NASCAR announces breach, Plankey for CISA, 365 Admin outage - Cybersecurity Headlines

Summary6 min read

Cyber Security Headlines - Summary of July 28, 2025 Episode

Host: CISO Series

The July 28, 2025 episode of Cyber Security Headlines, hosted by Steve Prentiss from CISO Series, delves into several critical incidents and developments in the information security landscape. This summary captures the key topics discussed, including major data breaches, leadership changes in cybersecurity agencies, significant service outages, ransomware activities, vulnerabilities in widely used technologies, and noteworthy legal cases impacting the cybersecurity domain.

1. NASCAR Announces Data Breach Following March Cyberattack

Timestamp: [00:06]

Summary:
The National Association for Stock Car Racing (NASCAR) publicly disclosed a data breach resulting from a cyberattack that occurred in late March. The breach has led to the unauthorized access of Social Security numbers of NASCAR’s customers. While the exact number of affected individuals remains undisclosed, the incident prompted NASCAR to file reports with regulators in Maine, New Hampshire, and Massachusetts.

Details:

Ransom Demand: In April, the Meduza ransomware gang targeted NASCAR, adding them to its leak site and demanding a ransom of $4 million.
Meduza's Profile: Identified by the FBI and other U.S. agencies, Meduza ranks among the top 10 most prolific ransomware strains this year.

Notable Quote:

"Meduza is among the top 10 most prolific ransomware strains," stated Steve Prentiss at [00:06].

2. Sean Planky Poised to Lead CISA

Timestamp: [02:30]

Summary:
Sean Planky, the president's nominee to head the Cybersecurity and Infrastructure Security Agency (CISA), has garnered favorable feedback from the Senate committee reviewing his nomination. Planky, who has served as a senior adviser to DHS Secretary Kristi Noem overseeing the Coast Guard, has a robust background that includes roles on the National Security Council and the Department of Energy.

Key Points:

Funding Commitment: Planky has pledged to request additional funding from DHS Secretary Kristi Noem if he deems it necessary for CISA’s operations.
Legislative Support: Lawmakers have warmly received Planky’s nomination, recognizing his expertise and dedication.
Policy Focus: He supports the reauthorization of the Cybersecurity Information Sharing Act of 2015 and has emphasized prioritizing the removal of China from the U.S. supply chain.

Notable Quotes:

Planky stated, "I would prioritize evicting China from the US supply chain," at [02:45].

He also emphasized the importance of information sharing: "A U.S. federal law designed to improve cybersecurity by encouraging the sharing of cyber threat information between the private sector and the government and among private entities," as noted at [02:40].

3. Microsoft Investigates Microsoft 365 Admin Center Outage

Timestamp: [04:00]

Summary:
Microsoft is addressing a service degradation issue affecting the Microsoft 365 Admin Center, hindering administrators with business or enterprise subscriptions from accessing critical management functions. This marks the second occurrence within a week, highlighting ongoing stability challenges within Microsoft's administrative services.

Details:

Impact: Administrators may be unable to access service health information, complicating the monitoring and management of their organizations’ Microsoft 365 services.
Response: Microsoft is actively tracking and mitigating the problem on its official Service Health status page.

4. Allianz Life Confirms Data Breach

Timestamp: [05:20]

Summary:
Allianz Life, a U.S.-based provider of annuities and life insurance, confirmed a significant data breach on July 16, impacting the personal information of approximately 1.4 million customers. The breach was executed through a compromised third-party cloud-based Customer Relationship Management (CRM) system.

Key Points:

Data Compromised: Personal Identifiable Information (PII) of Allianz Life customers, financial professionals, and select employees was accessed.
Attribution: Bleeping Computer attributes the attack to the Shiny Hunters extortion group, known for their sophisticated breach tactics.

5. Black Suit Ransomware Gang Escapes Law Enforcement Crackdown

Timestamp: [06:30]

Summary:
Black Suit, a ransomware gang believed to be a rebranding of Royal Ransomware (itself an offspring of the Conti gang), has recently updated its website with the logos of 17 law enforcement agencies and cybersecurity firm Bitdefender. This update follows Operation Checkmate—a coordinated effort by U.S. Homeland Security and partners to disable the gang's online presence.

Details:

Impact of Operation Checkmate: The action has temporarily halted Black Suit’s activities, impeding their exploitation of phishing techniques, Remote Desktop Protocol (RDP) vulnerabilities, and VPN credential harvesting from stealer logs.
Gang's Modus Operandi: Black Suit specializes in exploiting public-facing applications through access data from brokers and stealing VPN credentials to facilitate their ransomware deployments.

