Kettering data published, Reddit sues Anthropic, North Face breached - Cybersecurity Headlines

Summary

Cyber Security Headlines - June 6, 2025 Hosted by Steve Prentiss, CISO Series

1. Kettering Health Data Breach

In a significant update to last month's report, Kettering Health, a non-profit Ohio-based healthcare network, continues to grapple with the repercussions of a substantial data breach. Despite ongoing efforts to rebuild and restore its systems, the interlocked ransomware gang responsible has released 941 gigabytes of sensitive data. This data dump includes ID cards, financial reports, payment information, and more, as reported by Security Week.

Steve Prentiss highlights, “[...] it appears that it did not give in to the threat actor's extortion attempts and did not pay a ransom” (00:00). This stance underscores Kettering Health's commitment to resisting cyber extortion, although the specifics of the cyberattack remain undisclosed.

2. Reddit Sues Anthropic Over Data Scraping

Reddit is at the forefront of a legal battle against Anthropic, an AI startup accused of unauthorized data scraping. According to LinkedIn News, Reddit alleges that Anthropic engaged in over 100,000 unauthorized accesses to its forums, violating Reddit’s public content policy. Unlike partnerships Reddit maintains with companies like OpenAI and Google for training their language models, no such agreement exists with Anthropic.

Steve notes, “Reddit is leading the latest battle to stop artificial intelligence companies from scraping digital data without authorization” (00:00). The lawsuit claims that Anthropic’s actions constitute unfair business practices, potentially setting a precedent for protecting digital content from unauthorized AI training.

3. North Face Customer Accounts Breach

North Face, a prominent outdoor clothing retailer, disclosed a data breach affecting nearly 3,000 customers on its retail website in April. This incident is part of a broader trend of cyberattacks targeting consumer retail sectors. VF Outdoor, the parent company of North Face, Jansport, and Timberland, issued breach notification letters stating that the breach involved basic Personally Identifiable Information (PII) without compromising payment details.

An investigation revealed, “[...] an attacker launched a credential stuffing attack on the North Face website using login information stolen from other breaches to gain access to user accounts” (00:00). This method highlights the persistent threat of credential reuse and the importance of robust password practices.

4. Cisco ISE Authentication Bypass Vulnerability

A critical vulnerability has been identified in Cisco’s Identity Services Engine (ISE), impacting cloud deployments on platforms such as AWS, Azure, and Oracle Cloud Infrastructure (OCI). Assigned a CVE number and a CVSS score of 9.9, this static credential vulnerability allows unauthenticated actors to perform malicious actions on susceptible systems.

Steve emphasizes, “Cisco also acknowledges the existence of a proof of concept exploit, but says there is no evidence that it has been maliciously exploited in the wild” (00:00). Organizations using Cisco ISE are urged to apply patches and monitor their systems closely to mitigate potential threats.

5. Sentencing of VILE Cybercriminals

Two members of the cybercriminal group known as VILE have been sentenced for their roles in hacking a federal law enforcement web portal as part of an extortion scheme. VILE specializes in doxxing and employs tactics such as manipulating customer service employees, submitting fraudulent legal requests, bribing corporate insiders, and exploiting both public and private online databases.

The sentenced individuals, aged 21 and 26 from Rhode Island and Queens, New York, were found to have “[...] impersonated law enforcement, illegally accessed government databases, and even faked life-threatening situations to bypass criminal procedures through which they could attain sensitive personal information” (00:00). Each faces a two-year sentence, highlighting the legal system’s stance against sophisticated cybercrimes.

6. Chrome Extensions Leak API Keys and User Data

Researchers from Symantec's Security Team have identified vulnerabilities in several popular Google Chrome extensions. These extensions unintentionally transmit data over HTTP, exposing sensitive information such as browsing domains, machine IDs, operating system details, usage analytics, and uninstall data in plain text. Additionally, some extensions have hard-coded secrets within their code, further compromising security.

Steve points out, “Cisco adds that the fact that the network traffic is unencrypted also means that they are susceptible to adversary in the middle attacks, allowing malicious actors on the same network, such as public Wi-Fi, to intercept and even worse, modify this data” (00:00). Affected extensions are listed in the show notes, and users are advised to review their installed extensions for potential risks.

7. Cyber Attacks on Oklahoma and Puerto Rico Governments

Durant, Oklahoma, experienced a ransomware attack that disrupted digital and credit card payments and caused network outages within its police department. Simultaneously, the Justice Department of Puerto Rico reported a cyberattack impacting the Criminal Justice Information Office. In response, the office has suspended some services as a preventive measure to protect the integrity of its data.

These incidents illustrate the ongoing vulnerability of governmental institutions to cyber threats, emphasizing the need for enhanced cybersecurity measures across public sectors.

8. Sean Cairncross' Senate Confirmation Hearing

During his Senate confirmation hearing, Sean Cairncross, candidate for the Office of the National Cyber Director, articulated his vision for leading the office with a focus on interagency coordination and aligning cybersecurity strategies with administration policies. Despite acknowledging his limited technical expertise, Cairncross emphasized his leadership experience in managing large organizations and responding to cyberattacks, particularly during his tenure at the Republican National Committee.

He highlighted the proactive stance against foreign threats, specifically citing Chinese hacking groups as the foremost cybersecurity threat to the U.S. His testimony reflects a strategic approach to national cybersecurity, prioritizing coordination and policy alignment over technical maneuvering.

