Cyber Security Headlines – March 24, 2025

Hosted by Steve Prentiss | CISO Series

1. U.S. Treasury Lifts Sanctions on Tornado Cash

Overview: The U.S. Treasury has officially removed Tornado Cash, a cryptocurrency mixer, from its Specially Designated Nationals (SDN) list. Tornado Cash was previously sanctioned in 2022 for allegedly facilitating over $7 billion in money laundering, including $455 million linked to the Lazarus Group, a North Korean cybercriminal organization.

Key Points:

• Court Ruling: The appellate court ruled in November 2024 that the Treasury overstepped its authority, stating that Tornado Cash's immutable smart contracts do not qualify as property under federal law.
• Treasury’s Stance: Despite lifting the sanctions, the Treasury expressed ongoing concerns regarding North Korea's cyber activities and emphasized the necessity of securing the digital asset industry against illicit use.

Notable Quote:

"The court determined that the treasury had overstepped its authority as Tornado Cash's immutable smart contracts did not qualify as property under federal law." – Steve Prentiss [02:15]

2. Cloudflare Outage in Russia

Overview: A significant internet outage was reported across multiple Russian regions on Thursday, impacting major platforms such as TikTok, Steam, Twitch, Epic Games, Duolingo, and leading Russian mobile operators. Banking, government services, and messaging apps like Telegram and WhatsApp were also affected.

Key Points:

• Cause of Outage: Industry experts attribute the outage to the Russian government's blocking of the U.S.-based Cloudflare service.
• Government Response: Roscomnadzor, Russia’s internet regulator, recommended that local organizations transition to Russian hosting providers to mitigate such disruptions.

Notable Quote:

"The outages were observed across numerous Russian regions affecting platforms including TikTok, Steam, Twitch, Epic Games, Duolingo and major Russian mobile operators." – Steve Prentiss [03:05]

3. Abuse of Microsoft Trusted Signing Service to Code Sign Malware

Overview: Cybersecurity researchers have identified a troubling trend where threat actors are abusing Microsoft’s Trusted Signing Service. They are obtaining short-lived three-day code signing certificates to sign their malware, making it appear legitimate and capable of bypassing security filters.

Key Points:

• Purpose of Code Signing: Signed malware can evade detection by appearing as trusted software, especially when utilizing Extended Validation (EV) certificates which enhance trustworthiness in cybersecurity programs.
• Research Insights: Squibly Doo, a cybersecurity researcher, highlighted that the convenience and recent changes to EV certificates are factors making Microsoft’s service attractive to threat actors.

Notable Quote:

"Threat actors are switching to Microsoft's service out of convenience, especially given that recent changes to EV certificates are causing confusion for users." – Squibly Doo [04:30]

4. Oracle Denies Data Breach Claims

Overview: Oracle has refuted allegations from a threat actor claiming the sale of 6 million stolen data records from Oracle Cloud's federated Single Sign-On (SSO) login servers. The company asserts that the published credentials do not pertain to Oracle Cloud and that no customers have been affected.

Key Points:

• Threat Actor Claims: The alleged breach involved access to Oracle cloud servers in the US2 and EM2 regions, with data exfiltrated over approximately 40 days.
• Oracle’s Response: The company maintains that no Oracle Cloud customers experienced data loss or breaches, dismissing the legitimacy of the threat actor’s claims.

Notable Quote:

"The published credentials are not for the Oracle cloud and that no Oracle Cloud customers experienced a breach or lost any data." – Steve Prentiss [05:45]

5. DogeAid Violates Treasury Policy by Emailing Unencrypted Database

Overview: In a lawsuit filed by the New York Attorney General and 18 other state attorneys general, it was revealed that DogeAid operative Marco Elez breached Treasury Department policies by emailing an unencrypted database containing personally identifiable information (PII).

Key Points:

• Violation Details: Marco Elez failed to obtain prior approval for transmitting the data and neglected to encrypt the sensitive information.
• Risk Assessment: While the Treasury declared the incident as low risk since the database did not include Social Security numbers or more specific identifiers, it highlighted non-compliance with Bureau of Fiscal Services (BFS) policies.

Notable Quote:

"Marco Elez violated Treasury rules by sending the unencrypted database including personally identifiable information, and by not obtaining prior approval for transmission." – Steve Prentiss [06:50]

6. FCC Investigates Chinese Telecom Companies for Bypassing Bans

Overview: The Federal Communications Commission (FCC) has announced a comprehensive investigation into Chinese telecom manufacturers, including Huawei and ZTE, for allegedly circumventing bans imposed by the U.S. government on their participation in American telecommunication infrastructure.

Key Points:

• Investigation Focus: The FCC aims to identify how these companies might be exploiting loopholes or underbidding competitors to continue their operations despite existing bans.
• Impact on U.S. Infrastructure: The investigation underscores concerns over national security and the integrity of U.S. telecommunications systems against potential foreign exploits.

Notable Quote:

"Chinese companies like Huawei and ZTE and others who have been banned from doing business with US Companies but who allegedly continue to exploit loopholes." – Steve Prentiss [07:30]

7. FAA’s Pilot Safety Messaging System Outage Resolved

Overview: The Federal Aviation Administration (FAA) experienced a multi-hour outage of its Notice to Airmen (NOTAM) system on Saturday, caused by a hardware failure. Operations have since resumed successfully.

Key Points:

• Cause of Outage: An aging air traffic control system coupled with underfunding led to the hardware issue that disrupted the NOTAM service.
• System Assurance: The FAA confirmed that all active NOTAM messages remained accessible up until the outage period, ensuring no loss of critical information for pilots.

Notable Quote:

"Officials are claiming an aging air traffic control system paired with underfunding as causes." – Steve Prentiss [08:20]

8. Infostealers Compromise 2.1 Billion Credentials in 2024

Overview: A recent report by Flashpoint reveals a staggering increase in the number of credentials stolen by infostealers in 2024. Cybercriminals have exploited these stolen credentials as initial access vectors for ransomware and other malicious campaigns.

Key Points:

• Statistics: A 33% increase in stolen credentials compared to the previous year, with over 200 million credentials already compromised in the first two months of 2025.
• Target Focus: Microsoft Windows remains the primary operating system targeted, with nearly 70% of infostealer infections aimed at corporate systems.
• Implications: The rise in credential theft underscores the need for enhanced security measures and vigilant monitoring to protect sensitive information and prevent unauthorized access.

Notable Quote:

"Infostealers have increasingly become the initial access vector for ransomware campaigns by stealing credentials, system information and browser data." – Ian Gray, VP of Intelligence at Flashpoint [09:10]

Conclusion

This episode of Cyber Security Headlines provided a comprehensive overview of the latest developments in the cybersecurity landscape, addressing significant events such as the lifting of sanctions on Tornado Cash, widespread outages affecting Russian internet services, and the alarming rise in credential theft. Host Steve Prentiss effectively highlighted the evolving threats and responses within the information security domain, offering valuable insights for professionals and enthusiasts alike.

For more detailed stories behind these headlines, visit CISOseries.com.

Enjoyed this summary?
Be sure to check out the full episode for an in-depth discussion and expert analysis on each of these critical cybersecurity issues.