Cyber Security Headlines – Episode Summary

Podcast: CISO Series – Cyber Security Headlines
Episode: Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill
Date: November 21, 2025
Host: Steve Prentiss
Guest Segment: Rich Stroffolino (Breaking News)

Episode Overview

This episode dives into some of the most pressing cybersecurity stories as of November 21, 2025. The main themes include a powerful new Android Trojan threatening financial institutions, regulatory findings in the PowerSchool school data breach, a legislative push to bolster security at the SEC, critical vulnerabilities in widely-used routers, and breaking news on the SolarWinds hack SEC case.

Key Discussion Points and Insights

1. Android Trojan ‘Sturnus’ Bypasses Encryption and Hijacks Devices

[00:06–01:30]
Trojan Details:
- Researchers from Threat Fabric have identified a new Android malware named "Sturnus".
- Bypasses encryption by capturing decrypted message content directly from device screens.
Messaging Apps at Risk:
- Targets popular encrypted apps such as WhatsApp, Telegram, and Signal.
Attack Techniques:
- Main method includes overlay attacks—superimposing fake login screens over banking apps to steal credentials.
- Enables full device takeover for fraud, with a primary focus on banking apps in southern and central Europe.
Memorable Moment:
- "It is capable of bypassing encrypted messaging by capturing content directly from the device screen after decryption." — Steve Prentiss [00:21]

2. Canadian Regulators Fault Schools for PowerSchool Data Breach

[01:31–02:16]
Findings:
- Ontario and Alberta’s Privacy Commissioners say schools failed to require privacy/security safeguards in contracts and didn’t monitor PowerSchool’s cybersecurity measures.
- Inadequate multi-factor authentication and a lack of ready breach response plans were highlighted.
Quotable:
- "Schools also did not have appropriate breach response plans ready to go, the report said." — Steve Prentiss [02:03]
Incident Context:
- The breach impacted schools and students across the US and Canada; a Massachusetts college student responsible has already been convicted and sentenced.

3. Bipartisan Bill to Enhance SEC Cybersecurity Introduced

[02:17–03:16]
Legislation Details:
- Representatives David Scott (D) and Barry Loudermilk (R) introduce the SEC Data Protection Act of 2025.
- Aims to standardize how the SEC handles sensitive investor data.
- Seeks alignment with federal and NIST cybersecurity protocols.
Quotable:
- "...develop and update data protection cybersecurity protocols consistent with federal and NIST standards and best practices." — Steve Prentiss quoting bill language [03:00]

4. CISA Mandates Rapid Patch for New Fortinet Flaw

[03:17–03:56]
Urgency:
- US government agencies given seven days to patch a critical FortiWeb firewall vulnerability (zero-day).
- The flaw enables authenticated attackers to execute code as root via low-complexity attacks.
Action Deadline:
- Federal Civilian Executive Branch agencies have until Tuesday, November 25, to comply.

5. German Security Agency Warns on LLM Evasion Attacks

[04:30–05:15]
Risk:
- Bundesamt für Sicherheit in der Informationstechnik (BSI) warns of evasion techniques (e.g., prompt injection) threatening AI/LLM (large language model) security.
Guidance:
- BSI releases a document recommending technical controls like filters, sandboxing, retrieval augmented generation, and organizational practices (adversarial testing, governance, training).
Quote:
- "The Office emphasizes that no single control is sufficient." — Steve Prentiss [05:08]

6. Critical Flaws in Asus DSL Routers Fixed

[05:16–05:46]
Vulnerability:
- A critical authentication bypass (CVSS 9.3) in certain Asus DSL routers could allow remote, unauthenticated access.
Recommendation:
- Update firmware and use strong, unique passwords immediately.

7. Massive Malicious Traffic Targeting Palo Alto Networks

[05:47–06:25]
Incident:
- GlobalProtect portals see a 40x spike in traffic over 24 hours (as of November 14), mainly from Germany and Canada.
Insight:
- Activity spikes like this often precede vulnerability disclosures—80% lead to public CVEs within six weeks, according to Greynoise.

8. D-Link DIR878 Routers: Unpatched RCE Vulnerabilities

[06:26–06:57]
Issue:
- Three command execution bugs affect all models/hardware of D-Link DIR878 routers, now unsupported (EOL since 2021).
Advice:
- No more security updates—users should urgently replace with supported hardware.

