← Cybersecurity Headlines
Loading summary
Transcript4 lines
- [00:00]
A
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
B
These are the cybersecurity headlines for Tuesday, August 19, 2025. I'm Rich Stroffelino. Workday Confirms data breach over the weekend, the human resources technology giant confirmed that threat actors accessed a third party customer relationship database obtaining personal information. This database typically stores contact information, so names, emails and phone numbers were likely exposed. The company said there's no indication of access to customer tenants in the breach, but didn't entirely rule it out. No word on which third party was breached, but given the recent swath of Salesforce hosted databases targeted, it wouldn't be surprising to see another Workday added a noindex tag to its blog post disclosing the breach so it didn't surface in Search an alliance to Unify Post Quantum Cryptography late last week, IBM Consulting, Key Factor Quantinuum and Thales announced the Quantum Safe 360 Alliance alliance, which will provide enterprises with post quantum cryptography assessments and mitigations using their combined resources. This largely formalizes existing individual contractual relationships between the four companies. The new alliance released a white paper with their launch announcement detailing best practices for crypto agility, which it defined as the ability to swiftly adopt and implement quantum safe cryptographic standards that can evolve and adapt to emerging challenges. New Chinese Threat actor targeting Taiwan Researchers at Cisco Talos identified this new group, designated UAT 7237. The group successfully accessed a Taiwanese web host targeting VPN access and cloud infrastructure from its customers. This is part of a larger focus on long term access and data theft. The researchers found signs of the group being active since 2022, likely a subgroup of UAT5918 which mainly focused on espionage operations in Taiwan. This offshoot uses open source tools in its attacks, like a customized version of shellcode loader. Serial hacker sentenced to 20 months sadly, this story has nothing to do with General Mills or the RS232 standard. Rather, a 26 year old UK man received this sentence after pleading guilty to a variety of cybercrime charges. This includes hacking into over 3,000 sites, including accessing the website for the Yemen Ministry of Foreign affairs, deploying vulnerability scanners on Yemeni government sites, accessing admin pages for Israeli live news, and stealing personal data on millions of Facebook, Netflix and PayPal users. In many cases, the attacks also included defacing sites with political and religious messages. He was arrested back in 2022 based on information received from US law enforcement and pleaded guilty on March 17th. And now a huge thanks to our episode sponsor Conveyor if the thought of logging into a portal questionnaire makes you want to throw your laptop away, you're not alone. Most solutions just give you a browser extension to copy and paste answers, still leaving hours of manual work. With Conveyor, you don't have to slug through it yourself. Just open the portal and Conveyor's AI will scroll through each page, find the questions, and fill in answers for you, start to finish. Spend less time battling portals and and more time on the work that matters. Learn more@conveyor.com that's C-O-N-V-E-Y-O-R.com Bragg humbled by Cyberattack Bragg Gaming Group, a leading casino game producer, disclosed that threat actors accessed its internal environment. In its preliminary investigation, the company said it found no evidence of personal information being impacted and it didn't anticipate the attack disrupting operations, so probably not ransomware. The company said it brought in an outside cybersecurity team to respond to the incident. This marks the third cyber attack on a major casino gaming firm in the last year, with both Ainsworth Game Technology and International Game Technology attacked back in November. Grok exposes AI Persona prompts earlier this year, Xai's Grok chatbot released AI Personas, which strongly flavor interactions and information output. 404 Media reports that several researchers found the underlying prompts for these Personas exposed in the Hydration JS on the Grok web app. This gives underlying character backgrounds, likes, dislikes, quirks, tone catchphrases, and interaction instructions. A significant subset of these instructions were uploaded to github404media verified the prompts were still available online at the time of its reporting. Banking Trojan infrastructure exposed in Source Code Leak Researchers at Huntio discovered an open directory containing the source code of the V3 Ermac Android banking Trojan. This included the actual malware code as well as details on the Exfiltration, server deployment configurations and obfuscator. Ermac has been around since at least 2021, but this latest version can target sensitive information across more than 700 apps with expanded capabilities to perform form injections, mess with SMS functionality, and extract Gmail information. Using the exposed code, the researchers were able to identify C2 endpoints and other infrastructure, many of which included hard coded tokens and default root credentials. This allowed for a temporary disruption of ermac malware as a service capabilities and provides better indicators of compromise going forward. Transcribing calls with millimeter wave radar A hat tip to Bruce Schneier for pointing out this research paper presented at the 2025 ACM WISEC Conference about a technique called wireless tap to eavesdrop on calls. This uses commercially available millimeter wave radars in the 77-81 GHz range to detect vibrations from phone earpieces and convert them into audio. The effective range was up to 300 cm, although even at a more optimal 50 cm, the accuracy of the transcription from that audio was only about 59. The researchers used the project to highlight the evolving risks of artificial intelligence and sensor systems being misused as technology advances. Oracle reportedly ousts longtime Security chief Bloomberg Sources say Oracle is parting ways with its first and longtime chief security officer, Mary Ann Davidson, as part of a reorganization. She joined Oracle way back in 1988, moving from product marketing to the company's secure Systems division in 1994, three serving as CSO since at least 2003. In a June regulatory filing, Oracle said former Walmart CISO Robert Dewhart now supervises day to day cybersecurity operations. We don't usually cover staffing changes on this show, but this seemed notable given her longtime role as a CSO at a core technology company and hey, this is the CISO Series. While making informed technical decisions is key for a ciso, the biggest problem they face often aren't technical. Instead, they stem from a failure to translate conversations about risk to the rest of the business. What difference does it make for a CISO when they consider getting buy in to be their primary role in the organization? That's one of the segments we dig into on this week's episode of the CISO Series podcast. Look for the episode I just can't communicate with a business. I've tried condescension and derision wherever you get your podcasts. And if you have some thoughts about the news from today or about the show in general, reach out to us feedbackisoseries.com we'd love to hear from you. Reporting for the CISO series, I'm Rich Strofolino, reminding you to have a super sparkly day.
- [07:51]
A
Cybersecurity headlines are available every weekday. Head to CISO series.com for the full stories. Behind the headlines.
- [08:03]
B
Sam.