Cyber Security Headlines: Microsoft Entra Attack, Cloud Outages, Mark Green Retires

Hosted by CISO Series | Release Date: June 13, 2025

The latest episode of Cyber Security Headlines, presented by the CISO Series, delves into a range of pressing issues in the information security landscape. From sophisticated hacking campaigns targeting Microsoft Entra ID accounts to significant cloud service outages and notable shifts in governmental cybersecurity leadership, this episode provides a comprehensive overview for professionals and enthusiasts alike.

1. Microsoft Entra ID Accounts Under Siege

Timestamp: [00:07]

The episode opens with an alarming report on a widespread cyberattack targeting Microsoft Entra ID accounts. Steve Prentiss, the host, discusses findings from researchers at Proofpoint, who have identified a campaign leveraging the Team Filtration pen testing framework.

• Attack Details:

  • Threat Actor: UnksneakyStrike
  • Duration: December 2024 - March 2025
  • Scope: Targeted over 80 Microsoft Entra ID accounts across hundreds of organizations globally.
  • Methodology: Utilized AWS servers across multiple regions and exploited a sacrificial Office 365 account with a Business Basic license to abuse the Microsoft Teams API for account enumeration.

• Notable Quote:

  "Team Filtration is a legitimate pen testing tool first published in 2022 by trusted SEC Red Team researcher Melvin Langvick." – Steve Prentiss [00:14]

The use of legitimate tools like Team Filtration underscores the sophisticated tactics employed by threat actors to bypass security measures and maintain a low profile during their operations.

2. Significant Cloud Outages Impacting Major Services

Timestamp: [02:30]

The episode highlights recent outages affecting major cloud service providers, namely Google Cloud and Cloudflare. These disruptions had a cascading effect on a multitude of services, causing widespread inconvenience and security concerns.

• Affected Services:

  • Google Home & Nest
  • Snapchat, Discord, Shopify, Spotify
  • Access Authentication Failures
  • Cloudflare Zero Trust Warp Connectivity Issues

• Impact:

  • User Reports: DownDetector registered tens of thousands of outage reports.
  • Duration: Initiated around 1:15 PM Eastern Time and gradually resolved throughout the afternoon.

• Notable Quote:

  "DownDetector received tens of thousands of reports with impacted users experiencing Cloudflare and Google Cloud server connection, website and hosting problems." – Steve Prentiss [02:45]

The episode emphasizes the critical reliance on cloud services and the domino effect that such outages can have on both consumers and businesses.

3. Mark Green's Retirement: Implications for Cyber Legislation

Timestamp: [04:10]

A significant shift in the political landscape is reported with the retirement announcement of Mark Green, the Tennessee Republican and Chair of the House Homeland Security Committee.

• Key Points:

  • Retirement Reason: Transitioning to an unspecified role in the private sector post a final vote on the President's "big beautiful bill."
  • Legislative Impact: Green's departure could exert additional pressures on the future of cyber legislation.
  • Contributions: As committee head, Green was a staunch advocate for cyber workforce legislation and supported the reauthorization of the Cybersecurity Information Sharing Act of 2015, set to expire in September.

• Notable Quote:

  "As head of the committee, Green championed cyber workforce legislation as his top priority." – Steve Prentiss [04:25]

Green's leadership has been pivotal in shaping cyber policy, and his exit may lead to uncertainties in the advancement and implementation of critical cybersecurity measures.

4. Fog Ransomware: A Blend of Monitoring and Pen Testing Tools

Timestamp: [05:20]

The discussion shifts to a novel ransomware attack dubbed Fog, which has targeted financial institutions in Asia using a combination of legitimate software and penetration testing tools.

• Attack Vector:

  • Tools Used: Legitimate employee monitoring software Sciteca and the GC2 penetration testing tool.
  • Functionality of GC2: Enables attackers to execute commands on target machines via Google Sheets or Microsoft SharePoint lists and exfiltrate files using Google Drive or SharePoint documents.

• Security Insights:

  • James Maud from Beyond Trust highlights the tactic:

    "Threat actors typically use legitimate commercial software during attacks to reduce the chances that their intrusions are detected by security tools." – James Maud [06:15]

• Impact: This blend of tools makes the Fog ransomware particularly stealthy, complicating detection and mitigation efforts.