6. Unpatched Vulnerability in LG Surveillance Cameras

Timestamp: [07:15]

Summary:
The Cybersecurity and Infrastructure Security Agency (CISA) has issued warnings about a critical, unpatched authentication bypass vulnerability in specific LG Innotech surveillance camera models. This vulnerability allows for unauthenticated remote code execution, enabling attackers to take over devices and potentially pivot within networks.

Key Points:

Affected Devices: Approximately 1,300 LG surveillance cameras are vulnerable.
Manufacturer's Stance: LG Innotech is aware of the issue but has decided not to patch the affected end-of-life product models.
Security Implications: The vulnerability poses a significant threat to critical infrastructure, as these cameras are often deployed in facilities vital to public safety and national operations.

Notable Quote:

"This is a critical infrastructure threat which is not just simply a risk to isolated devices, but potentially endangered facilities that are vital to public safety and national operations," highlighted at [07:15].

7. Microsoft Faces Challenges with Data Sovereignty in the EU

Timestamp: [07:45]

Summary:
During a session in the French Senate, executives from Microsoft France admitted that the company cannot fully guarantee data sovereignty for its European customers due to the implications of the U.S. Cloud Act. This act grants the U.S. government authority to access digital data held by U.S.-based tech companies, regardless of where the data is stored globally.

Key Points:

Cloud Act Implications: The law compels companies like Microsoft, Google, and AWS to comply with U.S. warrants or subpoenas for data access, affecting data stored outside the United States.
Litigation and Compliance: The enforceability of the Cloud Act's provisions within the EU is expected to lead to extensive litigation, especially as the act is applicable to all electronic communications and remote computing service providers doing business in the U.S.

Notable Quote:

A Microsoft France executive stated, "We cannot guarantee data sovereignty to customers in France," at [07:50].

8. Arizona Woman Sentenced for Facilitating North Korean Cyber Infiltration

Timestamp: [08:00]

Summary:
Christina Marie Chapman, a 50-year-old Arizona resident, has been sentenced to 102 months in prison for her role in a scheme that allowed North Korean IT workers to infiltrate 309 U.S. companies. Chapman was charged alongside Oleksandr Didenko, a Ukrainian citizen who operated the online platform "Upwork Cell," which the Department of Justice has seized.

Key Points:

Modus Operandi: The scheme involved assisting North Korean operatives in using false identities to secure remote IT positions, thereby facilitating their access to U.S. corporate environments.
Legal Outcome: Both Chapman and Didenko faced charges for their involvement in compromising the cybersecurity of numerous U.S. businesses.

Additional Information

Super Cyber Friday Discussion:
Listeners are encouraged to participate in the upcoming Super Cyber Friday discussion focusing on "Hacking the Talent Myth." The session will explore topics such as the alleged talent shortage in cybersecurity, the relationship between security teams and HR, and current hiring trends in the industry. The event is scheduled for 1 PM Eastern Time.

Listener Engagement:
The podcast invites listeners to share their thoughts on today's news or feedback about the show by contacting feedback@cisoseries.com.

Conclusion:
This episode of Cyber Security Headlines covered a broad spectrum of pressing security issues, from high-profile data breaches and ransomware threats to significant policy discussions and legal actions impacting the cybersecurity field. The insights provided by Steve Prentiss offer valuable information for professionals and enthusiasts seeking to stay informed about the evolving landscape of information security.

