Cyber Security Headlines - June 6, 2025 Hosted by Steve Prentiss, CISO Series

1. Kettering Health Data Breach

In a significant update to last month's report, Kettering Health, a non-profit Ohio-based healthcare network, continues to grapple with the repercussions of a substantial data breach. Despite ongoing efforts to rebuild and restore its systems, the interlocked ransomware gang responsible has released 941 gigabytes of sensitive data. This data dump includes ID cards, financial reports, payment information, and more, as reported by Security Week.

Steve Prentiss highlights, “[...] it appears that it did not give in to the threat actor's extortion attempts and did not pay a ransom” (00:00). This stance underscores Kettering Health's commitment to resisting cyber extortion, although the specifics of the cyberattack remain undisclosed.

2. Reddit Sues Anthropic Over Data Scraping

Reddit is at the forefront of a legal battle against Anthropic, an AI startup accused of unauthorized data scraping. According to LinkedIn News, Reddit alleges that Anthropic engaged in over 100,000 unauthorized accesses to its forums, violating Reddit’s public content policy. Unlike partnerships Reddit maintains with companies like OpenAI and Google for training their language models, no such agreement exists with Anthropic.

Steve notes, “Reddit is leading the latest battle to stop artificial intelligence companies from scraping digital data without authorization” (00:00). The lawsuit claims that Anthropic’s actions constitute unfair business practices, potentially setting a precedent for protecting digital content from unauthorized AI training.

3. North Face Customer Accounts Breach

North Face, a prominent outdoor clothing retailer, disclosed a data breach affecting nearly 3,000 customers on its retail website in April. This incident is part of a broader trend of cyberattacks targeting consumer retail sectors. VF Outdoor, the parent company of North Face, Jansport, and Timberland, issued breach notification letters stating that the breach involved basic Personally Identifiable Information (PII) without compromising payment details.

An investigation revealed, “[...] an attacker launched a credential stuffing attack on the North Face website using login information stolen from other breaches to gain access to user accounts” (00:00). This method highlights the persistent threat of credential reuse and the importance of robust password practices.

4. Cisco ISE Authentication Bypass Vulnerability

A critical vulnerability has been identified in Cisco’s Identity Services Engine (ISE), impacting cloud deployments on platforms such as AWS, Azure, and Oracle Cloud Infrastructure (OCI). Assigned a CVE number and a CVSS score of 9.9, this static credential vulnerability allows unauthenticated actors to perform malicious actions on susceptible systems.

Steve emphasizes, “Cisco also acknowledges the existence of a proof of concept exploit, but says there is no evidence that it has been maliciously exploited in the wild” (00:00). Organizations using Cisco ISE are urged to apply patches and monitor their systems closely to mitigate potential threats.

5. Sentencing of VILE Cybercriminals

Two members of the cybercriminal group known as VILE have been sentenced for their roles in hacking a federal law enforcement web portal as part of an extortion scheme. VILE specializes in doxxing and employs tactics such as manipulating customer service employees, submitting fraudulent legal requests, bribing corporate insiders, and exploiting both public and private online databases.

The sentenced individuals, aged 21 and 26 from Rhode Island and Queens, New York, were found to have “[...] impersonated law enforcement, illegally accessed government databases, and even faked life-threatening situations to bypass criminal procedures through which they could attain sensitive personal information” (00:00). Each faces a two-year sentence, highlighting the legal system’s stance against sophisticated cybercrimes.

6. Chrome Extensions Leak API Keys and User Data

Researchers from Symantec's Security Team have identified vulnerabilities in several popular Google Chrome extensions. These extensions unintentionally transmit data over HTTP, exposing sensitive information such as browsing domains, machine IDs, operating system details, usage analytics, and uninstall data in plain text. Additionally, some extensions have hard-coded secrets within their code, further compromising security.

Steve points out, “Cisco adds that the fact that the network traffic is unencrypted also means that they are susceptible to adversary in the middle attacks, allowing malicious actors on the same network, such as public Wi-Fi, to intercept and even worse, modify this data” (00:00). Affected extensions are listed in the show notes, and users are advised to review their installed extensions for potential risks.

7. Cyber Attacks on Oklahoma and Puerto Rico Governments

Durant, Oklahoma, experienced a ransomware attack that disrupted digital and credit card payments and caused network outages within its police department. Simultaneously, the Justice Department of Puerto Rico reported a cyberattack impacting the Criminal Justice Information Office. In response, the office has suspended some services as a preventive measure to protect the integrity of its data.

These incidents illustrate the ongoing vulnerability of governmental institutions to cyber threats, emphasizing the need for enhanced cybersecurity measures across public sectors.

8. Sean Cairncross' Senate Confirmation Hearing

During his Senate confirmation hearing, Sean Cairncross, candidate for the Office of the National Cyber Director, articulated his vision for leading the office with a focus on interagency coordination and aligning cybersecurity strategies with administration policies. Despite acknowledging his limited technical expertise, Cairncross emphasized his leadership experience in managing large organizations and responding to cyberattacks, particularly during his tenure at the Republican National Committee.

He highlighted the proactive stance against foreign threats, specifically citing Chinese hacking groups as the foremost cybersecurity threat to the U.S. His testimony reflects a strategic approach to national cybersecurity, prioritizing coordination and policy alignment over technical maneuvering.

Upcoming Events and Additional Information

Steve Prentiss invites listeners to join the Week in Review show featuring Rusty Waldron, Chief Business Security Officer at ADP, for expert commentary on the week's cybersecurity news. Participation is encouraged via the YouTube live channel, with registration available on the events page. Feedback and thoughts on the news or the show can be shared through the CISO Series feedback portal.

For in-depth coverage of these headlines and more, visit CISOseries.com.

This summary is based on the podcast transcript from the episode titled "Kettering data published, Reddit sues Anthropic, North Face breached" released on June 6, 2025.