Summary6 min read

Cyber Security Headlines – August 12, 2025

Hosted by Lauren Verno, CISO Series

North Korean Crypto Theft

Timestamp: [00:00]

Lauren Verno opens the episode by highlighting a significant cyber theft orchestrated by North Korean operatives. Three IT specialists, allegedly working for the North Korean government, managed to steal approximately US$1 million in cryptocurrency from a New York-based company. The criminals exploited a vulnerability in the company's wallet system, utilizing a fake Malaysian ID to secure their positions within the company.

"Now the criminals used a fake Malaysian ID to get hired and they laundered the stolen tether tokens through multiple blockchains over three months." – Lauren Verno [00:00]

The stolen tether tokens were laundered across various blockchains over a period of three months. The FBI seized the illicit funds in July, and the Department of Justice is currently working to return the money to the affected company. In response to such operations, the Rewards for Justice program is offering a US$5 million reward for information that can disrupt similar North Korean activities.

Microsoft Rolls Out PC Backup Solution During Attacks

Timestamp: [02:30]

Microsoft has introduced a new service called Windows 365 Reserve, which is currently in a limited public preview. This service is designed to provide employees with temporary access to cloud PCs in the event their primary devices fail or are compromised by a cyber attack.

"Now you get up to 10 days per year of access with pre-configured desktops that come ready with your company's apps and security policies." – Lauren Verno [02:30]

Key features of Windows 365 Reserve include:

Temporary Access: Employees can access their work environment for up to 10 days per year.
Pre-configured Desktops: These cloud PCs come pre-installed with necessary company applications and adhere to security policies.
Accessibility: Users can log in from any device using a browser or the Windows app, ensuring continuity in work operations while resolving device issues.

The preview phase is currently invite-only, but Microsoft plans to expand access once the service gains traction.

US Charges Four Individuals in $100 Million Global Fraud Scheme

Timestamp: [04:15]

Four high-ranking members of a Ghana-based criminal organization have been charged by US authorities for their involvement in a massive fraud scheme amounting to over US$100 million. The operation involved a combination of romance scams and business email compromise (BEC) attacks.

"Prosecutors say the group, which operated between 2016 and 2023, tricked businesses into wiring funds using spoofed email accounts and forged authorization letters while also targeting individuals in online romance scams." – Lauren Verno [04:15]

The perpetrators used spoofed email accounts and forged authorization letters to deceive businesses into transferring funds. Simultaneously, they engaged individuals through online romance scams to extract personal and financial information. Of the four charged, one suspect remains at large, while the others face potential decades-long prison sentences.

Wikipedia Loses UK Legal Challenge

Timestamp: [06:00]

In a recent legal battle, Wikipedia's operator lost its challenge against the UK's Online Safety Act. The legislation could compel Wikipedia to verify users if the platform is classified as a Category 1 platform.

"The Wikimedia foundation warned that such rules would threaten volunteer privacy, expose contributors to risks like data breaches, and hurt Wikipedia's ability to operate freely." – Lauren Verno [06:00]

While the court dismissed the challenge, it left the door open for future reviews based on Wikipedia's classification. Importantly, this ruling only affects operations within the UK and does not directly impact Wikipedia's policies or functionality in other regions, including the United States.

Conex Credit Union Hack Exposes 172,000 Individuals

Timestamp: [07:45]

Conex Credit Union, one of Connecticut's largest credit unions, reported a cybersecurity breach that occurred in early June. The attack compromised the personal and financial data of 172,000 members.

"The breach lasted just a day but may have exposed names, account numbers, debit card details, Social Security numbers, and even government IDs." – Lauren Verno [07:45]

Fortunately, there is no evidence that any accounts or funds were accessed or stolen. Nonetheless, Conex Credit Union is advising its members to remain vigilant against potential scam calls and texts from individuals impersonating employees.

Known Exchange Flaw Leaves Thousands Exposed

Timestamp: [09:20]

A critical vulnerability in Microsoft Exchange Server remains unpatched for over 29,000 servers, including more than 7,200 within the United States. This high severity flaw allows attackers to escalate privileges within connected Exchange online environments.

"CISA has ordered federal agencies to patch or discontinue vulnerable servers by Monday, warning the bug could lead to total domain compromise." – Lauren Verno [09:20]

The vulnerability affects Exchange Server versions 2016, 2019, and the subscription-based edition in hybrid setups. Although Microsoft disclosed the flaw and released a hotfix in April, many organizations have yet to implement the necessary patches. The Cybersecurity and Infrastructure Security Agency (CISA) has mandated that all federal agencies address the vulnerability by the upcoming Monday to prevent potential domain-wide compromises.

Ransomware Gang Hiring Penetration Testers

Timestamp: [11:10]

In an alarming development, the Medusa Locker ransomware gang is reportedly recruiting penetration testers on its Tor leak site. Unlike legitimate security professionals who work to identify and fix vulnerabilities, these hired individuals will be used to maximize ransom payouts.

"I don't mean that seriously, but the Medusa Locker ransomware gang is openly recruiting new penetration testers on its Tor leak site." – Lauren Verno [11:10]

The group is seeking candidates with skills in targeting ESXi, Windows, and ARM systems, particularly those with direct access to corporate networks. These "pen testers" will be tasked with mapping and exploiting vulnerabilities, furthering the gang's cybercriminal activities rather than enhancing security defenses.

Google Pays Out Biggest Chrome Bug Bounty Yet

Timestamp: [13:05]

Google has awarded its largest bug bounty to date, granting US$250,000 to a researcher known as Mickey. Mickey discovered a high severity vulnerability in Google Chrome that allows attackers to escape the browser sandbox and execute system commands.