For complete stories and additional details, visit CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Monday, July 28, 2025. I'm Steve Prentiss. NASCAR Announces Data Breach Following March Cyberattack, the national association for stock car racing, better known to the world as nascar, has now warned customers of a data breach caused by a cyber attack in late March. The company filed with regulators in Maine, New Hampshire and Massachusetts and has said that Social Security numbers were accessed but has not stated how many people were affected. Back in April, the Meduza ransomware gang added the company to its leak site and demanded a $4 million ransom. Meduza has been identified by the FBI and other US agencies as among the top 10 most prolific ransomware strains. This year, Planky Appears to Be On Track to Lead CISA Sean Planky, who is the president's nominee to run cisa, received a largely warm reception from lawmakers on the Senate committee charged with advancing his nomination. Planki has pledged to ask DHS Secretary Kristi Noem for more funding if he determines a larger budget is needed for the agency. Planke has most recently acted as Noem's senior adviser overseeing the Coast Guard and has also served on the National Security Council and with the Department of Energy. He is a supporter of the reauthorization of the Cybersecurity Information sharing Act of 2015, which is, quote, a U.S. federal law designed to improve cybersecurity by encouraging the sharing of cyber threat information between the private sector and the government and among private entities, end quote. Blanke also stated that he would, quote, prioritize evicting China from the US supply chain, end quote. Microsoft investigates another outage affecting 365 admin center Microsoft is keeping tabs on an outage that blocked Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. This is being described as a service degradation issue and is tracking the problem on its official Service Health status page. Because Microsoft 365 administrators may be unable to access the admin center to get service health information, this is the second time in a week that the company has had to mitigate an issue with the Microsoft 365 admin center insurer Allianz Life confirms data breach, the US based provider of annuities and life insurance. Allianz Life, that is a L L I A N Z is a subsidiary of Allianz se, a global financial services group headquartered in Germany. It is now confirmed that the personal information for the majority of its 1.4 million US customers was exposed in a data breach that occurred on July 16. The breach is being attributed to a malicious threat actor who gained access to a third party cloud based CRM system used by Allianz Life Insurance Company of North America. A spokesperson stated that the threat actor was able to obtain PII related to the majority of Alliance Life customers, financial professionals and select Alliance Life employees using a engineering technique Bleeping Computer believes that this attack is the work of the Shiny Hunters extortion group. Today's sponsor is Dropzone AI, the leader in AI powered SOC automation. Major companies like Zapier and UiPath are using DropZone to give their security teams superpowers. Imagine your analysts focusing on real threats while AI handles every routine investigation in minutes, not hours. If you're heading to Black Hat, stop by their booth in Startup City, but you don't have to wait. Check out their self guided demo at dropzone AI and see why fortune 500s are making the switch that is drop zone AI black suit website goes Dark Black Suit, a ransomware gang that is believed to be a rebrand of Royal Ransomware, itself a product of the Conti gang, now has some new bling on its website the logos of 17 law enforcement agencies plus cybersecurity firm Bitdefender who worked with U.S. homeland Security to disable the site in a campaign branded Operation Checkmate. This action has for the moment halted or at least frustrated the dealings of the group, which is known for exploiting phishing Remote Desktop Protocol vulnerabilities in public facing applications, using access data from access brokers and harvesting VPN credentials from stealer logs. Unpatched flaw in LG surveillance cameras allows admin access CISA is warning of an unpatched authentication bypass vulnerability in a specific model of security camera, the type often mounted on ceilings in commercial buildings. The model number and CVE number of the vulnerability are listed in this episode's show. Notes. Approximately 1,300 cameras are active and vulnerable to full unauthenticated remote code execution, allowing remote takeover and network pivoting. As CISA points out, this is a critical infrastructure threat which is not just simply a risk to isolated devices, but potentially endangered facilities that are vital to public safety and national operations. The manufacturer LG Innotech is aware of the vulnerability but will not patch it because this particular camera model is is an end of life product Microsoft cannot guarantee Data Sovereignty Speaking under oath in the French Senate, executives from Microsoft France said their company cannot guarantee data sovereignty to customers in France and by extension to the wider European Union. Due to the Cloud Act, a US Law that gives the US Government authority to obtain digital data held by US Based tech corporations, irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies via warrant or subpoena to accept the request. The issue of access to data and the enforceability of provisions of the Cloud act will require a great deal of litigation, especially considering the fact that aws, who supported the bill along with Microsoft and Google, has stated that the Cloud act does not only apply to US Headquartered companies, it is applicable to all electronic communications service or remote computing service providers that do business stateside. End Quote Arizona woman who helped place North Korean workers is sentenced following up on a story we brought you in late May, Christina Marie Chapman, a 50 year old woman from Arizona, has now been sentenced to 102 months in prison after pleading guilty for her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 US companies. She was charged along with her co conspirator, a Ukrainian citizen, Oleksandr Didenko. Didenko also ran an online platform known as upwork Cell, which was seized by the Department of Justice that assisted North Koreans in using false identities while hunting for remote IT work positions. Remember to register for this week's Super Cyber Friday discussion all about hacking the talent myth. We'll be talking about whether we're seeing a talent shortage, a disconnect between security teams and hr, and where the industry is today when it comes to hiring. This all starts at 1pm Eastern time, and if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[08:10]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories. Behind the headlines.