9. Breaking News: SEC Drops Charges from 2020 SolarWinds Hack

[07:01–07:56] Breakdown by guest Rich Stroffolino
Background:
- The 2020 SolarWinds Orion supply-chain hack led to high-profile SEC charges against the company and its CISO, Tim Brown, for alleged fraud and control failures.
Case Update:
- Most charges dismissed in 2024; as of this episode, the SEC has dropped the case entirely.
Industry Impact:
- SolarWinds’ statement: hopes the dismissal "eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work." — Rich Stroffolino [07:47]

Notable Quotes

On screen-capturing malware:
- "It is capable of bypassing encrypted messaging by capturing content directly from the device screen after decryption." — Steve Prentiss [00:21]
School breach responsibility:
- "Schools also did not have appropriate breach response plans ready to go, the report said." — Steve Prentiss [02:03]
On SEC cybersecurity bill:
- "...develop and update data protection cybersecurity protocols consistent with federal and NIST standards and best practices." — Steve Prentiss [03:00]
On AI security:
- "The Office emphasizes that no single control is sufficient." — Steve Prentiss [05:08]
On SEC dropping SolarWinds case:
- "Solarwind said it hoped the dismissal eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work." — Rich Stroffolino [07:47]

Timestamps for Important Segments

Trojan captures encrypted chats: 00:06 – 01:30
PowerSchool breach blame: 01:31 – 02:16
SEC cybersecurity bill introduced: 02:17 – 03:16
CISA mandates patch for Fortinet flaw: 03:17 – 03:56
German warning on LLM/AI attacks: 04:30 – 05:15
Asus DSL router flaw fixed: 05:16 – 05:46
Mystery traffic targets Palo Alto: 05:47 – 06:25
Unpatched D-Link router RCEs: 06:26 – 06:57
Breaking: SEC drops SolarWinds case: 07:01 – 07:56

Episode Tone and Language

The episode maintains a professional, urgent, and occasionally cautionary tone, reflecting the critical nature of cybersecurity news. Steve Prentiss delivers headline summaries in a clear and concise manner, occasionally quoting direct regulatory findings or legislation. Rich Stroffolino provides a succinct breaking news segment with an emphasis on industry impact.

Cyber Security Headlines – Episode Summary

Episode Overview

Key Discussion Points and Insights

1. Android Trojan ‘Sturnus’ Bypasses Encryption and Hijacks Devices

[00:06–01:30]
Trojan Details:
- Researchers from Threat Fabric have identified a new Android malware named "Sturnus".
- Bypasses encryption by capturing decrypted message content directly from device screens.
Messaging Apps at Risk:
- Targets popular encrypted apps such as WhatsApp, Telegram, and Signal.
Attack Techniques:
- Main method includes overlay attacks—superimposing fake login screens over banking apps to steal credentials.
- Enables full device takeover for fraud, with a primary focus on banking apps in southern and central Europe.
Memorable Moment:
- "It is capable of bypassing encrypted messaging by capturing content directly from the device screen after decryption." — Steve Prentiss [00:21]

2. Canadian Regulators Fault Schools for PowerSchool Data Breach

[01:31–02:16]
Findings:
- Ontario and Alberta’s Privacy Commissioners say schools failed to require privacy/security safeguards in contracts and didn’t monitor PowerSchool’s cybersecurity measures.
- Inadequate multi-factor authentication and a lack of ready breach response plans were highlighted.
Quotable:
- "Schools also did not have appropriate breach response plans ready to go, the report said." — Steve Prentiss [02:03]
Incident Context:
- The breach impacted schools and students across the US and Canada; a Massachusetts college student responsible has already been convicted and sentenced.

3. Bipartisan Bill to Enhance SEC Cybersecurity Introduced

[02:17–03:16]
Legislation Details:
- Representatives David Scott (D) and Barry Loudermilk (R) introduce the SEC Data Protection Act of 2025.
- Aims to standardize how the SEC handles sensitive investor data.
- Seeks alignment with federal and NIST cybersecurity protocols.
Quotable:
- "...develop and update data protection cybersecurity protocols consistent with federal and NIST standards and best practices." — Steve Prentiss quoting bill language [03:00]

4. CISA Mandates Rapid Patch for New Fortinet Flaw

[03:17–03:56]
Urgency:
- US government agencies given seven days to patch a critical FortiWeb firewall vulnerability (zero-day).
- The flaw enables authenticated attackers to execute code as root via low-complexity attacks.
Action Deadline:
- Federal Civilian Executive Branch agencies have until Tuesday, November 25, to comply.

5. German Security Agency Warns on LLM Evasion Attacks

[04:30–05:15]
Risk:
- Bundesamt für Sicherheit in der Informationstechnik (BSI) warns of evasion techniques (e.g., prompt injection) threatening AI/LLM (large language model) security.
Guidance:
- BSI releases a document recommending technical controls like filters, sandboxing, retrieval augmented generation, and organizational practices (adversarial testing, governance, training).
Quote:
- "The Office emphasizes that no single control is sufficient." — Steve Prentiss [05:08]

6. Critical Flaws in Asus DSL Routers Fixed

[05:16–05:46]
Vulnerability:
- A critical authentication bypass (CVSS 9.3) in certain Asus DSL routers could allow remote, unauthenticated access.
Recommendation:
- Update firmware and use strong, unique passwords immediately.