5. Emergency Windows Update Addresses Easy Anti Cheat BSOD Issues

Timestamp: [05:55]

Microsoft has responded swiftly to a critical issue affecting gamers and system stability by releasing an emergency out-of-band update for Windows 24H2.

• Issue Addressed:

  • Problem: Blue Screen of Death (BSOD) errors triggered on systems running EasyAntiCheat, a service integral to preventing online multiplayer game cheating.

• Update Details:

  • Nature: A revised version of the Windows 11 cumulative update initially released during the month's Patch Tuesday.

This proactive approach by Microsoft underscores the importance of timely patches in maintaining system integrity and user experience.

6. Graphite Spyware Exploits iOS Vulnerabilities in Zero-Click Attacks

Timestamp: [06:40]

A forensic investigation by Citizen Lab has unveiled the use of Paragon's Graphite Spyware in zero-click attacks targeting journalists' iPhones in Europe.

• Attack Mechanics:

  • Exploited Vulnerability: An unknown flaw in iOS 18.1.1 (CVE unspecified) allowed malicious media files shared via iCloud links to compromise devices.
  • Spyware Functionality: Graphite enables unauthorized access and surveillance, marking it as a sophisticated tool in Paragon's arsenal.

• Response:

  • Apple's Action: The vulnerability has been patched following notification to the victims on April 29.

• Notable Quote:

  "Apple notified the victims on April 29, identifying the spyware as advanced." – Steve Prentiss [06:55]

The exploitation of zero-day vulnerabilities in widely used platforms like iOS highlights the relentless efforts of threat actors to infiltrate high-profile targets.

7. Vulnerabilities in Sino Track GPS Devices Allow Remote Control and Tracking

Timestamp: [07:20]

The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about vulnerabilities in Sino Track GPS devices, which could have dire consequences for vehicle security and privacy.

• Vulnerabilities Identified:

  • CVE Scores: 8.3 and 8.6
  • Potential Exploits:
    • Accessing a vehicle's device profile
    • Tracking its location
    • Cutting power to the fuel pump

• Security Lapses:

  • Default Credentials: Sino Track devices utilize a universal default password and do not mandate password changes during setup.
  • Device ID Exposure: Usernames are easily obtainable from the device label, making unauthorized access straightforward.

• CISA's Recommendation:

  "CISA is urging users to change their default passwords and hide the device IDs." – Steve Prentiss [07:35]

Currently, there have been no public records of these vulnerabilities being exploited, but the potential risks necessitate immediate action from device owners.

8. Innovative Data Exfiltration via Smartwatches in Air-Gapped Systems

Timestamp: [07:45]

Introducing a novel threat vector, a researcher from Ben Gurion University of the Negev has developed a method named Smart Attack for exfiltrating data from air-gapped systems using smartwatches.

• Attack Process:

  • Technique: Utilizes the smartwatch's built-in microphone to capture ultrasonic signals ranging from 18 to 22 kHz.
  • Prerequisite: Requires prior infiltration to install malware that can transmit data via the infected machine's speakers at inaudible frequencies.

• Researcher Insight:

  "Smart Attack uses a smartwatch's built-in microphone to capture covert ultrasonic signals within range of 18 to 22kHz." – Mordechai Guri [07:50]

While the method is sophisticated, its practicality depends on specific environmental conditions and the initial breach, highlighting the evolving nature of cyber threats.

Conclusion

The episode of Cyber Security Headlines effectively underscores the dynamic and multifaceted challenges in today's cybersecurity environment. From sophisticated attacks leveraging legitimate tools to vulnerabilities in both software and hardware devices, the landscape requires constant vigilance and adaptive strategies. Additionally, the political shift with Mark Green's retirement adds another layer of complexity to the formulation and implementation of robust cyber legislation.

For listeners seeking in-depth analysis and updates on these topics, the CISO Series remains a valuable resource. Stay informed and proactive in your cybersecurity endeavors.

Note: This summary is crafted for individuals who have not listened to the podcast and aims to encapsulate all critical discussions and insights presented in the episode.