Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Monday, September 1, 2025. I'm Steve Prentiss Velociraptor forensic tool used for C2 tunneling researchers at the SOFAS Counter Threat Unit research team are warning of a new variation of the living off the land technique where which takes advantage of open source forensic software as an entry point. In this case, per the researcher's report, unknown threat actors deployed the endpoint monitoring and digital forensic tool of Velociraptor to download and execute Visual Studio code with the likely intention of creating a tunnel to an attacker controlled command and control server. The researchers added that this quote signals a tactical evolution where incident response programs are being used by threat actors to obtain a foothold and minimize the need for having to deploy their own malware. End quote City of Baltimore gets socially engineered to the tune of $1.5 million the city admits it has fallen victim to a con in which an individual quote, spoofed a vendor and tricked city employees into changing the contractor's bank account information, End quote This, according to the city's Inspector General, Isabel Mercedes Cumming, who also said, quote, the city's Accounts Payable department had failed to implement corrective measures after previous incidents of Frau and did not have proper protections in place to verify supplier details. End quote the fraudster relieved the city of $1.5 million through two payments, only one of which has been successfully recovered thus far. Ransomware Gang takedowns create more smaller gangs Cybersecurity observers are warning that the success that law enforcement agencies globally have enjoyed in taking down large operations such as Lockbit, Black Cat, Alf V and Hive. The results, which have focused largely on impounding or destroying the gang's infrastructures but not arresting the operators, has allowed the gang members to reform in greater variety. Malwarebytes tracked 60 new ransomware gangs operating this year. Researchers are attributing this growth to a mix of domain experience, commoditized software and abundant AI, which is lowering the barrier to entry, end quote Recent Windows Update didn't kill people's SSDs, says Microsoft. Following up on a story we covered on August 22, Microsoft says it has found no link between the August 2025 security update and customer reports of failure and data corruption issues affecting solid state drives and hard disk drives. At the time, Microsoft had solicited input from users because it had been unable to reproduce the problem. Now, after thorough investigation, the company says it has found no connection between the August 2025 Windows Security Update and the types of hard drive failures reported on social media. Huge thanks to our sponsor, ThreatLocker. ThreatLocker is a global leader in zero Trust Endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com CISO that is T H R E A T L O C K-E-R.com CISO One FBI official says Chinese use of private companies is a weakness for them Another admits you have been pwned in response to the FBI alert published last week about the expanding cyber espionage campaign being run by Salt Typhoon, Jason Bilnoski, section chief of the FBI's cyber division, told CyberScoop that these types of campaigns, in which the Chinese Communist Party uses private companies to carry out the hacking, are actually failures. Bilnoski cites a lack of hands on control which has allowed investigators to gain advantage of by observing the mistakes these companies make. At the same time, Michael Mactinger, also a section chief of the FBI's cyber division, but with a different portfolio from Bill Nuski, told the Register that Salt Typhoon's actions mean there's a good chance this espionage campaign has stolen information from nearly every American. End quote Amazon halts Russia linked hijacking of Microsoft device code authentication Amazon has announced that it disrupted the watering hole campaign run by Russia linked group APT 29, also known as Cozy Bear. The attack used compromised websites that redirected users to spoofed pop ups made to resemble the cloudflare Verify you are a human captcha. In order to capture Microsoft device code authentication data, Amazon uncovered the watering hole campaign through custom analytics, including finding actor domains that typo squatted through variations of Cloudflare.com WhatsApp fixes iOS flaw WhatsApp has now addressed a security vulnerability in its messaging apps for Apple, iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero day attacks. The vulnerability, which has a CVE number and a CVSS score of 8.0, relates to a case of insufficient authorization of linked device synchronization messages, which could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target's device. End quote A link to the CVE numbers involved, as well as the versions of WhatsApp affected, is available in the show Notes to this episode Tampered Chef infostealer delivered through fraudulent PDF editor According to Bleeping, computer threat actors have been using multiple websites promoted through Google Ads to distribute a convincing PDF editing app that delivers an info stealing malware called Tampered Chef. This forms part of a larger operation that uses multiple apps that can download each other, some of them tricking users into enrolling their system into residential proxies. According to researchers at Trusec, the campaign appears to be widespread and well orchestrated as the operators waited for the ads to run their course before activating the malicious components in the applications. End Quote Are you looking for industry conversation on the most relevant topics to cybersecurity and an audience to share them with? Then you need to come to our next Super Cyber Friday event. Each week at 1pm Eastern time, we bring together two industry experts, go deep on topics, play a few fun games, and then do a virtual meetup afterwards. We have a great community chat during the events with tons of chances for questions and answers. This week we're going to be talking about hacking AI in meetings, giving you tips on how to take advantage of all the intelligence from your recorded meetings without opening yourself up to security and privacy issues. If that sounds fun, then head on over to the events page@cisoseries.com to register. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us at feedbacksoseries. We would love to hear from you. I'm Steve Prentice reporting for the CISO series.