: Part of the multinational Air France KLM Group.
Data Compromised: Although the group stated that financial and personal information was not affected, the exact scope remains unclear.
Attribution: Bleeping Computer linked this breach to the Shiny Hunters extortion group, known for targeting Salesforce instances through vishing and social engineering tactics.

6. Ghost Calls: A New Command and Control Evasion Technique

Concluding the episode, Prentiss discussed an innovative cyberattack method introduced at Black Hat USA:

Steve Prentiss (08:45): "Security researcher Adam Crosser described Ghost Calls, a post-exploitation C2 evasion method that abuses turn servers... allowing operators to blend command and control sessions into normal enterprise traffic patterns."

Key Points:

Mechanism: Exploits WebRTC protocols and temporary TURN credentials used in video calls to establish covert communication channels.
Impact: Enables attackers to bypass traditional defenses without relying on exploits, making detection significantly more challenging.
Implications: Organizations need to enhance monitoring of WebRTC traffic and scrutinize unusual patterns that may indicate covert C2 activities.

Additional Insights and Events

Beyond the primary topics, the episode briefly mentioned upcoming live events hosted by CISO Series:

Super Cyber Friday (13:00): Focused on "Hacking Toxic Culture," encouraging critical thinking about cultural issues within cybersecurity.
Week in Review (15:30 Eastern): Featuring Montes Fitzpatrick, CISO at Navis, offering expert commentary on recent cybersecurity news.

Listeners were encouraged to participate and provide feedback via the CISO Series website.

Conclusion

For more detailed stories and updates, listeners are directed to visit CISOseries.com.

wavePod

Hybrid Exchange flaw, France telecom breach, Dialysis company attack

Powered by Wave AI

Summary

1. Microsoft Identifies High Severity Flaw in Hybrid Exchange Deployments

2. France's BOUYGES Telecom Suffers Data Breach

3. DaVita's April Ransomware Attack Exposes Sensitive Health Information

4. Security Flaws Discovered in Axis Communications Video Surveillance Products

5. Data Breaches at Air France and KLM

6. Ghost Calls: A New Command and Control Evasion Technique

Additional Insights and Events

Summary

1. Microsoft Identifies High Severity Flaw in Hybrid Exchange Deployments

2. France's BOUYGES Telecom Suffers Data Breach

3. DaVita's April Ransomware Attack Exposes Sensitive Health Information

4. Security Flaws Discovered in Axis Communications Video Surveillance Products

5. Data Breaches at Air France and KLM

6. Ghost Calls: A New Command and Control Evasion Technique

Additional Insights and Events