7. Massive Malicious Traffic Targeting Palo Alto Networks

[05:47–06:25]
Incident:
- GlobalProtect portals see a 40x spike in traffic over 24 hours (as of November 14), mainly from Germany and Canada.
Insight:
- Activity spikes like this often precede vulnerability disclosures—80% lead to public CVEs within six weeks, according to Greynoise.

8. D-Link DIR878 Routers: Unpatched RCE Vulnerabilities

[06:26–06:57]
Issue:
- Three command execution bugs affect all models/hardware of D-Link DIR878 routers, now unsupported (EOL since 2021).
Advice:
- No more security updates—users should urgently replace with supported hardware.

9. Breaking News: SEC Drops Charges from 2020 SolarWinds Hack

[07:01–07:56] Breakdown by guest Rich Stroffolino
Background:
- The 2020 SolarWinds Orion supply-chain hack led to high-profile SEC charges against the company and its CISO, Tim Brown, for alleged fraud and control failures.
Case Update:
- Most charges dismissed in 2024; as of this episode, the SEC has dropped the case entirely.
Industry Impact:
- SolarWinds’ statement: hopes the dismissal "eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work." — Rich Stroffolino [07:47]

Notable Quotes

On screen-capturing malware:
- "It is capable of bypassing encrypted messaging by capturing content directly from the device screen after decryption." — Steve Prentiss [00:21]
School breach responsibility:
- "Schools also did not have appropriate breach response plans ready to go, the report said." — Steve Prentiss [02:03]
On SEC cybersecurity bill:
- "...develop and update data protection cybersecurity protocols consistent with federal and NIST standards and best practices." — Steve Prentiss [03:00]
On AI security:
- "The Office emphasizes that no single control is sufficient." — Steve Prentiss [05:08]
On SEC dropping SolarWinds case:
- "Solarwind said it hoped the dismissal eases the concerns many CISOs have voiced about this case and the potential chilling effect it threatened to impose on their work." — Rich Stroffolino [07:47]

Timestamps for Important Segments

Trojan captures encrypted chats: 00:06 – 01:30
PowerSchool breach blame: 01:31 – 02:16
SEC cybersecurity bill introduced: 02:17 – 03:16
CISA mandates patch for Fortinet flaw: 03:17 – 03:56
German warning on LLM/AI attacks: 04:30 – 05:15
Asus DSL router flaw fixed: 05:16 – 05:46
Mystery traffic targets Palo Alto: 05:47 – 06:25
Unpatched D-Link router RCEs: 06:26 – 06:57
Breaking: SEC drops SolarWinds case: 07:01 – 07:56

wavePod

Sturnus captures encrypted chats, PowerSchool schools blamed, SEC security bill

Powered by Wave AI

Summary

Cyber Security Headlines – Episode Summary

Episode Overview

Key Discussion Points and Insights

1. Android Trojan ‘Sturnus’ Bypasses Encryption and Hijacks Devices

2. Canadian Regulators Fault Schools for PowerSchool Data Breach

3. Bipartisan Bill to Enhance SEC Cybersecurity Introduced

4. CISA Mandates Rapid Patch for New Fortinet Flaw

5. German Security Agency Warns on LLM Evasion Attacks

6. Critical Flaws in Asus DSL Routers Fixed

7. Massive Malicious Traffic Targeting Palo Alto Networks

8. D-Link DIR878 Routers: Unpatched RCE Vulnerabilities

9. Breaking News: SEC Drops Charges from 2020 SolarWinds Hack

Notable Quotes

Timestamps for Important Segments

Episode Tone and Language

Summary

Cyber Security Headlines – Episode Summary

Episode Overview

Key Discussion Points and Insights

1. Android Trojan ‘Sturnus’ Bypasses Encryption and Hijacks Devices

2. Canadian Regulators Fault Schools for PowerSchool Data Breach

3. Bipartisan Bill to Enhance SEC Cybersecurity Introduced

4. CISA Mandates Rapid Patch for New Fortinet Flaw

5. German Security Agency Warns on LLM Evasion Attacks

6. Critical Flaws in Asus DSL Routers Fixed

7. Massive Malicious Traffic Targeting Palo Alto Networks

8. D-Link DIR878 Routers: Unpatched RCE Vulnerabilities

9. Breaking News: SEC Drops Charges from 2020 SolarWinds Hack

Notable Quotes

Timestamps for Important Segments

Episode Tone and Language