Summary5 min read

Risky Bulletin: Cyberattack Disrupts Bridgestone Tyre Factories Across North America

Podcast: Risky Bulletin
Host: Claire Airdrop, prepared by Catalyn Kimpanu
Date: September 5, 2025
Episode Theme:
A rapid-fire cybersecurity news briefing highlighting a major cyberattack on Bridgestone’s North American tyre factories, as well as a roundup of the week’s most significant incidents, vulnerabilities, and policy moves.

Main Theme Overview

This episode delivers a concise rundown of the latest cybersecurity developments, with a special focus on the disruption of Bridgestone's tire factories in North America due to a cyberattack. The show also examines the rising threat of info-stealing malware, widespread ransomware extortion tactics, hacks targeting critical infrastructure, payment system vulnerabilities, legal rulings impacting privacy and antitrust, and a variety of new security policies and features.

Key Discussion Points & Insights

1. Bridgestone Tyre Factory Cyberattack ([00:06])

Incident: Factories in South Carolina and Quebec affected by a cyberattack, leading to operational disruption.
Unknowns: No group has claimed responsibility. The type of attack (ransomware or otherwise) remains unconfirmed.

"A cyber attack is disrupting some Bridgestone tire factories in North America. Factories in South Carolina and Quebec have been affected." — Claire Airdrop [00:06]

2. Ransomware and Extortion Escalates ([00:16])

Artists and Clients Hack: Lunar Lock group has targeted the art commissioning platform, demanding $50,000 and threatening to submit stolen artwork to AI training sets.
- Notable Tactic: Leveraging the artists themselves against site owners.
- "Artists and clients is LunarLoc's first known victim." [00:25]

3. Emergent Banking and Payment System Threats ([00:29])

Brazil’s Cinqia Breach: Hackers attempted to steal $77 million after breaching an IT provider for Brazilian banks HSBC and Arta.
- Most transfers blocked, no customer accounts compromised.

4. Corporate and Cryptocurrency Hacks ([00:41])

Google Data Extortion: The group “Scattered Lapsus Hunters” threatens to leak stolen Google data unless Google fires two security team members and halts investigations.
Venus Protocol: $13.5 million, stolen via phishing, reversed through governance mechanisms.

5. Certificate Authority Lapses ([01:02])

Croatian CA Incident: Issued 12 unauthorized certificates for Cloudflare's DNS.
- Went undetected for over a year.
- Only Microsoft trusted the CA by default.

"A Croatian certificate Authority has issued 12 unauthorised certificates for Cloudflare's DNS service... They were not detected until this August." [01:02]

6. Geopolitical and Policy Updates ([01:15])

Texas Anti-Influence Operations: New unit targets Chinese influence, possible criminal penalties for state employees failing to report foreign activities.
US Cybersecurity Act Renewal: House committee approves extension of private sector liability protections for threat intelligence sharing.

7. Legal and Data Privacy Rulings ([01:37])

EU-US Data Privacy Framework: Lawsuit aiming to annul the framework was dismissed; EU General Court found adequate safeguards for EU citizen data.
- Plaintiffs claimed U.S. court lacked independence from DOJ.

8. Major Platform Takedowns and SEO Manipulation ([01:48])

StreamEast Takedown: Egyptian authorities seize over 80 domains of the world’s largest illicit sports streaming service.
Ghost Redirector SEO Fraud: Chinese group manipulates Google search results using hacked IIS servers.

9. Scanning and Reconnaissance Activity ([02:12])

Cisco ASA Devices: Greynoise reports mass scanning using 25,000 unique IPs—potential prelude to larger exploit campaign.

10. InfoStealer Innovations and Sextortion ([02:24])

Stellarium InfoStealer: Captures screenshots and webcam photos during adult content viewing to fuel sextortion campaigns.
- At least two active threat actors distributing it.

"An infosteeler is taking screenshots and webcam photos when it detects users watching adult content, according to proofpoint." [02:24]

11. North Korean Espionage Tactics ([02:39])

Contagious Interview Group: Creates accounts on cyber intelligence platforms to monitor server detection, lures victims through fake job interviews.
- 230 victims compromised in recent campaigns.

12. State-Sponsored APTs and Infrastructure Attacks ([02:53])

Berserk Bear: U.S. State Department offers $10 million bounty for information on FSB agents targeting US critical infrastructure.
- Repeated exploitation of outdated Cisco routers.
APT28 Exploits in NATO Countries: Uses the novel "Notdoor" Outlook VBA macro to monitor, steal, and execute commands based on incoming email triggers.

13. Vulnerabilities & Patch Updates ([03:18])

Android Zero-Days: Two actively exploited elevation-of-privilege flaws patched.
Sitecore CMS: Flaw exploited when customers used sample machine keys from documentation, enabling RCE attacks.