"He discovered a high severity Chrome vulnerability that lets attackers escape the browser sandbox and execute system commands." – Lauren Verno [13:05]

The vulnerability was identified in Chrome's Mojo Inter-Process Communication (IPC) system and was promptly patched in May. Google praised Mickey for both the complexity of the flaw and the quality of the exploit demonstration, highlighting the importance of ethical hacking in strengthening cybersecurity measures.

The Role of Human Verification in Large Language Models

Timestamp: [14:50]

Lauren Verno concludes the episode by addressing the burgeoning reliance on Large Language Models (LLMs) in various organizations. While LLMs offer impressive capabilities, they are not infallible. Instances have emerged where organizations depended solely on LLM outputs without sufficient human review, leading to outcomes ranging from the amusing to the catastrophic.

"So how do we build in human in the loop verification when the scale of LLM output can be so daunting?" – Lauren Verno [14:50]

This week's episode of the CISO Series podcast delves deeper into this topic, exploring strategies to integrate human oversight into processes heavily reliant on artificial intelligence to mitigate risks and enhance accuracy.

Conclusion

Lauren Verno wraps up by encouraging listeners to engage with the content and share their thoughts.

"If you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you." – Lauren Verno [16:20]

Cybersecurity headlines are available every weekday, with detailed stories available on cisoseries.com. Stay informed and secure by following the latest developments in the world of information security.

This summary encapsulates the key points discussed in the August 12, 2025, episode of Cyber Security Headlines by CISO Series, hosted by Lauren Verno. For more detailed information, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Lauren Verno
From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Tuesday, August 12, 2025. I'm Lauren Verno. North Korean crypto theft three IT specialists secretly working for North Korea allegedly stole around US$1 million in cryptocurrency from a New York company by exploiting a vulnerability in its wallet system. Now the criminals used a fake Malaysian ID to get hired and they laundered the stolen tether tokens through multiple blockchains over three months. Now the FBI seized the funds in July and is holding them while the Department of Justice seeks to return the money to the company. The Rewards for Justice program is offering US$5 million for information disrupting similar North Korean operations. Microsoft Rolls out PC backup during attck Microsoft just opened a limited public preview for Windows 365 Reserve, a new service that gives employees temporary access to cloud PCs when their main devices fail or get hit by a cyber attack. Now you get up to 10 days per year of access with pre configured desktops that come ready with your company's apps and security policies. Now the preview is invite only for now, but once you're in, users can log in from any device through a browser or Windows app, keeping work flowing while it sorts out the problem. US charges 4 in 100 million global fraud scheme 4 high ranking members of a Ghana based criminal organization have been charged in connection with a massive fraud scheme that stole more than 100 million USD through romance scams and business email compromise attacks. Prosecutors say the group, which operated between 2016 and 2023, tricked businesses into wiring funds to using spoofed email accounts and forged authorization letters while also targeting individuals in online romance scams. One suspect remains at large while the others face decades in prison. Wikipedia loses UK legal challenge Wikipedia's operator lost its legal challenge against the UK's Online Safety act, which could force the site to verify users if classified as a Category 1 platform. Now the Wikimedia foundation warned that such rules would threaten volunteer privacy, expose contributors to risks like data breaches, and hurt Wikipedia's ability to operate freely. Now the court dismissed the challenge, but left the door open for review once Wikipedia's category is decided on. It's also important to note this ruling only applies in the UK and doesn't directly affect Wikipedia operations or policies in other countries, including the us. A huge thanks to our episode sponsor Vanta. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs. We rely on point in time checks, but more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that's V A N T A dot com headlines Credit union hack exposes 172,000 Conex Credit Union, one of the largest in Connecticut, says hackers got into its systems in early June and access personal and financial data for 172,000 people. The breach lasted just a day but may have exposed names, account numbers, debit card details, Social Security numbers and even government IDs. Now, while there's no sign anyone's accounts or funds were touched, Conex is warning members to watch out for scam calls and texts from people pretending to be employees. Known Exchange flaw leaves thousands still exposed more than 29,000 Microsoft Exchange servers remain unpatched against a high severity flaw we first reported last week that lets attackers escalate privileges in connected Exchange online environments. Now the vulnerability, which affects Exchange Server 2016, 2019 and the subscription based edition in hybrid setups, was disclosed in April alongside a Microsoft hotfix. But scans show thousands are still exposed, over 7,200 in the US alone. CISA has ordered federal agencies to patch or discontinue vulnerable servers by Monday, warning the bug could lead to total domain compromise. Pen testers wanted Ransomware gang hiring if you know a pen tester looking to trade in their white hat, the bad guys are hiring. And for legal purposes, I don't mean that seriously, but the Medusa Locker ransomware gang is openly recruiting new penetration testers on its Tor leak site. The group, which runs as a ransomware as a service operation, wants candidates skilled in targeting ESXi, Windows and ARM systems with direct access to corporate networks preferred. Like legitimate pen testers, these hires will map and exploit vulnerabilities, but for the purpose of maximizing ransom payouts, not fixing security gaps. Google pays out biggest Chrome bug bounty yet A researcher known as Mickey has brought home Google's biggest payout to date, earning 250,000 USD, more than double the second largest reward. Now he discovered a high severity Chrome vulnerability that lets attackers escape the browser sandbox and execute system commands. The flaw found in Chrome's Mojo Inter process communication system was patched in May and praised by Google for its complexity and the quality of the exploit demonstration. Large language models can do a lot of things, but they are hardly infallible. We continue to see stories emerge of organizations relying on the output of LLMs without any human review, resulting in consequences ranging from humorous to disastrous. So how do we build in human in the loop verification when the scale of LLM output can be so daunting? That's one of the segments we're digging into on on this week's episode of the CISO Series podcast. Look for the episode impressive. Our AI is approaching 1.9of accuracy wherever you get your podcast. And if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Lauren Verno reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.