← Cybersecurity Headlines
Cybersecurity Headlines
Legacy Windows protocols expose theft, Fortra admits GoAnywhere defect, Taiwan claims surge in Chinese attacks
00:07:43
Loading summary
Transcript3 lines
- [00:00]
A
From the CISO series. It's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Wednesday, October 15, 2025. I am Sara Lane Legacy Windows protocols still expose theft A Re Security study warns that Legacy Windows protocols LOMNR and netbios Name Service still expose networks to credential theft even without software exploits. Attackers on that same local network can then capture usernames and password hashes using tools like Responder. Once obtained, credentials can be cracked or reused in relay attacks to access corporate systems and escalate privileges. Researchers encourage disabling LLMNR and NBTNs, block UDP port 5355, enforce SMB signing and use Kerberos authentication. Portra admits exploitation of Go Anywhere defect Portra confirmed that a critical vulnerability in its Go Anywhere MFT file transfer software has been actively exploited. This is weeks after researchers and CISA independently verified attacks. Researchers from Watchtower, Rapid7 and Vulnchek say that the exploit's success raises questions about how attackers accessed a private key believed to be held only by Fortra. SISA says the flaw has been used in ransomware campaigns linked to Microsoft Track Group Storm 1175 Taiwan claims surge in Chinese attack efforts Taiwan's National Security Bureau says that China has intensified cyber attacks and disinformation campaigns ahead of Taiwan's 2026 local elections. Government networks reportedly face 2.8 million intrusion attempts daily this year. That is up 17% from 2024. The bureau identified more than 10,000 fake social media accounts spreading 1.5 million pieces of pro China or anti government content, including AI generated memes and videos. Officials describe the effort as a coordinated state level campaign involving China's PLA and and intelligence agencies. Pic snapping can steal everything on an Android screen. Researchers from UC Berkeley, UC San Diego, the University of Washington and Carnegie Mellon uncovered an Android exploit known as pic snapping that can steal anything displayed on a user screen, including two FA codes without special app permissions. The side channel attack abuses Android's rendering APIs and GPU compression to capture pixels from apps like Google Authenticator, Signal and Gmail. Google promises a full fix in December. Huge thanks to our sponsor Vanta. What is your 2am Security worry? Is it do I have the right controls in place or are my vendors secure? Or the really scary one? How do I get out from under these old tools and manual processes? Enter Vanta. Vanta automates manual work so you can stop sweating over spreadsheets, chasing audit evidence and filling out endless questionnaires. Vanta's trust management platform continuously monitors your systems, centralizes your data and simplifies your security at scale. Vanta also fits right into your workflows, using AI to streamline evidence collection, flag risks, and keep your program audit ready all the time. With Vanta, you get everything you need to move faster, scale confidently and get back to sleep. Get started at vanta.com headlines Qantas confirms released Customer Data the airline Qantas confirmed that published data stolen in a July attack that exposed information on around 5.7 million customers through that third party platform linked to Salesforce. The Scattered Lapses Hunters group leaked the data after Salesforce refused to pay ransom. Exposed details include names, emails, frequent flyer numbers and in some cases, addresses, phone numbers or birth dates, though no credit cards or passports appear to be compromised. Qantas obtained a court order restricting access to the leaked data and warning customers of rising phishing scams impersonating the airline. TA585 emerges with advanced attack infrastructure, researchers from Proofpoint reported. TA585, a cybercriminal group distributing Monster V2, a rat stealer loader that snatches credentials, crypto wallets and browser data and allows remote access, webcam capture and payload delivery. TA585 uses phishing campaigns, mimicking the IRS, the small business Administration and GitHub, exploiting the click fix method via compromised sites with fake captchas. Asahi breach continues Personal data feared exposed Japanese brewer Asahi confirmed that personal data may have been exposed. And in a September ransomware attack by the Qilin Gang, which disrupted ordering, shipping and call center systems, around 27 gigabytes of files, including employee records and contracts, were allegedly stolen with samples showing ID cards and other personal documents. The incident delayed shipments and forced manual order processing. Asahi also postponed its Q3 financial results. Harvard update 1.3 terabytes of data leaked Harvard University has confirmed it was targeted by the CLOP Ransomware Oracle E Business Suite campaign, with the group claiming to have leaked 1.3 terabytes of data, though Harvard says only an administrative unit appears to be affected. Attackers exploited a July patched EBS flawless stealing financial, HR and operational data. Oracle issued an emergency patch to fix the vulnerability. If you haven't checked out security youy should know you are missing out. It's a tight 15 minute podcast giving you the answers to all the questions you want to know when learning about a new vendor. This week's episode is a dive into Safebase and their Trust center platform. Look for it wherever you get your podcasts and if you have thoughts on the news from today or about our show in general. Be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Sarah Lane, reporting for the CISO series. This was fun. Stay classy. Planet Earth.
- [07:27]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.