Cyber Security Headlines - Episode Summary Hosted by CISO Series Release Date: May 23, 2025

1. Signal Enhances Privacy with Windows App Update

Timestamp: [00:00]

Steve Prentiss opens the episode by discussing Signal's latest update aimed at reinforcing user privacy. The messaging platform has introduced Screen Security in its Windows application, which activates a digital rights management flag. This flag effectively blocks Microsoft's AI-Powered Recall feature from capturing screenshots of conversations.

Notable Quote:

"Microsoft has simply given us no other options,"
– Joshua Lund, Signal Developer [00:45]

This development underscores Signal's commitment to maintaining user confidentiality against evolving platform features that may infringe on privacy.

2. Critical Vulnerability in Windows Server 2025

Timestamp: [02:15]

A significant security concern highlighted is the privilege escalation flaw identified in Windows Server 2025. Akamai's security researcher, Yuval Gordon, revealed that this vulnerability allows attackers to compromise any user within Active Directory environments.

Notable Quote:

"The attack exploits the delegated managed service account feature that was introduced in Windows Server 2025. The attack works with the default configuration and is trivial to implement,"
– Yuval Gordon, Akamai [04:10]

Akamai has named this exploit technique "Bad Successor," emphasizing the ease with which malicious actors can leverage this flaw to gain unauthorized access.

3. Pathology Lab Under Ransomware Attack

Timestamp: [05:30]

Marlborough Chesterfield Pathology, a North Carolina-based anatomic pathology laboratory, disclosed a ransomware attack that resulted in unauthorized access and data theft. The breach, discovered on January 16, compromised sensitive personal identifiable information (PII), medical treatment records, and health insurance details of over 235,000 individuals.

Notable Quote:

"Files had been stolen. The data includes PII and medical information, varying by individual,"
– Marlborough Chesterfield Pathology [07:05]

The ransomware group SafePay has claimed responsibility for this incident, highlighting the persistent threat posed by such malicious entities targeting healthcare facilities.

4. FTC Takes Action Against GoDaddy for Security Lapses

Timestamp: [09:20]

The U.S. Federal Trade Commission (FTC) has imposed a settlement order on GoDaddy, addressing multiple data security breaches that occurred between 2018 and the present. The FTC accused GoDaddy of failing to implement standard security measures, rendering the company unaware of vulnerabilities within its hosting environment.

Notable Quote:

"GoDaddy was unaware of vulnerabilities in its hosting environment due to a lack of standard security measures,"
– FTC Statement [10:05]

The settlement mandates GoDaddy to establish a comprehensive information security program, engage an independent third-party assessor, implement multi-factor authentication (MFA), and refrain from misleading consumers about their security practices.

5. Consumer Reports Alleges Kroger Misuses Loyalty Data

Timestamp: [12:45]

Consumer watchdog publication, Consumer Reports, has accused the grocery giant Kroger of exploiting data from its loyalty program to create inaccurate customer profiles and sell this information to external companies. This allegation emerged from a case in Oregon, where a customer utilized the state's privacy laws to reveal Kroger's data-sharing practices.

Notable Quote:

"Data was sent to data brokers, tobacco companies, insurance, and marketing firms,"
– Report Details [14:10]

Kroger has publicly refuted these claims, asserting that their data handling practices comply with all relevant regulations and emphasizing their commitment to customer privacy.

6. Chinese Hackers Exploit Trimble Cityworks Zero-Day

Timestamp: [16:00]

A sophisticated cyberattack campaign has been launched by Chinese-speaking hackers targeting U.S. local governments. Utilizing a now-patched zero-day vulnerability in Trimble Cityworks—a GIS-based asset management and work order software—the group, identified as UAT6382, has successfully breached multiple municipal systems.

The attackers deployed Rust-based malware loaders to install Cobalt Strike beacons and V Shell malware, facilitating persistent access and the installation of web shells and custom malicious tools.

Notable Quote:

"Designed to help infrastructure agencies manage public assets, the exploitation of Trimble Cityworks undermines critical municipal operations,"
– Security Analyst [17:35]

This breach underscores the vulnerability of essential public infrastructure to targeted cyber threats and the importance of timely patch management.

7. Cisco Addresses High-Severity Security Flaws

Timestamp: [19:50]

Cisco has released ten security advisories addressing over a dozen vulnerabilities across its product suite. Among these are two high-severity flaws in the Identity Services Engine (ISE) and Unified Intelligence Center. The ISE vulnerability affects RADIUS message processing, allowing remote, unauthenticated attackers to trigger a denial-of-service (DoS) by causing the ISE to reload.

Additionally, a medium-severity vulnerability was identified that permits horizontal privilege escalation, potentially enabling attackers to access unauthorized areas within the network.

Notable Quote:

"The ISE bug could be exploited remotely without authentication to cause ISE to reload and lead to a denial of service condition,"
– Cisco Security Advisory [21:15]

Cisco recommends all users apply the latest patches immediately to mitigate these critical vulnerabilities. Detailed information is available in the show notes.

8. Unpatched Critical Bugs in Versa Concerto Exposed

Timestamp: [23:00]

Researchers from Project Discovery have uncovered critical vulnerabilities in Versa Concerto, the centralized management platform for Versa Networks' Secure Access Service Edge (SASE) solutions. These vulnerabilities allow remote attackers to bypass authentication and execute arbitrary code on affected systems.

Notable Quote:

"Vulnerabilities in Versa Concerto could allow remote attackers to bypass authentication and execute arbitrary code,"
– Project Discovery Report [24:20]

Despite initially acknowledging the issues and promising hotfixes by April 7, Versa Networks failed to release the patches within the 90-day disclosure period. Consequently, Project Discovery has publicly disclosed the vulnerabilities to alert users of the imminent risks.

Upcoming Events and Resources

Timestamp: [26:50]

Steve Prentiss concludes the episode by promoting upcoming events and resources:

• Week in Review Show: Featuring George Finney, CISO at the University of Texas System, offering expert commentary on weekly cybersecurity news. Scheduled for today at 3:30 PM Eastern on their YouTube live channel. [26:55]

• San Diego Cyber Group Meetup: Set for Wednesday, April 28, with host David Spark, focusing on discussions, games, and networking opportunities. Details available on the CISO Series events page.

• New Podcast Episode - "Security You Should Know": This week’s episode features a discussion with ThreatLocker about combating unauthorized site access. Available on all major podcast platforms and at cisoseries.com.

Conclusion

This episode of Cyber Security Headlines by CISO Series provides a comprehensive overview of significant cybersecurity incidents and vulnerabilities impacting major platforms and organizations. From Signal's proactive measures against screenshot capturing to critical vulnerabilities in widely used systems like Windows Server and Trimble Cityworks, the discussions highlight the ongoing challenges in safeguarding digital assets. Additionally, regulatory actions against companies like GoDaddy and allegations against Kroger emphasize the importance of robust data security and ethical data handling practices. Stay informed and proactive by tuning into future episodes and participating in the CISO Series community events.

For full details on the topics discussed, visit cisoseries.com.