Cyber Security Headlines: Week in Review

Episode Date: October 17, 2025
Main Theme:
A relentless week in cybersecurity, covering the dangerous repurposing of defensive tools like Velociraptor by attackers (notably LockBit), the fallout from leadership ambiguity at the NSA and Cyber Command, and high-profile breaches at Sotheby’s and F5. The conversation, led by host (A) with expert guests Tom Hollingsworth (C) and Brett Conlon (B), explores what these stories reveal about resilience, trust, and the evolving nature of cyber threats.

Key Discussion Points & Insights

1. Velociraptor Used as a Cyber Weapon by LockBit Crew

[03:04–07:54]

• Story: The open-source forensics tool Velociraptor was co-opted by attackers (linked to Storm 2603/LockBit) after exploiting SharePoint vulnerabilities, deploying an outdated version with a privilege escalation flaw.
• Expert Reactions:
  • Brett Conlon:
    • "Any tool that empowers defenders can also be turned against us." [04:01]
    • Stresses relentless verification of admin tools: “You can’t whitelist trust anymore.” [04:57]
    • "Our admin tools have to have behavioral monitoring and version integrity checking and then assume your playback is going to be used against you."
  • Tom Hollingsworth:
    • Illustrates the long-standing risk: “This is the age old saga... Anyone who has a VCR in their house, if you still do, knows exactly what that means.” [05:15]
    • Advocates for ‘phone-home’ controls and resilience by design—assume defensive tools could be weaponized and plan accordingly: "Just like any Final Fantasy boss, you should be immune to your attacks." [05:43]
  • Organizational Take:
    • Empower all team members to question and challenge tool access and permissions; assume tools can be used against you.

2. Leadership Instability: NSA & Cyber Command Dual-Hat Dilemma

[07:54–12:02]

• Story: Army Lt. Gen. William Hartman withdrawn from consideration to lead NSA and Cyber Command; reflects lack of desire for dual-hat arrangement.
• Expert Views:
  • Tom Hollingsworth:
    • Splitting roles is necessary due to diverging missions: "NSA is a collection agency. CISA is focused on cybersecurity. I don’t think that should be the same person." [09:00]
    • Analogizes to corporate sanity: "Imagine if your CEO...said, ‘I’m actually CEO at four other companies...’” [09:58]
  • Brett Conlon:
    • Indecision creates cyber risk: “In cyber, indecision is its own vulnerability." [10:36]
    • Leadership confusion slows decision-making and emboldens adversaries.
  • Takeaway:
    • Structural clarity is crucial—leadership ambiguity breeds organizational and technical risk.

3. Sotheby’s & F5 Breaches: When “Best Practices” Aren’t Enough

[12:02–19:27]

• Incident:
  • Sotheby’s: Breach compromised Social Security numbers and financial info, despite extensive layered security.
  • F5: Nation-state actors gained access to source code and customer data; “big IP” infrastructure affected.
• Panel Take:
  • Brett Conlon:
    • “Even mature organizations get breached. What separates us is how fast we detect, contain, and communicate.” [14:13]
    • Breaches are learning moments; resilience and communication, not perfection, are vital.
    • Positions the CISO role as crucial for organizational adaptation.
  • Tom Hollingsworth:
    • “Old school thinking; if we just build the wall high enough, the barbarians can’t climb over it.” [16:48]
    • Calls for Zero Trust, resilient design—"Assume you’re going to be breached. How do we get back up and running?" [17:52]
  • Steve (Host/Comment):
    • “Assume you’re going to get breached...keeps the defenses mentally a lot stronger.” [19:13]

4. Microsoft Revokes Certificates to Counter Ransomware Surge

[21:13–26:59]

• Details:
  • Vanilla Tempest (aka Vice Spider) used over 200 certificates to sign Resider ransomware. Microsoft’s revocation disrupted the campaign.
• Explainers:
  • Brett Conlon:
    • “Signed malware is a stealth tactic...to make their malicious code appear trustworthy.” [21:13]
    • Calls for defense in depth: don’t rely solely on cert validation.
  • Tom Hollingsworth:
    • Points to user conditioning: “We have conditioned our users to just blindly accept anything that looks green on their screen.” [22:29]
    • Raises concerns about outdated Windows systems lacking support for robust certificate controls.
  • Awareness Take:
    • Cybercriminals exploit user trust as well as technical flaws; education and layered defenses remain vital.

5. Identity Hacks Surge: Microsoft’s Digital Defense Report

[27:22–32:32]

• Findings:
  • 32% rise in identity-based breaches, with 97% linked to password attacks, usually enabled by credential leaks and poor password hygiene.
• Tom Hollingsworth:
  • "I now have enough free credit monitoring to last my grandkids through the rest of their lives." [28:38]
  • Praises passwordless and passkey adoption, noting password fatigue and the slow move away from legacy systems.
• Brett Conlon:
  • Emphasizes communication failures: “If the CISO can’t translate incidents into clear business impact, that’s the problem.” [30:43]
  • Draws analogy to teaching risk awareness to families; cybersecurity messaging must resonate personally and professionally.

Memorable Quotes & Standout Moments

• “You can’t whitelist trust anymore.”
  — Brett Conlon [04:57]
• “Just like any Final Fantasy boss, you should be immune to your attacks.”
  — Tom Hollingsworth [05:43]
• “In cyber indecision is its own vulnerability.”
  — Brett Conlon [10:36]
• “Even mature organizations get breached...What separates us is how fast we detect, contain, and communicate.”
  — Brett Conlon [14:13]
• “Old school thinking; if we just build the wall high enough, the barbarians can’t climb over it.”
  — Tom Hollingsworth [16:48]
• “Assume you’re going to get breached...keeps the defenses mentally a lot stronger.”
  — Steve/Host [19:13]
• “We have conditioned our users to just blindly accept anything that looks green on their screen.”
  — Tom Hollingsworth [22:29]
• “Cybercriminals target your trust and use it against you.”
  — Brett Conlon [26:10]
• “I now have enough free credit monitoring to last my grandkids through the rest of their lives.”
  — Tom Hollingsworth [28:38]

Timestamps for Key Segments

• [03:04] Velociraptor forensics tool exploited in ransomware attacks
• [07:54] NSA/Cyber Command leadership discussion
• [12:02] Sotheby’s/F5 breaches and the myth of perfect defense
• [14:13] Resilience & communication as breach response priorities
• [21:13] Microsoft’s certificate revocation in ransomware disruption
• [27:22] Surge in identity attacks and password fatigue

Final Thoughts

• The episode underscores a prevailing sense: cyber risk is not only technical but systemic, cultural, and communicative.
• A recurring theme: build resilience, plan for breach, and communicate impact clearly—whether to boards, clients, or employees.
• The cybersecurity landscape is evolving—tools, trust, and tactics are being weaponized; continuous adaptation is essential.
• Both guests offer praise for security awareness when it’s engaging (a shout-out to Mike Gordon, McDonald's CISO, and Hamburglar-themed campaigns), and humorously acknowledge breaches are so common, free credit monitoring is almost a birthright now.

This episode serves as both a wake-up call and a strategic guide: plan for resilience, empower your teams, and never underestimate the ingenuity of adversaries—or the importance of clear, human communication.