PA teachers union breach, Infosys settles lawsuit, Sperm bank data theft

CISO Series Host

From the CISO series. It's Cybersecurity Headlines.

Sean Kelly

These are the cybersecurity headlines for Thursday, March 20, 2025. I'm Sean Kelly. Attackers swiped data from Pennsylvania Teachers Union the Pennsylvania State Education association reported to the Office of the Main Attorney General that they suffered a breach impacting over 500,000 people. The nonprofit said the attack occurred on July 6 and exposed sensitive financial and health information. Although the disclosure didn't explicitly mention ransomware or extortion, it did say steps were taken to ensure the stolen data was deleted. The Raisita ransomware gang publicly claimed responsibility for the attack back in September. Infosys settles $17.5 million lawsuit after third party breach Infosys Limited has agreed to settle six class action lawsuits filed against its subsidiary Infosys McCamish System, or IMS, related to its data breach in late October of 20. IMS provides technology platforms for life insurance and annuity services to financial institutions. Attackers were able to gain personal data of 6.5 million downstream customers, including those of Fidelity Investments Life Insurance Company, bank of America and American Express. The stolen data includes names, Social Security numbers, bank account routing numbers and dates of birth. Infosys said. The terms of the settlement are subject to confirmation by the plaintiffs and final court approval. Top US Sperm bank discloses data breach California Cryo bank, or ccb, has disclosed that an unauthorized party accessed its data files between April 20th and 22nd of last year upon discovery. CCB said it promptly isolated affected systems, but said threat actors potentially accessed and or acquired some of its customers information, including names, Social Security numbers, driver's license numbers, financial account numbers and health insurance information. The company did not disclose the total number of affected individuals or technical details related to how threat actors breached its systems. CCB is offering victims 12 months of identity protection services and fraud assistance. IBM warns of critical vulnerabilities in AIX IBM's Advanced Interactive Executive, or AIX, operating system rarely makes the cyber news these days, but IBM is now urging its customers to apply patches after disclosing two critical vulnerabilities, one of which carries a maximum severity score of 10. Both flaws are caused by improper process controls and allow remote attackers to execute arbitrary commands. Third party sources suggest around 9,000 organizations still use the OS, which is generally deployed in critical applications powering high valued industries. IBM said AIX versions 7.2 and 7.3 are both vulnerable and should be updated immediately. And now we'd like to thank today's episode sponsor, Deleteme. Data brokers bypass online safety measures to sell your name, address and Social Security number to scammers. Deleteme scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information and completing opt outs and removals. With over 100 million personal listings removed, Deleteme is your trusted privacy solution for online safety. Get 20% off your delete me plan when you go to JoinDeleteMe.com CISO and use promo code CISO at checkout. The only to get 20% off is to go to JoinDeleteMe.com CISO and enter code CISO. And one additional note, the CISO series just launched a new podcast called Security youy Should Know. We've got more details at the end of the episode. PHP flaw continues to make cyber news by being exploited Threat actors are exploiting a security flaw in PHP to deliver cryptocurrency miners and remote access trojans like Quasar Ratio. The flaw is an argument injection vulnerability in PHP affecting Windows based systems running in CGI mode that could allow remote attackers to run arbitrary code. According to bitdefender, exploitation attempts against the vuln have surged since late last year, with a significant concentration reported in Taiwan, Hong Kong, Brazil, Japan and India. In fact, we've reported several times on campaigns exploiting this very vulnerability here on Cybersecurity headlines since last June. Users are advised to update their PHP installation to the latest version to safeguard against potential threats. Arcane infostealer infects users via game cheats Researchers at Kaspersky have discovered information stealing malware called Arcane, which steals user data including VPN credentials, gaming clients, messaging apps and information stored in web browsers. The Arcane malware campaign started in November of 2024, with most infections occurring in Russia, Belarus and Kazakhstan. This is notable because most threat actors based in Russia typically avoid targeting users within the country and other Commonwealth of Independent States nations. Arcane's distribution methods now include the use of a fake software downloader named Arcana Loader, supposedly for popular game cracks and cheats. Arcana Loader has been heavily promoted on YouTube and Discord, with the operators even inviting content creators to promote it on their blogs and videos for free. Scareware combined with phishing targets macOS users. Israeli cybersecurity firm Layer X has reported that throughout 2024 and in early 2025, a scareware campaign phishing for login credentials was targeting Windows users. The Windows version of the attacks leveraged compromised websites to serve fake Microsoft security alerts, claiming that users computers had been compromised. The malicious code caused the web pages to freeze, creating the illusion of an issue with the user's browser. Victims were then instructed to provide their Windows username and password to threat actor hosted phishing pages. However, recent anti scareware improvements in Chrome, Firefox and Microsoft Edge have led to a 90% drop in windows targeted attacks, forcing threat actors to switch their focus to macOS. The macOS campaign features phishing pages similar to those used in the Windows attacks, but the layout and the messaging were tailored for macOS users with malicious code modified to target Safari. Browser phishing attacks increase 140% A new report from Menlo Security revealed that 752,000 browser based phishing attacks were recorded in 2024, marking a 140% increase from the prior year. The researcher said. Artificial intelligence driven phishing techniques and the exploitation of enterprise browsers have contributed to this trend. Attackers are refining their methods, deploying evasive techniques including fileless malware and memory only payloads. Traditional defenses such as firewalls and secure web gateways are proving inadequate against these evolving threats. Secure cloud browsing solutions can isolate user activity and prevent malicious content from compromising network systems. Additionally, using AI enhanced threat detection tools can neutralize sophisticated phishing campaigns before they cause damage. And that does it for today's cybersecurity headlines. As a security practitioner, you want to learn about new cybersecurity solutions on the market, but you don't want to get immediately sucked into the sales funnel. That's why we designed our new podcast, Security. You should know. In 15 minutes you get answers about how to prove the value of a specific vendor solution to company leadership, get pricing info, and get answers to a bevy of questions posed by our expert security guests. You can check it out now@cisoseries.com thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly.

CISO Series Host

Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headline.