14. Social Media Regulation and Fines ([03:38])

Singapore Orders Meta to Fight Scams: Facebook must actively detect impersonations or face million-dollar fines.
France Fines Google and Shein: €325 million against Google for tracking Gmail users with ads/cookies, €150 million against Shein for similar infractions.

15. FTC vs. Disney and Children’s Data ([03:52])

Disney fined $10 million for failing to gain parental consent and misconfiguring "Made for Kids" video settings on YouTube.

16. US Antitrust Ruling Against Google ([04:00])

Result: Google not required to break up its search business.
- Company must share some search index data with rivals.
- Banned from exclusive contracts locking out competitors.
- DOJ’s antitrust case resolved unless appealed.

17. Browser Security Improvements ([04:14])

Chrome Cookie Protection: New cookie prefix system distinguishes server- vs. browser-set cookies, helping defend against XSS and malicious extensions.

Notable Quotes & Moments

“A ransomware group has hacked the art commissioning website Artists and Clients and is leveraging the artist to extort the owners.” — Claire Airdrop [00:16]
“Synkya says it blocked most of the attackers' transfers. Both banks have said no customer accounts were compromised.” [00:36]
“An infosteeler is taking screenshots and webcam photos when it detects users watching adult content…” [02:24]
“French privacy watchdog has fined Google €325 million for tracking Gmail users with advertising cookies.” [03:44]
“The company will also have to share some of its separate search index data with its competition and establish a five person antitrust committee…” [04:09]

Timestamps for Important Segments

Bridgestone Cyberattack: [00:06]
Ransomware Extortion Tactics: [00:16]
Brazilian Payment System Hack: [00:29]
Google/Scattered Lapsus Data Threats: [00:41]
Cloudflare Certificate Authority Mishap: [01:02]
New Texas Security Unit: [01:15]
EU-US Data Ruling: [01:37]
Major Streaming, SEO Manipulation: [01:48]
Wave of Reconnaissance on Cisco: [02:12]
InfoStealer Sextortion Campaign: [02:24]
North Korean Intelligence Activity: [02:39]
US Bounties/APT Group Attacks: [02:53]
Patch Updates/Exploited Flaws: [03:18]
Regulatory Fines and Actions: [03:38]
Disney COPPA Violation: [03:52]
US v. Google Antitrust Outcome: [04:00]
Chrome Cookie Security Upgrade: [04:14]

Conclusion

This Risky Bulletin episode offers an in-depth, fast-paced update on key global cybersecurity events, from high-impact corporate shutdowns to legal and regulatory milestones. It’s essential listening for anyone needing a comprehensive overview of the latest threats, vulnerabilities, and policy shifts in security, all delivered in the Risky Business team’s brisk, no-nonsense tone.

