Cyber Security Headlines – Episode Summary

Hosted by CISO Series, this episode from March 21, 2025, delves into significant cybersecurity incidents and developments impacting organizations and individuals globally. Below is a comprehensive summary capturing all key discussions, insights, and conclusions.

1. Stalkerware Company Spy X Suffers Data Breach

Timestamp: [00:00]

Steve Prentiss opens the episode by reporting a major data breach involving Spy X, a consumer-grade spyware company marketed as a mobile monitoring tool for parents to control their children's smartphones. The breach, which occurred in June 2024, exposed records of nearly 2 million individuals, including thousands of Apple users. Notably, Spy X and its two clone apps failed to notify affected customers or those targeted by the spyware.

Steve Prentiss: “The breach has revealed that Spy X and two other related mobile apps, clones of Spy X, had records on almost 2 million people at the time of the breach, including thousands of Apple users.” [00:00]

This revelation underscores the critical need for transparency and robust security practices in companies handling sensitive personal data.

2. Ontario Provincial Police's Use of Paragon Solutions Spyware

Timestamp: [02:30]

The episode shifts focus to law enforcement, highlighting a report from Citizen Lab based in Toronto. Researchers discovered that the Ontario Provincial Police (OPP) utilized advanced commercial spyware produced by Paragon Solutions, a company owned by Florida-based AE Industrial Partners. The investigation revealed that the spyware's IP address matched that of the OPP headquarters.

Steve Prentiss: “A spokesman for the Ontario Provincial Police... said that the agency is required to receive judicial authorization to intercept private communications.” [05:15]

The OPP spokesperson emphasized compliance with Canadian laws, stating that such measures are reserved for serious criminal investigations. This segment raises important questions about the balance between law enforcement surveillance and privacy rights.

3. VEEAM Patches Critical Vulnerabilities

Timestamp: [07:45]

Attention turns to vulnerabilities in VEEAM’s backup and replication software. A defect with a CVE number and a CVSS score of 9.9 was identified, posing a risk of remote code execution by authenticated domain users. Cybersecurity firm Watchtower reported that this issue stems from flaws in VEEAM’s deserialization mechanism.

Steve Prentiss: “While the exploitation of the new vulnerability requires the attacker to be logged in, the authentication requirement is fairly weak.” [12:00]

The high severity score highlights the urgency for organizations using VEEAM to apply the necessary patches to prevent potential exploitation.

4. Enhancing Security of Subsea Cables

Timestamp: [15:30]

The discussion moves to the physical security of subsea Internet cables, which handle 95% of global Internet traffic. Recent advancements in technology now allow for the detection of underwater sabotage attempts by monitoring light pulses and physical disturbances along fiber optic cables.

Steve Prentiss: “This technique is based on the pulses of light that travel along a fiber optic cable and the tiny reflections that sometimes bounce back.” [18:20]

These innovations provide a proactive approach to safeguarding critical infrastructure from sabotage and ensure the resilience of global communications networks.

5. Nation-State Exploits Microsoft Windows Zero-Day

Timestamp: [22:10]

A significant zero-day vulnerability in Microsoft Windows was highlighted, which has been exploited by nation-state groups since 2017. Despite being reported by Trend Micro six months prior, Microsoft has yet to issue a fix or remediation.

Steve Prentiss: “This vulnerability allows attackers to execute hidden malicious commands due to the way Windows displays the contents of shortcut LNK files.” [25:40]

Targeted sectors include governments, think tanks, finance, cryptocurrency, telecom, military, and energy. The lack of a CVE number and delayed response from Microsoft underscores the challenges in addressing long-standing security flaws.

6. Nakivo Vulnerability Added to KEV Catalog

Timestamp: [30:00]

CISA has added a vulnerability related to Nakivo’s backup and replication service to the Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated with a CVSS score of 8.6, involves an absolute path traversal bug that allows unauthenticated attackers to access sensitive files.

Steve Prentiss: “It affects all versions of the Nakivo software prior to version 10.” [32:15]

Federal civilian executive branch agencies are mandated to implement mitigations by April 9, emphasizing the critical nature of this vulnerability.

7. ASCOM Targeted in Hellcat's JIRA Attack

Timestamp: [35:50]

The episode covers a cyberattack on ASCOM, a Swiss telecommunications provider, attributed to the hacker group Hellcat. The breach compromised ASCOM’s JIRA ticketing system, leading to the theft of source code, confidential documents, and other sensitive information.

Steve Prentiss: “The vector for the attack was their JIRA ticketing system, which has become a common attack method for the Hellcat hackers.” [38:00]

Other notable victims include Schneider Electric, Telefonica, Orange Group, and Jaguar Land Rover, indicating a broad targeting strategy against organizations utilizing JIRA servers.

8. Dark Crystal RAT Targets Ukrainian Defense via Signal Messages

Timestamp: [41:30]

Highlighting cyber warfare tactics, the episode discusses the Dark Crystal RAT campaign targeting Ukraine’s defense sectors. The malware is distributed through malicious Signal app messages that appear as legitimate meeting minutes, some sent from previously compromised accounts to enhance credibility.

Steve Prentiss: “The campaign uses malicious messages via Signal app that contain supposed meeting minutes.” [44:10]

This sophisticated method demonstrates the evolving nature of cyber threats in conflict zones, aiming to infiltrate Defense Industrial Complex enterprises and individual defense representatives.

Conclusion

This episode of Cyber Security Headlines provided in-depth analysis of recent cybersecurity incidents, emphasizing the evolving threats and the critical importance of robust security measures across various sectors. From data breaches in spyware companies to sophisticated nation-state exploits and advancements in infrastructure protection, the discussions underline the dynamic landscape of information security.

For those interested in further discussions and expert insights, Steve Prentiss encourages participation in upcoming shows and exploring detailed stories on CISOseries.com.

Note: Advertisements, sponsor messages, and non-content sections were intentionally omitted to focus solely on the episode’s substantial content.