Outlook outage continues, Iranian APT activity, Russian ransomware arrest

Fri Jul 11 2025

Summary

Cyber Security Headlines - Episode Summary
Host: CISO Series (Steve Prentiss)
Release Date: July 11, 2025
Episode Title: Outlook Outage Continues, Iranian APT Activity, Russian Ransomware Arrest

1. Major Outlook Outage Impacts Millions Worldwide

A significant outage disrupted Outlook services globally, beginning at 6:20 PM Eastern on Wednesday, July 9. Users experienced difficulties accessing their mailboxes across all platforms, including Outlook.com, Outlook Mobile, Outlook Desktop client, and Hotmail.

“A major outage affected millions of users worldwide yesterday, actually starting at 6:20 pm Eastern on Wednesday, July 9.” (00:07)

Microsoft initially attributed the glitch to an authentication component issue and continued investigating the mailbox infrastructure. Despite ongoing efforts, as of the podcast recording, the full restoration of services had not been achieved.

“Microsoft announced that users may be unable to access their mailbox using any connection methods... they suspected the glitch was related to an authentication component.” (00:07)

By early Thursday morning, Microsoft communicated that the resolution would require additional time but assured that progress was being made.

2. Surge in Iranian APT Activity Targeting US Industries

Nozomi Networks reported a 133% increase in Iran-linked cyberattacks against US industries during late spring, specifically in May and June. The total number of observed attacks rose from 12 in the preceding two months to 28 in this period.

“Their report released on Tuesday, said that ITS team spotted 28 Iran linked attacks on customers in May and June, up from 12 in the previous two month period, a bump of 133%.” (02:15)

Primary targets included the transportation and manufacturing sectors. The most active Iranian group identified was Muddy Water, notorious for targeting infrastructure in regions such as Saudi Arabia, Iraq, and Turkey.

“The most active of the Iranian groups observed was Muddy Water, a group we have reported on many times through the years...” (02:25)

3. Russian Basketball Player Arrested Over Ransomware Allegations

In a high-profile case, a 26-year-old Russian basketball player, Daniel Kasatkin, was arrested in France under suspicion of involvement with a ransomware group targeting numerous American corporations and federal entities.

“26-year old professional athlete Daniel Kasatkin was arrested in France accused of involvement in a ransomware group that allegedly targeted hundreds of American companies and federal institutions.” (03:10)

Kasatkin was apprehended in June upon arriving at Paris Charles de Gaulle Airport and is currently held in extradition custody. Allegedly serving as a ransom payment negotiator within the group, his defense claims he lacks proficiency with computers.

“His role allegedly was as a ransom payment negotiator, although his lawyer has described him as useless with computers.” (03:25)

4. Arrests Linked to Marks and Spencer & Co-Op Cyber Attacks in the UK

British authorities, in collaboration with the National Crime Agency, arrested four suspects connected to cyberattacks on major retailers Marks and Spencer and Co-Op. The suspects, aged between 17 and 20, include three individuals from the UK and one from Latvia.

“British police, along with dozens of officers from Britain's National Crime Agency, descended on the homes of four suspects...” (04:00)

Charges include offenses under the Computer Misuse Act, blackmail, money laundering, and involvement in an organized crime group. During the raids, authorities seized multiple electronic devices from the suspects' residences.

“The four were apprehended on suspicion of Computer Misuse act offences, blackmail, money laundering and participating in the activities of an organized Crime group.” (04:10)

5. Google Cloud Introduces Partial AI Data Sovereignty for UK Customers

Addressing data sovereignty concerns, Google Cloud now offers UK-based organizations the option to confine Gemini 2.5 Flash machine learning processing entirely within the UK region (Europe West 2). This allows customers to mandate that their machine learning computations remain within UK boundaries.

“Google Cloud is taking steps to address data sovereignty concerns around AI data by offering UK based organizations the option to keep Gemini 2.5 flash machine learning processing entirely within the UK.” (05:00)

However, technical support remains global, which introduces complexities in achieving complete data sovereignty.