Cyber Security Headlines - Summary of July 28, 2025 Episode

Host: CISO Series

1. NASCAR Announces Data Breach Following March Cyberattack

Timestamp: [00:06]

Details:

Ransom Demand: In April, the Meduza ransomware gang targeted NASCAR, adding them to its leak site and demanding a ransom of $4 million.
Meduza's Profile: Identified by the FBI and other U.S. agencies, Meduza ranks among the top 10 most prolific ransomware strains this year.

Notable Quote:

"Meduza is among the top 10 most prolific ransomware strains," stated Steve Prentiss at [00:06].

2. Sean Planky Poised to Lead CISA

Timestamp: [02:30]

Key Points:

Funding Commitment: Planky has pledged to request additional funding from DHS Secretary Kristi Noem if he deems it necessary for CISA’s operations.
Legislative Support: Lawmakers have warmly received Planky’s nomination, recognizing his expertise and dedication.
Policy Focus: He supports the reauthorization of the Cybersecurity Information Sharing Act of 2015 and has emphasized prioritizing the removal of China from the U.S. supply chain.

Notable Quotes:

Planky stated, "I would prioritize evicting China from the US supply chain," at [02:45].

He also emphasized the importance of information sharing: "A U.S. federal law designed to improve cybersecurity by encouraging the sharing of cyber threat information between the private sector and the government and among private entities," as noted at [02:40].

3. Microsoft Investigates Microsoft 365 Admin Center Outage

Timestamp: [04:00]

Details:

Impact: Administrators may be unable to access service health information, complicating the monitoring and management of their organizations’ Microsoft 365 services.
Response: Microsoft is actively tracking and mitigating the problem on its official Service Health status page.

4. Allianz Life Confirms Data Breach

Timestamp: [05:20]

Key Points:

Data Compromised: Personal Identifiable Information (PII) of Allianz Life customers, financial professionals, and select employees was accessed.
Attribution: Bleeping Computer attributes the attack to the Shiny Hunters extortion group, known for their sophisticated breach tactics.

5. Black Suit Ransomware Gang Escapes Law Enforcement Crackdown

Timestamp: [06:30]

Details:

Impact of Operation Checkmate: The action has temporarily halted Black Suit’s activities, impeding their exploitation of phishing techniques, Remote Desktop Protocol (RDP) vulnerabilities, and VPN credential harvesting from stealer logs.
Gang's Modus Operandi: Black Suit specializes in exploiting public-facing applications through access data from brokers and stealing VPN credentials to facilitate their ransomware deployments.

6. Unpatched Vulnerability in LG Surveillance Cameras

Timestamp: [07:15]

Key Points:

Affected Devices: Approximately 1,300 LG surveillance cameras are vulnerable.
Manufacturer's Stance: LG Innotech is aware of the issue but has decided not to patch the affected end-of-life product models.
Security Implications: The vulnerability poses a significant threat to critical infrastructure, as these cameras are often deployed in facilities vital to public safety and national operations.

Notable Quote:

"This is a critical infrastructure threat which is not just simply a risk to isolated devices, but potentially endangered facilities that are vital to public safety and national operations," highlighted at [07:15].

7. Microsoft Faces Challenges with Data Sovereignty in the EU

Timestamp: [07:45]

Key Points:

Cloud Act Implications: The law compels companies like Microsoft, Google, and AWS to comply with U.S. warrants or subpoenas for data access, affecting data stored outside the United States.
Litigation and Compliance: The enforceability of the Cloud Act's provisions within the EU is expected to lead to extensive litigation, especially as the act is applicable to all electronic communications and remote computing service providers doing business in the U.S.

Notable Quote:

A Microsoft France executive stated, "We cannot guarantee data sovereignty to customers in France," at [07:50].

8. Arizona Woman Sentenced for Facilitating North Korean Cyber Infiltration

Timestamp: [08:00]

Key Points:

Modus Operandi: The scheme involved assisting North Korean operatives in using false identities to secure remote IT positions, thereby facilitating their access to U.S. corporate environments.
Legal Outcome: Both Chapman and Didenko faced charges for their involvement in compromising the cybersecurity of numerous U.S. businesses.

Additional Information

Listener Engagement:
The podcast invites listeners to share their thoughts on today's news or feedback about the show by contacting feedback@cisoseries.com.

For complete stories and additional details, visit CISOseries.com.