Cyber Security Headlines - July 29, 2025
Hosted by Lauren Verno, CISO Series
1. Hacktivist Attack Grounds Russian Flights
In a significant disruption, Russia's Aeroflot airline was forced to cancel over 50 flights and experience multiple delays at Moscow's airport due to a politically motivated cyber attack. The incident occurred on Monday when Aeroflot reported a system failure affecting their operations. The airline also announced that their ticket offices are temporarily unable to process refunds or rebookings, though services are expected to resume once the systems are restored.
Notable Quote:
Lauren Verno (00:35): "Hacktivist groups Silent Crow and Belarusan cyber partisans have claimed responsibility for the attack, stating that the disruption follows a year-long compromise of Aeroflot's systems."
2. Naval Group Denies Breach
France's state-backed defense contractor, Naval Group, is vehemently denying claims of a cyber breach after a cybercriminal alleged the theft of one terabyte of sensitive submarine data, including source code and classified technical documents. The threat group responsible posted what they claim to be proof samples and issued a 72-hour ultimatum for a response before threatening a full data leak.
Notable Quote:
Lauren Verno (02:15): "Naval Group asserts there are no signs of an IT systems breach but has initiated a thorough investigation to address the allegations."
3. Dating App Breach Exposes Thousands of Women's Pictures
In an ironic twist, a dating application marketed as a safer space for women suffered a data breach that exposed images of tens of thousands of users. Specifically, the breach compromised 13,000 user-submitted selfies and 59,000 public images from posts and messages. The attack targeted a legacy storage system containing data from before February 2024, despite the app's commitment to deleting verification photos immediately.
Notable Quote:
Lauren Verno (04:20): "The app's promise to delete verification photos immediately was undermined when attackers accessed legacy systems holding older data."
4. Scattered Spider Escalates Attacks on VMware ESXi
The cyber threat group Scattered Spider has ramped up its attacks targeting VMware ESXi hypervisors across US companies in various sectors, including retail, airlines, transportation, and insurance. According to Google's Threat Intelligence Group, the group predominantly uses sophisticated social engineering techniques rather than software exploits to infiltrate organizations. They often impersonate IT administrators to hijack privileged accounts, swiftly transitioning from access to data theft and ransomware deployment within hours.
Notable Quote:
Lauren Verno (06:45): "Scattered Spider continues to rely on highly convincing social engineering tactics, manipulating help desk staff to gain access to high-value systems."
5. Ransomware Group Chaos Rebrands
In the ongoing saga of ransomware groups, Chaos emerges as the new identity, succeeding the previously known Black Suit. This rebranding coincided with a global law enforcement operation named Operation Checkmate, which successfully seized Black Suit's Tor-based leak site. The seized site was replaced with logos from 17 agencies and Bitdefender, signaling the group's attempt to return under a new guise.
Notable Quote:
Lauren Verno (08:30): "Cisco Talos now links Chaos to the same operators as Black Suit, citing near identical ransom notes and attack methods, indicating the group's rapid resurgence."
6. New Malware Alert: Shuyal Infostealer
A new infostealer named Shuyal has been identified, targeting 19 different browsers, including privacy-focused ones like Tor. Shuyal quietly gathers system data and steals credentials while employing aggressive evasion techniques. It disables Task Manager and eradicates its own traces post-exfiltration, sending stolen data through Telegram bots. While current distribution methods remain unknown, experts warn that Shuyal could pave the way for larger attacks such as ransomware or business email compromises.
Notable Quote:
Lauren Verno (10:10): "Shuyal's ability to disable Task Manager and delete its own traces makes it a formidable threat, potentially serving as a precursor to more severe cyber attacks."
7. Papercut Exploit in Need of Band Aid
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning regarding the exploitation of a high-severity vulnerability in Papercut NGMF print management software. This flaw can lead to remote code execution and was originally patched in June 2023. Recently, it has been added to CISA's Known Exploited Vulnerabilities catalog, urging federal agencies to apply the patch by August 18. Papercut software is widely used, with over 100 million users across 70,000 organizations globally.
Notable Quote:
Lauren Verno (12:00): "Despite the patch released in June 2023, the persistence of exploiting this vulnerability highlights the critical need for timely updates, especially for widely used software like Papercut."
8. Starlink Scambrite
A US senator has called on SpaceX to take decisive action against scammers leveraging its Starlink Internet service for large-scale cyber fraud operations in Southeast Asia. Human rights groups and UN reports have consistently linked Starlink to scam operations due to its portability and detachment from national telecom networks. With reports of usage doubling in some regions and increased sightings, the senator is demanding transparency and measures to prevent the abuse of Starlink's services.
Notable Quote:
Lauren Verno (13:45): "The portability and independence of Starlink have made it a preferred tool for scam operations, prompting urgent calls for SpaceX to implement stricter controls."
9. Discussion: Mitigating Third-Party Data Breaches
The episode concludes with a discussion on the pervasive risk posed by third-party data breaches. Lauren Verno emphasizes the growing realization that organizations are often most vulnerable through parties they have the least control over. While large organizations can pressure their vendors to improve security standards, smaller entities may struggle to contain these risks effectively.
Notable Quote:
Lauren Verno (15:30): "We don't go a week without hearing a story about a data breach caused by a third party. It's crucial to explore strategies to better manage and mitigate these risks."
Upcoming: CISO Series Podcast Episode
Listeners are encouraged to look out for the upcoming CISO Series podcast episode titled "Cosmo: 23 Ways to Make Your Vendors Obsessed with Your Security Standards", which will delve deeper into strategies for enhancing third-party security.
For more detailed stories and updates, visit CISOsSeries.com.