“However, the same cannot be said for tech support, which will be shared by Google's global facilities, a complicating factor in complete data sovereignty.” (05:10)

6. Perfect Blue Bluetooth Vulnerabilities Affect Multiple Automotive Brands

A critical set of four vulnerabilities identified in the BlueSDK Bluetooth stack from Open Synergy compromises vehicles from manufacturers like Mercedes, Volkswagen, and Skoda. These flaws enable remote code execution and unauthorized access to critical vehicle systems through over-the-air attacks requiring minimal user interaction.

“This flaw can be exploited to achieve remote code execution and potentially allow access to critical elements.” (06:00)

Discovered by PCA Cybersecurity, known for uncovering numerous automotive vulnerabilities, the flaws were previously acknowledged by Open Synergy in June, with patches released in September 2024. Despite this, many automakers have yet to implement the necessary firmware updates.

“OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024, but many automakers have yet to push the firmware updates.” (06:20)

7. Linda Yaccarino Departs from X (Formerly Twitter)

Linda Yaccarino, the former head of advertising at NBCUniversal, stepped down from her role at X two years after taking the helm. In a recent post, she expressed gratitude towards Elon Musk for her tenure.

“She stated in a post on X that she was immensely grateful to owner Elon Musk for entrusting me with the responsibility of protecting free speech...” (07:15)

Elon Musk acknowledged her contributions with a simple thank you. The specific reasons behind Yaccarino's departure remain undisclosed.

“Musk's reply post said only thank you for your contributions.” (07:25)

8. Nvidia Achieves Unprecedented $4 Trillion Valuation

Nvidia has become the world’s first $4 trillion company, propelled by soaring demand for AI-related technologies. Since reaching a $1 trillion valuation in June 2023, the company's market value has continued to climb.

“Nvidia becomes the world's first 4 trillion dollar company unsurprisingly, shares in the chipmaker continue to rise...” (08:00)

Industry experts, including Dan Ives of Wedbush Securities, highlight Nvidia's pivotal role in the AI revolution, positioning it ahead of other tech giants like Microsoft, Apple, and Amazon in market valuation.

“Experts such as Dan Ives of Wedbush securities suggest that it is the only company in the world that is the foundation for the AI revolution.” (08:15)

Conclusion

This episode of Cyber Security Headlines provided a comprehensive overview of significant events in the cybersecurity landscape, from widespread service outages and escalating state-sponsored cyber activities to high-profile arrests and major shifts in the tech industry's financial standings. Staying informed on these developments is crucial for professionals navigating the complex and ever-evolving realm of information security.

For more detailed stories and daily updates, visit CISOseries.com.

Loading summary...

Transcript

A (0:00)

From the CISO series, it's Cybersecurity Headlines.

B (0:07)

