NFC fraud reappears, Canada government breach, Zoom's critical flaw

Cyber Security Headlines: Detailed Summary of August 15, 2025 Episode

Hosted by CISO Series, "Cyber Security Headlines" delivers daily updates on the latest developments in information security. In the August 15, 2025 episode, host Steve Prentiss delves into a range of critical cybersecurity issues, offering insights and expert analysis on emerging threats and significant breaches.

1. Resurgence of NFC Fraud in the Banking Sector

Timestamp: [00:06] - [02:30]

Steve Prentiss opens the episode by discussing a novel threat targeting the banking industry: NFC (Near Field Communication) relay fraud. Researchers at ThreatFabric have identified a new Android Trojan named PhantomCar, which leverages NFC technology to execute relay attacks facilitating fraudulent transactions.

• Key Details:
  • Origin: The malware is believed to be a service of Chinese origin.
  • Operation: PhantomCar relays NFC data from a victim's banking card to the fraudster's device, enabling unauthorized transactions.
  • Distribution: The Trojan is disseminated through counterfeit Google Play web pages, utilizing deceptive positive reviews to trick users into installing the malicious app.
  • Current Impact: These attacks are predominantly occurring in Brazil, posing a significant threat to banking customers in the region.

Notable Quote:

"A new wave of NFC relay fraud... targets banking customers by relaying NFC data from victims' cards to fraudsters" — Steve Prentiss [00:15]

2. Cyber Attack on Canada's House of Commons

Timestamp: [02:31] - [03:45]

Prentiss reports a significant breach affecting Canada's House of Commons, drawing parallels to the US Congress in terms of mission and function. The attack, disclosed by CBC News, exploited a recent Microsoft vulnerability to gain unauthorized access to sensitive databases.

• Impact of the Breach:
  • Data Compromised: Information used to manage computers and mobile devices, including employees' names, job titles, office locations, and email addresses.
  • Timeline: The breach occurred last Friday, with staff alerted on Monday.
  • Current Status: No specific threat actor has been identified, and the exact cause remains under investigation.

Notable Quote:

"A malicious actor was able to exploit a recent Microsoft vulnerability to gain unauthorized access" — Steve Prentiss [02:50]

3. Critical Flaw in Zoom’s Windows Client Addressed

Timestamp: [03:46] - [04:30]

The episode highlights a critical security flaw in Zoom’s Windows client, which could allow for privilege escalation. The vulnerability, assigned a CVE number and a CVSS score of 9.6, is due to an untrusted search path issue.

• Affected Systems: Specific Zoom clients for Windows are vulnerable.
• Threat: An unauthenticated user with network access could exploit this flaw to gain elevated privileges.
• Resolution: Zoom has released an advisory detailing the vulnerability and the products affected. Listeners are directed to the show notes for more information.

Notable Quote:

"An unauthenticated user may conduct an escalation of privilege via network access" — Steve Prentiss [04:05]

4. Microsoft Resolves WSUS Update Delivery Issue

Timestamp: [04:31] - [05:15]

Prentiss updates listeners on Microsoft’s resolution of an issue affecting the delivery of the August 2025 Windows 1124H2 cumulative update via Windows Server Update Services (WSUS).

• Background:
  • WSUS: A two-decade-old tool enabling IT administrators to manage and schedule updates for Microsoft products within enterprise environments.
  • Issue: Administrators reported error messages preventing the installation of the August cumulative update.
• Resolution: Microsoft has addressed the problem, ensuring that WSUS can successfully deliver the update.

Notable Quote:

"Microsoft fixed the issue after learning of widespread reports from Windows admins regarding error messages received while installing the update" — Steve Prentiss [04:50]

5. Italian Hotel Guests Targeted in Cyber Heist

Timestamp: [05:16] - [06:10]

The episode covers a alarming cyber heist targeting Italian hotel guests, as warned by the Italian government. The breach involves the theft and illegal online sale of personal identity documents belonging to tens of thousands of hotel guests.

• Details of the Attack:
  • Perpetrators: A cybercriminal gang operating under the handle "mydocs".
  • Data Compromised: High-resolution scans of passports and other official IDs from 10 different Italian hotels.
  • Scale: Over 90,000 documents are being offered for sale online.

Notable Quote:

"Identity documents belonging to tens of thousands of people... are being illegally sold online" — Steve Prentiss [05:30]

6. Legal Action Against Zelle Creator Over Massive Thefts

Timestamp: [06:11] - [06:50]

Prentiss reports that the New York Attorney General, Letitia James, has filed a lawsuit against Early Warning Services, the creator of the Zelle electronic payment platform. The lawsuit alleges that Zelle facilitated over $1 billion in thefts from users between 2017 and 2023.

• Allegations:
  • Knowledge of Abuse: Early Warning Services reportedly knew from the outset that scammers were exploiting the platform.
  • Lack of Safeguards: The company failed to implement basic protections to prevent fraudulent activities, thereby enabling significant financial losses for users.

Notable Quote:

"The company knew from the beginning that scammers were abusing the platform, but did not adopt basic safeguards to protect users" — Steve Prentiss [06:25]

7. Expansion of Cobalt Strike to Linux and macOS

Timestamp: [06:51] - [07:10]

The podcast highlights how hackers are extending the reach of Cobalt Strike, a popular command and control framework, to other operating systems beyond Windows.

• New Framework: crossC2 has been developed to adapt Cobalt Strike for Linux and macOS platforms.
• Activity Timeline: These incidents were detected between September and December 2024.
• Targets: Multiple countries have been affected, indicating a broad and expanding threat landscape.

Notable Quote:

"Hackers expand Cobalt Strike reach to Linux and macOS" — Steve Prentiss [07:00]

8. Booking.com and Intuit Face Sophisticated Phishing Scams

Timestamp: [07:11] - [07:45]

Prentiss discusses recent phishing attacks targeting booking.com and Intuit, utilizing sophisticated homograph scams that manipulate URLs to deceive users.

• Booking.com Scam:

  • Method: Replacement of a character in the URL with a similar-looking Japanese hiragana character.
  • Tactic: Phishing emails claim to follow up on service complaints, enticing users to click malicious links.

• Intuit Scam:

  • Method: Substitution of the capital letter "I" with a lowercase "l" in the company's name within the URL.
  • Impact: Aimed at tricking users into revealing sensitive information under the guise of legitimate communication.

Notable Quote:

"This time it is a Japanese hiragana character that looks like a forward slash and a little tilde together" — Steve Prentiss [07:20]

Conclusion

Steve Prentiss wraps up the episode by directing listeners to additional resources and promoting community engagement through the CISO Series’ online platforms. He emphasizes the importance of staying informed and vigilant in the ever-evolving landscape of cybersecurity threats.

Final Quote:

"Cybersecurity headlines are available every weekday. Head to CISOsseries.com for the full stories. Behind the headlines." — Steve Prentiss [07:52]

This comprehensive overview encapsulates the critical issues discussed in the August 15, 2025 episode of "Cyber Security Headlines." From emerging NFC fraud tactics to significant breaches and sophisticated phishing schemes, the episode underscores the dynamic challenges facing the cybersecurity landscape today.