Loading summary

Transcript1 lines

[00:04]
A
A cyber attack disrupts Bridgestone tire factories in North America A new info stealer takes your photo while you watch porn. Bad certificates for Cloudflare infrastructure went undetected for more than a year and Brazil deals with another payment system hack this is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire Airdrop. Today is the 5th of September and this podcast episode is brought to you by Push Security. A cyber attack is disrupting some Bridgestone tire factories in North America. Factories in South Carolina and Quebec have been affected. No group has taken credit for the intrusion yet, and it's unclear if the attack was ransomware. In other news, A ransomware group has hacked the art commissioning website Artists and Clients and is leveraging the artist to extort the owners. The Lunar Lock group has demanded the owners of the site pay a $50,000 ransom. It's threatened to submit the stolen artwork to AI data training sets. Artists and clients is LunarLoc's first known victim hackers have attempted to steal more than $77 million after breaching an IT provider for Brazilian banks. The hack targeted Cinqia, a provider of software that integrates with the country's Pix payment system. The attempted thefts targeted funds owned by the banks HSBC and Arta. Synkya says it blocked most of the attackers transfers. Both banks have said no customer accounts were compromised. Hackers are threatening to release stolen Google data unless the company fires two members of its security team. The group, calling itself Scattered Lapsus Hunters or also demanded that Google stop any investigations into its activity. The group is believed to be behind a hack of Google's Salesforce account last month. The Venus Protocol cryptocurrency project has recovered $13.5 million that was stolen from a user. The funds were taken on Tuesday after a phishing attack. The project used its governance powers to reverse the theft and restore the funds to the owner. A Croatian certificate Authority has issued 12 unauthorised certificates for Cloudflare's DNS service 1.1.11 fina. RDC issued the certificates in February last year. They were not detected until this August. Cloudflare confirmed the incident and apologised for not spotting the certificates earlier. Microsoft was the only major browser provider that trusted the ca. Texas has established a unit to counter Chinese influence operations in the state. The Hostile Foreign Adversaries unit will be part of the Texas Department of Public Safety. The unit's been established under a new state law. The legislation will also seek criminal penalties for state employees who fail to report foreign influence activity the House Homeland Security Committee has approved a measure to renew the Cybersecurity and Information Sharing Act. Both the House and Senate need to approve the measure for the act to be reauthorised. The law the law provides liability protections for the private sector to share threat intel with the government. It was adopted in 2015 and will expire at the end of September unless it's reauthorised. A lawsuit seeking to annul the EU and US Data privacy framework has been dismissed. The EU General Court ruled that the treaty adequately safeguards the personal data of EU citizens. Plaintiffs argued that the U.S. data Protection Review Court was not sufficiently independent of the US Department of Justice. Egyptian authorities have taken down StreamEast, the world's largest illicit sports streaming service. More than 80 domains were seized and two administrators were arrested last week. The takedown followed a complaint from a coalition of 50 media companies known as the alliance for Creativity and Entertainment. A Chinese group is using hacked IIS servers to manipulate Google search results. The Ghost Redirector gang provides search engine optimisation fraud, according to eset. The group has hacked dozens of servers to modify responses to googlebot search crawlers. Greynoise has observed waves of scanning for Cisco ASA devices. The attackers used as many as 25,000 unique IPs to find Internet exposed devices in late August. The attacks appeared to be the same campaign spotted by nadsec last week. Greynoise believes this may be a reconnaissance campaign ahead of a future exploit. An infosteeler is taking screenshots and webcam photos when it detects users watching adult content, according according to proofpoint. The collected data will likely be used in future sextortion campaigns. The Stellarium infostealer is currently distributed in the wild by at least two threat actors. It's based on an open source project available on GitHub. North Korean hackers are registering accounts on Cyber intel platforms to monitor when their servers get detected. SentinelOne has spotted accounts on platforms including Valadin, VirusTotal and Maltrail. The hackers are associated with a group known as Contagious Interview. The group uses job interviews to lure victims into infecting themselves with malware. Sentinel 1 says the group compromised 230 individuals earlier this year. The U.S. state Department is offering a $10 million reward for information on three FSB agents who are part of the berserk Bear Apt. The three were charged by the DOJ in March 2022 for a hacking campaign that targeted critical infrastructure. In a security advisory last, the FBI said the group continued to target old and unpatched Cisco routers. The Russian cyber espionage group APT28 has compromised multiple businesses in NATO countries. Victims were infected with a novel backdoor named Notdoor. The malware is a VBA macro for Microsoft Outlook that monitors incoming emails for trigger words. Based on the triggers, Notdoor can steal emails and files and execute commands. Google has patched 2 actively exploited 0 days in Android patches were released in the September security update on Monday. Both flaws are elevation of privilege bugs. One is in the Linux kernel and the second in the Android runtime. The sitecore CMS has patched an actively exploited flaw. The exploitation was spotted by Google's Mandiant team. The issue impacts sitecore customers who copied and pasted example machine keys from the official documentation instead of generating new ones. Attackers are using the default machine keys to perform deserialisation and RCE attacks on vulnerable sites. Singapore police have ordered Meta to implement anti scam measures on Facebook. Meta will have to detect ads, accounts and business pages impersonating government officials. A third of all reported scams in Singapore last year were on Facebook. Authorities can fine meta 1 million Singaporean dollars if it fails to comply. Meantime, the French privacy watchdog has fined Google 325 million euros for tracking Gmail users with advertising cookies. Kinneil says Google failed to obtain user consent before inserting ads and tracking cookies in Gmail inboxes. Chinese e commerce giant Shein was also fined 150 million euros for a similar infraction. Disney has settled with the FTC over collecting the personal data of children watching its YouTube videos. The company will pay $10 million for failing to obtain parental consent. Disney failed to tag its videos as Made for Kids, which is a YouTube setting that tells the platform not to collect certain data. A US Court has ruled that Google will not be required to break up its search business or divest itself of Android or Chrome. Google will be barred from using exclusive contracts that lock out rivals. The company will also have to share some of its separate search index data with its competition and establish a five person antitrust committee to monitor its business practices. The ruling ends the DOJ's antitrust case against Google's search monopoly, barring any appeals. And finally, Google has released a new security feature designed to protect cookies in Chrome. Chrome now supports new cookie prefixes to distinguish between cookies set by the server and those modified in the browser. The new system can help server operators detect attacks using cookies set on the client by cross site scripting or malicious extensions. And that is all for this podcast edition. Today's show is brought to you by our sponsor, Push Security. Find them@PushSecurity.com thanks for your company.