These are the cybersecurity headlines for Friday, July 11, 2025. I'm Steve Prentiss Lookout Another Outlook Outage A major outage affected millions of users worldwide yesterday, actually starting at 6:20pm Eastern on Wednesday, July 9. At the time, Microsoft announced that users may be unable to access their mailbox using any connection methods, and this included Outlook.com, outlook Mobile, the Outlook Desktop client and Hotmail. An update late Wednesday evening had Microsoft stating it was continuing to probe the impacted mailbox infrastructure and suspected the glitch was related to an authentication component. End quote. By 2am Thursday morning, Microsoft announced that the fix would take an extended period, but that progress was being made. As of this recording, full restoration has not yet been achieved. Iranian APTS increased activity against US Industries in the late spring this statement is from Nozomi Networks, a company that specializes in securing OT for critical infrastructure. Their report released on Tuesday, said that ITS team spotted 28 Iran linked attacks on customers in May and June, up from 12 in the previous two month period, a bump of 133%. Prime US targets were in transportation and manufacturing. The most active of the Iranian groups observed was Muddy Water, a group we have reported on many times through the years yet who is best known for targeting infrastructure in Saudi Arabia, Iraq and Turkey. Russian basketball player arrested in France over alleged ransomware ties at the request of The United States, 26 year old professional athlete Daniel Kasatkin was arrested in France accused of involvement in a ransomware group that allegedly targeted hundreds of American companies and federal institutions. He was arrested in June upon arriving at Paris Charles de Gaulle Airport and is being held in extradition custody. Kazatkin previously studied and played basketball at Penn State University. The ransomware network that he is accused of being associated with has not been named. His role allegedly was as a ransom payment negotiator, although his lawyer has described him as useless with computers. End quote. Four people arrested in connection with Marks and Spencer and Co Op cyber attacks British police, along with dozens of officers from Britain's National Crime Agency, descended on the homes of four suspects who now stand accused of conducting the cyber attacks on the retailers Marks and Spencer and the Co Op. The suspects range in age from 17 to 20. Three of these are from the UK and the fourth from Latvia. During the raid, police also seized numerous electronic devices from their homes. The four were apprehended on suspicion of Computer Misuse act offences, blackmail, money laundering and participating in the activities of an organized Crime group. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and help you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that is v a n t a dot com headlines Google Cloud offers partial AI data sovereignty for UK customers Google Cloud is taking steps to address data sovereignty concerns around AI data by offering UK based organizations the option to keep Gemini 2.5 flash machine learning processing in entirely within the UK. This will be presented as an option in which a customer can select Google Cloud's UK region, which is Europe West 2, when using Gemini 2.5 Flash to store data in that region, end quote. This means that machine learning computations, in other words, the processing of Gemini 2.5 flash can be limited to within the UK region. However, the same cannot be said for tech support, which will be shared by Google's global facilities, a complicating factor in complete data sovereignty. Perfect Blue Bluetooth flaws impact Mercedes, Volkswagen and Skoda vehicles this flaw comprises four vulnerabilities and affects the BlueSDK Bluetooth stack from Open Synergy used in vehicles from the vendors mentioned as well as others. Since it is widely used in the automotive industry, the flaw can be exploited to achieve remote code execution and potentially allow access to critical elements. The security issues can be chained together into an exploit that researchers call a Perfect Blue attack and that can be delivered over the air by an attacker, requiring at most one click from a user. Perfect Blue, by the way, is spelled P E R F E K T B L U E all as one word. The flaw was discovered by pen testers at PCA Cybersecurity, an automotive security firm known as Regular Participants at PWN to Own Automotive and who have uncovered more than 50 vulnerabilities in CAR systems in the last year alone. Interestingly, the manufacturer OpenSynergy confirmed the flaws last year in June and released patches to customers in September 2024, but many automakers have yet to push the firmware updates. At least one major OEM learned only recently about the security risks, end quote. Linda Yaccarino becomes an XX Exec the former head of advertising at NBCUniversal took over the reins at X, formerly Twitter, two years ago. Just recently, she stated in a post on X that she was immensely grateful to owner Elon Musk for entrusting me with the responsibility of protecting free speech, turning the company around, and transforming X into the Everything app. Musk's reply post said only thank you for your contributions. The reasons for Yaccarino's departure are still not known. Nvidia becomes the world's first 4 trillion dollar company unsurprisingly, shares in the chipmaker continue to rise thanks to the ongoing surge in demand for the technology that helps make AI happen. After having hit a value of $1 trillion for the first time in June 2023, the company has continued to climb. Experts such as Dan Ives of Wedbush securities suggest that it is the only company in the world that is the foundation for the AI revolution. Companies that trail Nvidia in the most highly valued companies list are in descending Microsoft, Apple, Amazon, Alphabet, Meta, Aramco, Broadcom, Berkshire Hathaway, and lastly, bucking the trend of snappy names, the the Taiwan semiconductor manufacturing company. With one simple training course in just eight weeks, you could have a good paying job working in cybersecurity. Too good to be true? Well, it might be true, but it is very rare. So how does it happen? And is a fast track into cybersecurity even possible? That's what we try to answer on this week's episode of Defense In Depth. Look for Is it even possible to fast track your way into cybersecurity? Wherever you get your podcasts or@cisoseries.com and as usual, we've got a busy Friday of live streams today. It starts at 1pm Eastern with Super Cyber Friday, where the topic will be Hacking the Resilience Mindset. An hour of critical thinking about building the proper foundation for success. And then at 3:30pm Eastern, we have our Week in Review show. Jim Bowie, VP and CISO at Tampa General Hospital will be our guest, providing his expert commentary on the news of the week. To join us for both, head on over to the same place, the events page@ciso series.com and finally, if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.