Cyber Security Headlines: Week in Review Hosted by CISO Series - Released August 8, 2025

Overview

In this episode of Cyber Security Headlines, hosted by Rich from the CISO Series, guest Montes Fitzpatrick, CISO at Navis Montez, delves into the week's most pressing cybersecurity issues. The discussion encompasses the collapse of the UK Legal Aid program due to cyber attacks, Ohio's pioneering cybersecurity regulations on ransomware payments, the PBS data breach, the impact of a Salesforce breach linked to the Shiny Hunters group, an attack on Luxembourg's Huawei systems, and novel methods of hijacking AI systems like Google's Gemini.

1. UK Legal Aid Program Faces Collapse Due to Cyber Attacks

Summary: The UK Legal Aid sector is teetering on the brink of collapse following cyber attacks that disrupted operations in May. These attacks have led to unpaid barristers, turned-away cases, and fears of a mass exodus from legal aid work. The inability to access data and receive compensation has placed immense financial and operational strain on legal firms.

Discussion: Rich introduces the severity of the situation, highlighting the long-term implications beyond the immediate data breaches. Montes emphasizes the broader consequences, stating, “Delay justice is injustice. We all, we all know that” (00:37). He underscores the disconnect between corporate understanding of cybersecurity, noting that many non-IT professionals view security narrowly, focusing only on confidentiality rather than the full CIA triad (Confidentiality, Integrity, Availability).

Key Insights:

• Corporate Misunderstanding: A significant barrier is the lack of comprehensive understanding of cybersecurity's role beyond just data protection.
• Existential Risk: The collapse of essential services like legal aid illustrates the deep, systemic risks posed by cyber attacks.

Quotes:

• Montes Fitzpatrick: “...the availability and integrity and all that which, you know, of course there's the other two stool legs of the stool. For the CIA triad is actually a thing...” (04:10)

2. Ohio's New Cybersecurity Rules: Public Approval of Ransomware Payments

Summary: Ohio has enacted groundbreaking cybersecurity regulations mandating local governments to implement formal policies and obtain public approval before making ransomware payments. This legislative move aims to increase transparency and bolster defenses against sophisticated cyber threats targeting municipal data and infrastructure.

Discussion: Rich probes the practicality and potential effectiveness of involving the public in ransomware payment decisions. Montes expresses skepticism regarding the genuine involvement of the public, stating, “...absolutely, absolutely we should. Absolutely” (04:54), yet questions the actual implementation of such transparency.

Key Insights:

• Transparency vs. Practicality: While the intent is to enhance transparency, the practical involvement of the public in decision-making remains questionable.
• Potential Backlash: Montes acknowledges concerns that mandatory transparency could inadvertently drive ransomware payments underground.

Quotes:

• Montes Fitzpatrick: “...officials should not be making, officiating and doing things in a dark room.” (09:36)
• Rich: “...from the individual businesses perspective, it's almost always worth it to pay the ransom.” (10:23)

3. PBS Confirms Data Breach: Employee Information Leaked on Discord

Summary: PBS has confirmed a data breach where contact information of nearly 4,000 employees and affiliates was leaked on Discord servers associated with PBS Kids fan communities. The compromised data includes names, job titles, emails, departments, and supervisors. Unlike organized hacking groups, the breach appears to be the result of non-professional individuals sharing files out of curiosity or for notoriety.

Discussion: Montes reflects on the incident, likening it to past experiences with less sophisticated breaches. He highlights the persistent challenge of managing attack surfaces and being vigilant stewards of data. “[...] there is a lot of attack surface and there are a lot of elements that we just need to be very good stewards of and we just haven't solved that” (13:08).

Key Insights:

• Internal Vulnerabilities: Even non-professional breaches can have significant repercussions, emphasizing the need for robust internal security measures.
• Trust and Brand Impact: For a trusted brand like PBS, such breaches can undermine public confidence and require effective PR management.

