Transcript
Steve Prentiss (0:00)
From the CISO series, it's Cybersecurity Headlines these are the Cybersecurity headlines for Friday, May 23, 2025. I'm Steve Prentiss. Signal Ads Recall Blocker the messaging app has updated its Windows app to block actions by Microsoft's AI Powered Recall feature from screenshotting conversations. When enabled, Screen Security will set a digital Rights management flag on Signals app Windows, blocking their content from being captured by Recall or other Windows apps and features, signal developer Joshua Lund stated in a post this week. Microsoft has simply given us no other options End quote critical Windows Server 2025 DMSA vulnerability warning According to Akamai security researcher Yuval Gordon, a privilege escalation flaw in Windows Server 2025 makes it possible for attackers to compromise any user in Active Directory. In a report shared with the Hacker News, Gordon said the attack exploits the delegated managed service account feature that was introduced in Windows Server 2025. The attack works with the default configuration and is trivial to implement. End quote Akamai has named this attack technique Bad Successor Pathology Lab suffers data breach North Carolina based Marlborough Chesterfield Pathology is a full service anatomic pathology laboratory that recently suffered an apparent ransomware attack. The company stated in a breach notice published on its website that unauthorized activity on some internal IT systems was discovered on January 16 and that further investigation showed that files had been stolen. The data in these files generally includes pii along with medical treatment information and health insurance information, but this varies by individual. Over 235,000 individuals may have been impacted. The ransomware group SafePay SafePay has claimed responsibility for the theft. FTC slaps GoDaddy upside the head the US Federal Trade Commission has finalized an order requiring the web hosting company to secure its services to settle charges of data security failures that led to several data breaches since 2018. End Quote the FTC also alleged that the company misled users about its security practices. It found that GoDaddy was unaware of vulnerabilities in its hosting environment due to a lack of standard security measures. The Commission's order prohibits the company from misleading consumers, mandates it to establish a robust information security program, hire an independent third party assessor and add mfa. Huge thanks to our sponsor Conveyor still spending hours maintaining a massive spreadsheet of Q and A pairs or using RFP tools to answer security questionnaires. Conveyor's AI doesn't need hand holding and gets you accurate answers every time with limited knowledge base maintenance. It reads directly from your connected sources, documents, wikis, websites, Confluence, Google Drive and even your Conveyor trust Center. You don't maintain a knowledge base. You connect to one and their AI does the rest for you. See what real autofill magic looks like@conveyor.com that is www.c o n v e y o r Consumer Reports accuses Kroger of using loyalty program to Sell Customer Data the consumer watchdog publication stated this past Tuesday that the grocery chain allegedly used data collected from loyalty shoppers to build sometimes incorrect profiles of them and sell their information to other companies. End quote. According to the record, their report was based on statements from a single customer in Oregon who used the state's new privacy law to expose what Kroger had been doing with his information, which turned out to be that it was sent to data brokers, tobacco companies, insurance and marketing firms. Kroger refutes this report Chinese Hackers Breach US Local Governments using cityworks Zero Day Chinese speaking hackers have been exploiting a now patched Trimble cityworks Zero day to breach multiple local governing bodies across the United States. Trimble cityworks is a geographic information system based asset management and work order management software primarily used by local governments, utilities and public works organizations and is designed to help infrastructure agencies and municipalities manage public assets, handle permitting and licensing and process work orders. The hacking group behind this campaign, UAT6382, used a rust based malware loader to deploy Cobalt Strike beacons and V Shell malware designed to backdoor compromised systems, provide long term persistent access as well as web shells and custom malicious tools. Written in Chinese Cisco Patches High Severity Flaws On Wednesday, Cisco published 10 security advisories detailing over a dozen vulnerabilities across its products, including two high severity flaws in its Identity Services Engine and Unified Intelligence Center. The ISE bug impacts the RADIUS message processing feature and could be exploited remotely without authentication to cause ISE to reload and lead to a denial of service condition. The security defect was resolved alongside a medium severity vulnerability that could be exploited for horizontal privilege escalation. More details about all these flaws is available in the show Notes to this episode. Unpatched critical bugs in Versa Concerto revealed these vulnerabilities, disclosed by researchers at Project Discovery, could allow remote attackers to bypass authentication and execute arbitrary code on affected systems, as described in Bleeping Computer. Versa Concerto is the centralized management and orchestration platform for Versa Networks and Secure Access Service Edge solutions used by large enterprises, telecom operators and government agencies. Project Discovery reported the vulnerabilities to the vendor on February 13th with a 90 day disclosure period. Versa Networks acknowledged the findings and promised hotfixes by April 7, but then went silent, prompting Project Discovery to publish the full details to alert Versa Concerto users of the danger. Make sure to join us later today at 3:30pm Eastern for our Week in Review show. George Finney, CISO at the University of Texas System, will be our guest, providing his expert commentary on the news of the week, and we encourage participation and comments through our YouTube live channel. Just go to the events page@ciso series.com to join us. If you're in the San Diego area, make sure to join us for our San Diego Cyber Group meetup on Wednesday, April 28. David Spark will be there for some fun discussions, silly games and networking. Details on this can also be found@the cisoseries.com events page. And remember to check out our new episode of Security youy Should Know. This week we're talking with threatlocker and what they are doing to solve the problem of unauthorized site access. If you haven't checked out this Show yet, each 15 minute episode gives you the answers to questions security leaders want to know when learning about a new solution. Check it out wherever you get your podcasts or again, head on over to cisoseries.com I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.