Cyber Security Headlines – Episode Summary

Podcast: Cyber Security Headlines
Host: Steve Prentiss
Date: September 12, 2025
Episode Theme:
A snapshot of the most pressing cybersecurity developments around the globe, including updates on SonicWall VPN exploits, priorities for the Acting Federal Cyber Chief, the significant increase in U.S. investment in spyware, and emerging threats against infrastructure and privacy.

Main Topics and Key Insights

1. SonicWall SSL VPN Flaws Under Active Exploitation

[00:06 – 01:35]

• SonicWall devices are being actively targeted due to a year-old vulnerability with a CVSS score of 9.3.
• The issue: Local user passwords migrated without being reset, facilitating renewed Akira ransomware activity since late July.
• Advice to Customers:
  • Rotate passwords for all SonicWall local accounts.
  • Remove any unused or inactive SonicWall accounts.
  • Ensure Multi-Factor Authentication (MFA) and Time-based One-Time Passwords (TOTP) are enabled.
  • Restrict virtual office portal access to internal networks.
• Quote:
  “Customers are advised to rotate Passwords on all SonicWall local accounts, remove any unused or inactive SonicWall local accounts, ensure MFA and TOTP policies are configured, and restrict virtual office portal access to the internal network.”
  — Steve Prentiss [00:55]

2. Acting Federal Cyber Chief’s Strategic Priorities

[01:35 – 02:20]

• Michael Duffy (Acting Federal Cyber Chief) outlined key federal cybersecurity goals at the Billington Cybersecurity Summit:
  • Enterprise Cyber Defense
  • Increasing Operational Resilience
  • Securing a Modern U.S. Government
• Stressed proactive, cross-agency action rather than reactive, isolated measures.
• Key Quotes:
  • “Leaders thinking about things like vulnerability management, supply chain or incident responses not just for their own agency but across the enterprise as well.”
    — Steve Prentiss, quoting Michael Duffy [01:50]
  • “It’s incumbent upon agencies to act now rather than waiting for the next cyber crisis to shape the next 10 years.”
    — Steve Prentiss, quoting Michael Duffy [02:07]

3. U.S.-Based Spyware Investment Nearly Triples

[02:20 – 03:12]

• Atlantic Council report: U.S. firms backing spyware manufacturers jumped from 11 (2023) to 31 (2024).
• The U.S. is now the largest investor in this sector.
• Notable transactions:
  • Paragon’s “graphite” spyware (used against WhatsApp users) acquired by AE Industrial Partners (Florida).
  • Saito Tech Ltd (Candiru spyware) backed by Integrity Partners.
• Ethical and regulatory implications left unaddressed.

4. UK Cybersecurity Legislation Delayed Again

[03:12 – 04:10]

• The UK government’s cybersecurity and resilience bill, finalized three years ago, is postponed following a cabinet reshuffle.
• Delay occurs amid rising cyberattacks, including a recent Jaguar Land Rover incident labeled an “economic security incident.”
• Persistent risk for major brands such as Marks & Spencer and Co-op, which have faced significant disruptions.
• Analysis: Policymaking continues to lag behind threat realities, underscoring the urgent need for legislative momentum.

5. Record-Breaking DDoS Attack Targets Defender

[05:11 – 05:59]

• A European DDoS mitigation provider was attacked with a staggering 1.5 billion packets per second (pps) DDoS blast.
• Attack leveraged thousands of IoT devices and vulnerable Mikrotik routers.
• Fastnet Mon, the mitigator, did not disclose the targeted customer, describing them only as a "DDoS scrubbing provider."
• Highlights the escalating scale and sophistication of infrastructure attacks.

6. Malware Campaign via ConnectWise Screen Connect

[05:59 – 06:30]

• Level Blue researchers warn of a malware campaign using the legitimate ConnectWise Screen Connect tool to deliver AsyncRAT.
• Attack tactics:
  • PowerShell loaders
  • Persistence achieved via fake Skype updater
  • Fileless malware: .NET assemblies run in-memory, bypassing disk-based detection methods.
• Growing trend toward living-off-the-land and fileless attacks that evade traditional security measures.

7. KillSec Ransomware Hits Brazilian Healthcare Provider

[06:30 – 07:13]

• Attack on Medic Solution, a healthcare software company in Brazil, enabled by an insecure AWS S3 bucket.
• Data exposure window: several months.
• Stolen data: Over 34 GB of patient information, including lab results and assessments.
• KillSec actors have also struck healthcare targets in Colombia, Peru, and the U.S.
• Significance: Highlights the ongoing vulnerability of healthcare data and the dangers of cloud misconfigurations.

8. VMScape Attack: Breaking Guest-Host Isolation in the Cloud

[07:13 – 07:54]

• ETH Zurich researchers unveiled “VMScape,” a Spectre-like vulnerability.
• Allows malicious VMs to extract cryptographic secrets from unmodified QEMU hypervisors on AMD and Intel processors.
• Bypasses existing Spectre mitigations, threatening cloud-hosted data isolation.
• Quote:
  “A threat actor could deploy such an attack against a cloud provider by simply renting a virtual machine to leak secrets from the Hypervisor or other VMs.”
  — Steve Prentiss [07:40]
• Implication: Could upend trust in the multi-tenant cloud model.

Notable Quotes & Memorable Moments

• On urgency in federal preparedness:
  “It’s incumbent upon agencies to act now rather than waiting for the next cyber crisis to shape the next 10 years.”
  — Michael Duffy (quoted by Steve Prentiss) [02:07]

• On VMScape’s impact:
  “A threat actor could deploy such an attack against a cloud provider by simply renting a virtual machine to leak secrets from the Hypervisor or other VMs.”
  — Steve Prentiss [07:40]

Additional Resources & Events

• Super Cyber Friday live stream at 1pm ET: Focused on “Hacking managed services.”
• Week in Review show at 3:30pm ET: Guests include Rob Thiel (CTO, Oklahoma Department of Commerce) and Howard Halton (CEO, gigaom).
• More details and registration available at cisoseries.com/events

Summary Prepared by:
Your Cyber Security Headlines Podcast Summarizer
All news stories verified as of September 12, 2025. For expanded coverage, visit cisoseries.com.