Upcoming Events and Additional Information

Steve Prentiss invites listeners to join the Week in Review show featuring Rusty Waldron, Chief Business Security Officer at ADP, for expert commentary on the week's cybersecurity news. Participation is encouraged via the YouTube live channel, with registration available on the events page. Feedback and thoughts on the news or the show can be shared through the CISO Series feedback portal.

For in-depth coverage of these headlines and more, visit CISOseries.com.

This summary is based on the podcast transcript from the episode titled "Kettering data published, Reddit sues Anthropic, North Face breached" released on June 6, 2025.

Transcript

Steve Prentiss (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Friday, June 6, 2025. I'm Steve Prentiss. Stolen Kettering Health data published following up on a story we covered last month. While the not for profit Ohio based healthcare network Kettering Health has been rebuilding and restoring its systems and services, the interlocked ransomware gang appears to have posted 941 gigabytes of data from the organization, including ID cards, financial reports, payment data and more, according to Security Week. While the healthcare provider has not said much about the type of cyber attack it fell victim to, it appears that it did not give in to the threat actor's extortion attempts and did not pay a ransom. End quote Reddit suesanthropic for scraping According to LinkedIn News, Reddit is leading the latest battle to stop artificial intelligence companies from scraping digital data without authorization, end quote it has launched a lawsuit against Anthropic saying it has been harmed by the AI startup's unfair business acts, end quote the suit claims that Anthropic had accessed Reddit's forums over 100,000 times in violation of Reddit's public content policy. Reddit does have partnerships that allow OpenAI and Google to train their language models on its content, but it does not have such a relationship with Anthropic. North Face website Customer accounts breached the attacks on consumer retail organizations continue with the outdoor clothing company North Face stating that almost 3,000 customers were affected by a data breach on its retail website in April. Parent company VF Outdoor, which also owns the Jansport and Timberland brands, announced in breached notification letters that it initially discovered unusual activity. On April 23, basic PII was accessed, but not payment details, they stated. Quote an investigation revealed that an attacker launched a credential stuffing attack on the North Face website using login information stolen from other breaches to gain access to user accounts. End quote Cisco ISE Auth bypass flaw impacts cloud deployments on AWS app Azure and oci. This flaw impacting the identity services engine ISE could allow unauthenticated actors to carry out malicious actions on susceptible systems. With a CVE number and a CVSS score of 9.9, it is described as a static credential vulnerability. Cisco also acknowledges the existence of a proof of concept exploit, but says there is no evidence that it has been maliciously exploited in the wild. Huge thanks to our sponsor Conveyor. Let me guess, another security questionnaire just landed in your inbox, which means all the follow up tasks you don't have time for are close behind. So what are you going to do? Here's a better what would sue do? Sue is Conveyor's new AI agent for customer trust. She handles the entire security review process, like answering every customer request from sales, completing every questionnaire, or executing every communications and coordination task in between. No more manual work, just a quick review when she's done. Ready to let sue take the reins? Learn more@conveyor.com that is www. C o n v e y-o r.com vile gang members sentenced two members of a group of cybercriminals named vile, that is v I l E were sentenced this week for hacking into a federal law enforcement web portal as part of an extortion scheme. Vial specializes in doxxing based on information they extract from tricking customer service employees, submitting fraudulent legal requests to social media companies, bribing corporate insiders, and searching public and private online databases. The individuals in question, aged 21 and 26 and based in Rhode island and Queens, New York also quote, impersonated law enforcement, illegally accessed government databases, and even faked life threatening situations to bypass criminal procedures through which they could attain sensitive personal information. End quote. They each face sentences of two years Chrome Extensions Leak API Keys and User Data Researchers at Symantec's Security team state that several popular Google Chrome extensions have been found to unintentionally transmit data in HTTP and hard code secrets in their code, potentially exposing browsing domains, machine IDs, operating system details, usage analytics and even uninstall information all in plain text. Cisco adds that the fact that the network traffic is unencrypted also means that they are susceptible to adversary in the middle attacks, allowing malicious actors on the same network, such as public WI fi, to intercept and even worse, modify this data, which could lead to far more serious consequences. A list of the affected extensions is available in the show Notes to this episode. Oklahoma and Puerto Rico Governments Suffer Cyber Attacks A ransomware attack has caused problems for residents of the city of Durant, Oklahoma, resulting in some issues for digital and credit card payments and network outages for its police department. Meanwhile, the Justice Department of Puerto Rico has announced a cyberattack impacting the Criminal Justice Information Office. As part of its preventative measures for safeguarding the integrity of its data, the Office has undertaken to suspend some services. Sean Cairncross has policy Coordination in Mind at his Senate confirmation hearing, Sean Keircross outlined his vision for leading the Office of the National Cyber Director, emphasizing the need for interagency coordination and alignment with administration policy. While acknowledging his lack of technical cyber expertise, Cairn Cross highlighted his leadership experience in managing large organizations and responding to cyberattacks during his tenure at the Republican National Committee. He avoided directly addressing concerns about potential cuts to cisa, but stressed a proactive stance against foreign threats, citing recent attacks by Chinese hacking groups. He identified China as the top cybersecurity threat facing the U.S. make sure to join us later today at 3:30pm Eastern for our Week in Review show. Rusty Waldron, Chief Business Security Officer at adp, will be our guest providing his expert commentary on the news of the week, and we encourage participation and comments through our YouTube live channel. Just go to the events page@cisoseries.com to register. And if you have some thoughts on the news from today or about the show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.