Transcript
A (0:00)
From the CISO series, it's Cybersecurity headlines.
B (0:07)
These are the cybersecurity headlines for Thursday, June 26, 2025. I'm Lauren Verno. NHS confirms patient death linked to ransomware attack the June 2024 cyber attacks on London hospitals caused more than just a data breach burning. Britain's National Health Service now says a patient's death was directly linked to the incident. NHS explains the attack impacted the amount of time it took hospitals to perform critical blood tests. The resulting delays were identified as one of the contributing factors in the patient's death. The hackers also compromised data belonging to over 900,000 patients, including sensitive medical details that still haven't fully been disclosed. A year later, the NHS is still dealing with the fallout, including dangerously low blood supplies that continue to impact care. Breach forums busted again the administrators for one of the world's largest online marketplaces for stolen data have been arrested. French police report the arrest of five suspected operators of breach forums, including well known threat actors Shiny Hunters and Intel Broker. Authorities say the group helped relaunch the Dark Web marketplace after its original founder was arrested in 2023. The suspects are linked to several major breaches, including attacks on French companies and government agencies. With Intel Broker previously tied to high profile hacks impacting US and European organizations. Breach Forum's V2 went offline in April of this year and has not returned thousands of SaaS apps still vulnerable to no auth New research shows Almost two years after its discovery, the Noauth abuse method is still a major risk, with as many AS at least 15,000 SaaS apps likely vulnerable due to misconfigurations with Microsoft Entra ID. Despite Microsoft offering guidance, researchers say developers are still misunderstanding or overlooking key implementation steps, leaving apps open to account takeovers and data exfiltration without users ever knowing. Ransomware hits harder in the UK it's an award no one wants, but a new report shows that British organizations are far more likely than their global peers to have data encrypted in ransomware attacks. In fact, 70% of UK victims were hit, compared to 50% worldwide, according to Sophos. The medium ransom demand jumped to 5.4 million last year and UK firms are often pay the full amount or more. However, this may soon change as new regulations like the upcoming Cybersecurity and Resilience Bill aims to ban ransom payments and tighten reporting requirements. Thanks to Today's episode sponsor ThreatLocker. ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com CISO that's threat l l o c k e r.com CISO Third party and ransomware attacks hit US health care again Two US health care organizations have disclosed data breaches impacting over 100,000 individuals each. I'll do the math for you, that's over 200,000 people overall impacted. Mainline Health Systems confirmed its network was breached in April of 2024, with the Inc. Ransomware Group later leaking stolen files. The attack affected more than 101,000 patients across its 30 plus locations in Arkansas. Meanwhile, nearly 120,000 people tied to Select Medical holdings was impacted through a third party breach at former debt collector Nationwide Recovery Services. Ransomware PAC Grows Speaking of ransomware, a new group calling itself Direwolf is taking a bite out of the tech and manufacturing sectors. Researchers have already linked the group to at least 16 attacks using double extortion tactics and custom built encryptors to tailored to each victim. Direwolf isn't staying quiet either. Five of the 16 victims listed on its data leak site are now facing public data exposure by the end of the month for quote, refusing to pay up. New China Orb Network Infects Devices A newly uncovered China linked operational relay box or orb network known as Lapdogs is quietly expanding across US and East Asia, already infecting over 1,000 devices. That's according to Security Scorecard. The highly targeted network is made up of compromised routers, IoT devices and servers, primarily Ruckus wireless access points, and is being used to support multiple intrusion campaigns while evading detection. Unlike traditional botnets, orbs like Lapdogs or offer stealthier long term infrastructure for espionage, making it harder to detect and defend against these threats. Cybercrime Outpaces African Law Enforcement Cybercrime is surging across Africa, with some countries reporting a 30 fold increase in online scam detections and cybercrime accounting for a third of all reported crimes, according to Interpol's 2025 Africa Cyber Threat Assessment Report. Egypt, South Africa and Zambia were among the hardest hit facing spikes in ransomware and phishing attacks, while law enforcement in nine out of 10 African nations lack the tools or training to respond. Be sure you're registered for this week's Super Cyber Friday event All about Hacking the Internal Politics of Cybersecurity if you've ever been challenged by NAVIGATING the tricky waters of an organization to get the security mission done, you need to join us. We've got two seasoned CISOs joining us this Friday at 1pm Eastern Standard talking for an hour about why just being right isn't enough when it comes to security decisions. To register to join, head on over to the Events page@the cisoseries.com and if you have some thoughts on the news from today or about the show in general, be sure to reach out to us@feedbackisoseries.com we'd love to hear from you. I'm Lauren Verno reporting from the CISO series.