Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Friday, November 21, 2025. I'm Steve Prentiss. Android Trojan captures encrypted chats and hijacks devices Cybersecurity researchers at the Dutch mobile security company Threat Fabric are warning of this new Trojan that enables credential theft and full device takeover to conduct fraud. They report that it is capable of bypassing encrypted messaging by capturing content directly from the device screen after decryption. This allows it to monitor communications on WhatsApp, Telegram and Signal. Sternus is also able to stage overlay attacks using fake login screens over top of banking apps to capture victims credentials, with its current targets being financial institutions across southern and central Europe. Canadian regulators say Schools share blame for Power School hack the Information and Privacy Commissioners for the Provinces of Ontario and Alberta released their investigative findings on the massive Power School data leak and faulted the school systems for missteps such as not putting privacy and security related provisions in their contracts with the education software firm and failing to effectively monitor and oversee PowerSchool's security guardrails, particularly in regard to multi factor authentication. Quote, Schools also did not have appropriate breach response plans ready to go, the report said. The breach, which affected schools and students across the US And Canada, was the result of the actions of a Massachusetts college student who pleaded guilty and received a four year sentence in October. Bill Reintroduced to Bolster Cybersecurity at securities and Exchange Commission Put forward as a bipartisan initiative, Georgia Representatives David Scott, a Democrat, and Barry Loudermilk, a Republican, introduced the legislation on Wednesday under the name the SEC Data Protection act of 2025. Specifically, the bill would establish uniform policies and procedures governing how the SEC requests, handles, stores and protects sensitive information obtained from investors, advisors, broker dealers and other market participants. It is also intended to, quote, develop and update data protection cybersecurity protocols consistent with federal and NIST standards and best practices. End quote. Both representatives are senior members of the House Financial Services Committee. CISA gives government agencies seven days to patch new Fortinet flaw CISA has stated that US Government agencies must secure their systems within a week against this latest vulnerability in Fortnet's FortiWeb web application firewall, which has been exploited in zero day attacks, allowing authenticated threat actors to execute code as root in low complexity attacks that do not require user interaction. The CVE numbered vulnerability has been added to the known Exploited Vulnerabilities catalog, meaning agencies of the Federal Civilian Executive Branch have until Tuesday, November 25th to secure their systems. Huge thanks to our sponsor knowbefor. Your email gateway isn't catching everything and cybercriminals know it. That's why there's KnowBe4's Cloud Email Security platform. It is not just another filter, it is a dynamic AI powered layer of defense that detects and stops advanced threats before they reach your user's inbox. Request a demo of KnowBe4's Cloud Email Security knowbefor.com that is K-N O W B E and the number4.com or visit them this week at the Microsoft Ignite booth. Number 5532 German authorities warn of evasion attacks on LLMs Germany's Federal Office for Information Security is warning of rising evasion attacks on LLMs and has issued guidance to help developers and IT managers secure AI systems and mitigate related risks. Evasion attacks involve malicious inputs such as prompt injection and data manipulation designed to subvert or bypass model safeguards. The BSI released a document aimed at developers and IT managers in companies and public authorities that have opted to operate a pre trained language model such as OpenAI's GPT. The recommendations are a blend of technical controls such as filters, sandboxing and retrieval, augmented generation along with organizational practices such as adversarial testing, governance and training. As part of a defense in depth strategy, the Office emphasizes that no single control is sufficient. Critical flaw lets hackers access Asus DSL routers remotely the Taiwan based computer and technology manufacturer Asus has now fixed a critical auth bypass flaw with a CVSS score of 9.3 in DSL routers that would have let remote, unauthenticated attackers access devices with ease. The vulnerability impacts a handful of router families listed in the show notes and of course Asus recommends users update to the latest firmware as well as using strong unique passwords. Palo Alto Networks sees massive surge in malicious activity inside mystery traffic flood the traffic has been targeting Palo Alto network's global protect portals and has surged almost 40 fold in the space of 24 hours, hitting a 90 day high and putting defenders on alert for whatever comes next. This is according to attack intelligence firm Greynoise, who says the sudden wave began on November 14, coming from a single network based in Germany and Canada. The company also said in an earlier blog that spikes in attacker activity often precede new vulnerabilities affecting the same vendor, with 80% of observed cases followed by a CVE disclosure within 6 weeks. D link warns of new RCE flaws in end of life Dir878 routers it was a big day for router technology, it seems yesterday, with D Link warning of three remotely exploitable command execution vulnerabilities that affect all models and hardware revisions of its DIR878 router, which has reached end of service but is still available in several markets. These routers are typically used in homes and small offices. Since the Dir878 reached end of life in 2021. D link warns that it will not release security updates for this model and recommends replacing it with an actively supported Four vulnerabilities are involved listed in the show notes, which according to CISA have a medium severity score.