Transcript
Steve Prentiss (0:00)
From the CISO series, it's Cybersecurity Headlines These are the cybersecurity headlines for Monday, June 16, 2025. I'm Steve Prentiss. Washington Post investigates hacking incident on journalists emails A source speaking with Reuters has stated that there has been a possible unauthorized targeted intrusion affecting a few journalists, which the Wal Journal has said was potentially the work of a foreign government. Specifically, the reporters whose emails were targeted included members of the national security and economic policy teams, including some who write about China, End quote Staffers at the Washington Post have been told the intrusions compromised journalists Microsoft accounts and could have granted the intruder access to work emails. Graham Cluley, posting on LinkedIn, stated that in recent years, reporters at the Post have reportedly stopped using email for their most sensitive conversations and use encrypted messaging apps like Signal instead. Nonetheless, the Washington Post has wisely decided to force all employees to reset their login credentials. End quote Anubis ransomware adds wiper to destroy files beyond recovery following up on a story we covered in April, the Anubis ransomware as a service operation has now added a wiper module to its file, encrypting malware which will destroy a victim's files, making recovery impossible possible even if the ransom is paid. Anubis, which is not to be confused with an Android ransomware malware with the same name, made headlines this spring for its aggressive affiliates program. Researchers from Trend Micro found the wiper in recent samples, and they believe the feature was introduced to increase the pressure on the victim to pay quicker instead of stalling negotiations or ignoring them altogether. End quote Discord invite link hijacking campaign delivers infostealers Researchers from Checkpoint are describing this campaign as one that exploits a weakness in Discord's invitation system to deliver an information stealer called Skuld and the remote access Trojan Async Rat. They said attackers hijacked the links through vanity link registration, allowing them to redirect users from trusted sources to malicious servers. They then use the click fix phishing technique along with multi stage loaders and time based evasions to stealthily deliver Asyncrat and the customized Skuld stealer targeting Crypto wallets Account Takeover bug impacts over 46,000 grafana instances according to researchers at application security company Ox security. More than 46,000 Internet facing instances of the data analytics and monitoring app remain unpatched and exposed to a client side open redirect vulnerability that would allow for execution of a malicious plugin and account takeover. The flaw has a CVE number and impacts multiple versions of the Grafana platform. Grafana Labs released a patch on May 21 after having been informed by a bug bounty hunter, but Ox Security says more than a third of all Grafana instances reachable over the public Internet have not been patched. Huge thanks to our Sponsor Adaptive Security OpenAI's first cybersecurity investment as deepfake scams and gen AI phishing evolve, Adaptive equips security teams with AI powered phishing simulations featuring realistic personalized deepfakes and engaging security awareness training. Their new AI content creator turns threat intel and policy updates into interactive multilingual training. Instantly trusted by Fortune 500s and backed by Andreessen Horowitz and OpenAI, Adaptive helps you stay ahead of AI driven threats. Learn more at adaptivesecurity.com that is the two words adaptive security together.com Canadian airline WestJet is containing a cyber attack Canada's second largest airline is now investigating a cybersecurity incident impacting some of its internal systems and mobile app, which has blocked access for several users. End quote. The company is of course responding and working with law enforcement and stresses that flight operations remain safe and unaffected. No additional details are available as of this recording. Danish government agency announces planned switch from Microsoft software Denmark's tech modernization agency plans to replace Microsoft products with open source alternatives like LibreOffice to reduce reliance on US tech firms and achieve digital sovereignty. Over half the staff will transition to LibreOffice in the next month, with full adoption expected by autumn, according to Digitalization Minister Caroline Stade Olsson. The move also aims to avoid costs tied to aging Windows 10 systems, which lose support in October. LibreOffice, developed by the Berlin based Document foundation, offers a full suite of office tools. Similar steps have been taken by Copenhagen and Aarhus, citing financial, political and competitive concerns. Microsoft has not yet commented. Crash records stolen from Texas DOT Authorities at the Texas Department of Transportation have announced the discovery of unusual activity on May 12 involving its crash Records Information system. Their investigation states that a compromised account was used to access and download almost 300,000 crash reports, which the state is legally required to maintain. The records include pii, but also information about insurance policies, injuries sustained during crashes, as well as the narratives of the incidents. The department sent letters to victims to be vigilant for any communications related to past crash incidents. The UK is woefully unprepared for undersea cable sabotage, says Report following up on a story that we have been covering over the past few months, a report from the China Strategic Risks Institute showed that 10 out of 12 incidents of alleged undersea cable sabotage between January 2021 and April 2025. Out of these, eight of the suspected vessels were directly linked to China or Russia through flag, state registration or company ownership. As described in the Guardian, 99% of Intercontinental data transmission takes place through submarine cable systems, playing a vital role in civilian and defense infrastructure. Without these cables, much of the economy, from international banking and cloud computing to virtual communications and global logistics, would cease to function. The report continues to say that the UK's defence infrastructure is woefully inadequate in protecting against such grey zone tactics. End quote Remember to join us this Friday for Super Cyber Friday. We're tackling a big one this week, spending an hour talking about hacking what it takes to become a ciso. If you're in security leadership and want to know how people have gotten to the top, then you need to join us at 1pm Eastern. Be sure to head on over to our events page@cisoseries.com to register. And if you have some thoughts on the news from today or about this show in general, please do reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentice reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.