Quotes:

• Montes Fitzpatrick: “This is pretty seriously, we have to protect what we have to protect and it's, it's very difficult to do so.” (13:08)

4. Google’s Salesforce Breach: Shiny Hunters Group Involved

Summary: Google reports that hackers affiliated with the Shiny Hunters group breached one of its Salesforce databases, compromising small business contact information. The attack utilized voice phishing to gain access, mirroring a series of recent Salesforce-related breaches affecting prominent companies like Cisco, Qantas, and Pandora.

Discussion: Rich points out that the underlying issue isn't Salesforce itself but the prevalent use of voice phishing tactics. Montes advises the implementation of Multi-Factor Authentication (MFA) into service desks to mitigate such threats. “[...] organizations especially are going to just... work MFA into the service desk.” (16:08).

Key Insights:

• Voice Phishing Resurgence: Despite being considered outdated, voice phishing remains a potent method for attackers.
• MFA Implementation: Strengthening authentication processes is crucial in defending against such social engineering attacks.

Quotes:

• Montes Fitzpatrick: “This just sort of reminds me of that. And you know, the, it, what it really is tantamount, I think is the fact that there is a lot of attack surface...” (16:08)

5. Luxembourg's Huawei Systems Attacked: Mobile Service Disruption

Summary: Luxembourg suffered a significant cyber attack targeting Huawei equipment within its national telecom infrastructure, resulting in a nationwide telecommunications outage. The disruption affected 4G and 5G mobile networks for over three hours, including access to emergency services. Attempts to revert to older 2G systems failed due to overload, highlighting the vulnerabilities of relying on legacy systems as backups.

Discussion: Montes discusses the convergence challenges between information technology (IT) security and operational technology (OT) security. He points out the conflicting priorities that often arise, where measures to enhance IT security might inadvertently compromise OT availability. “[...] the information technology security practices that we use... negatively affect the availability stool of the CIA triad...” (18:39).

Key Insights:

• IT vs. OT Security: Balancing security measures between IT and OT environments is critical to maintain both protection and operational availability.
• Legacy System Risks: Dependence on outdated systems like 2G as fallback options poses significant security and reliability risks.

Quotes:

• Montes Fitzpatrick: “There is a lot of data... and just a good inventory of it for, for the, the sake of security...” (20:49)

6. Google’s Gemini AI Hijacked via Poison Calendar Invites

Summary: At Black Hat, security researchers demonstrated indirect prompt injection attacks on Google's Gemini AI by embedding malicious prompts within Google Calendar items. These prompts could commandeer AI actions such as raising smart blinds or initiating Zoom calls. Although Google has deployed mitigations since February, the incident underscores the vulnerabilities inherent in AI integrations with everyday tools.

Discussion: Montes elaborates on the dangers of executing data as code, comparing it to historical vulnerabilities like portable executable exploits. He stresses the importance of enforcing secure coding practices to mitigate such risks. “[...] there is a lot of attack surface... this is just another case of, here we've got data that should be data that's being executed as code.” (24:38)

Key Insights:

• AI Integration Risks: As AI becomes more embedded in daily operations, securing these interfaces becomes paramount.
• Prompt Injection Vulnerabilities: Ensuring that data inputs are sanitized and securely managed is critical to prevent AI misuse.

Quotes:

• Montes Fitzpatrick: “Calendars are getting, there's more interfaces, more proliferation...” (23:12)

Conclusion

Montes Fitzpatrick concludes the episode by highlighting the PBS breach as a particularly noteworthy incident, reflecting on its nostalgic elements and the ongoing challenges in cybersecurity. Rich wraps up by encouraging listeners to follow Montes on LinkedIn and to join upcoming events hosted by the CISO Series.

Final Thoughts:

• Persistent Challenges: The episode underscores the evolving nature of cyber threats and the continuous need for robust, adaptive security measures.
• Community and Awareness: Building bridges within organizations and fostering a comprehensive understanding of cybersecurity's multifaceted role remain essential.

Closing Quote:

• Montes Fitzpatrick: “The one that I liked the most was the... PBS... really just brought back these, you know, nostalgic elements maybe...” (27:43)

For further insights and daily updates, visit CISOseries.com.