Risky Bulletin: Cyberattack Disrupts Bridgestone Tyre Factories Across North America

Podcast: Risky Bulletin
Host: Claire Airdrop, prepared by Catalyn Kimpanu
Date: September 5, 2025
Episode Theme:
A rapid-fire cybersecurity news briefing highlighting a major cyberattack on Bridgestone’s North American tyre factories, as well as a roundup of the week’s most significant incidents, vulnerabilities, and policy moves.

Main Theme Overview

This episode delivers a concise rundown of the latest cybersecurity developments, with a special focus on the disruption of Bridgestone's tire factories in North America due to a cyberattack. The show also examines the rising threat of info-stealing malware, widespread ransomware extortion tactics, hacks targeting critical infrastructure, payment system vulnerabilities, legal rulings impacting privacy and antitrust, and a variety of new security policies and features.

Key Discussion Points & Insights

1. Bridgestone Tyre Factory Cyberattack ([00:06])

• Incident: Factories in South Carolina and Quebec affected by a cyberattack, leading to operational disruption.
• Unknowns: No group has claimed responsibility. The type of attack (ransomware or otherwise) remains unconfirmed.

"A cyber attack is disrupting some Bridgestone tire factories in North America. Factories in South Carolina and Quebec have been affected." — Claire Airdrop [00:06]

2. Ransomware and Extortion Escalates ([00:16])

• Artists and Clients Hack: Lunar Lock group has targeted the art commissioning platform, demanding $50,000 and threatening to submit stolen artwork to AI training sets.
  • Notable Tactic: Leveraging the artists themselves against site owners.
  • "Artists and clients is LunarLoc's first known victim." [00:25]

3. Emergent Banking and Payment System Threats ([00:29])

• Brazil’s Cinqia Breach: Hackers attempted to steal $77 million after breaching an IT provider for Brazilian banks HSBC and Arta.
  • Most transfers blocked, no customer accounts compromised.

4. Corporate and Cryptocurrency Hacks ([00:41])

• Google Data Extortion: The group “Scattered Lapsus Hunters” threatens to leak stolen Google data unless Google fires two security team members and halts investigations.
• Venus Protocol: $13.5 million, stolen via phishing, reversed through governance mechanisms.

5. Certificate Authority Lapses ([01:02])

• Croatian CA Incident: Issued 12 unauthorized certificates for Cloudflare's DNS.
  • Went undetected for over a year.
  • Only Microsoft trusted the CA by default.

"A Croatian certificate Authority has issued 12 unauthorised certificates for Cloudflare's DNS service... They were not detected until this August." [01:02]

6. Geopolitical and Policy Updates ([01:15])

• Texas Anti-Influence Operations: New unit targets Chinese influence, possible criminal penalties for state employees failing to report foreign activities.
• US Cybersecurity Act Renewal: House committee approves extension of private sector liability protections for threat intelligence sharing.

7. Legal and Data Privacy Rulings ([01:37])

• EU-US Data Privacy Framework: Lawsuit aiming to annul the framework was dismissed; EU General Court found adequate safeguards for EU citizen data.
  • Plaintiffs claimed U.S. court lacked independence from DOJ.

8. Major Platform Takedowns and SEO Manipulation ([01:48])

• StreamEast Takedown: Egyptian authorities seize over 80 domains of the world’s largest illicit sports streaming service.
• Ghost Redirector SEO Fraud: Chinese group manipulates Google search results using hacked IIS servers.

9. Scanning and Reconnaissance Activity ([02:12])

• Cisco ASA Devices: Greynoise reports mass scanning using 25,000 unique IPs—potential prelude to larger exploit campaign.

10. InfoStealer Innovations and Sextortion ([02:24])

• Stellarium InfoStealer: Captures screenshots and webcam photos during adult content viewing to fuel sextortion campaigns.
  • At least two active threat actors distributing it.

"An infosteeler is taking screenshots and webcam photos when it detects users watching adult content, according to proofpoint." [02:24]

11. North Korean Espionage Tactics ([02:39])

• Contagious Interview Group: Creates accounts on cyber intelligence platforms to monitor server detection, lures victims through fake job interviews.
  • 230 victims compromised in recent campaigns.

12. State-Sponsored APTs and Infrastructure Attacks ([02:53])

• Berserk Bear: U.S. State Department offers $10 million bounty for information on FSB agents targeting US critical infrastructure.

  • Repeated exploitation of outdated Cisco routers.

• APT28 Exploits in NATO Countries: Uses the novel "Notdoor" Outlook VBA macro to monitor, steal, and execute commands based on incoming email triggers.

13. Vulnerabilities & Patch Updates ([03:18])

• Android Zero-Days: Two actively exploited elevation-of-privilege flaws patched.
• Sitecore CMS: Flaw exploited when customers used sample machine keys from documentation, enabling RCE attacks.

14. Social Media Regulation and Fines ([03:38])

• Singapore Orders Meta to Fight Scams: Facebook must actively detect impersonations or face million-dollar fines.
• France Fines Google and Shein: €325 million against Google for tracking Gmail users with ads/cookies, €150 million against Shein for similar infractions.

15. FTC vs. Disney and Children’s Data ([03:52])

• Disney fined $10 million for failing to gain parental consent and misconfiguring "Made for Kids" video settings on YouTube.

16. US Antitrust Ruling Against Google ([04:00])

• Result: Google not required to break up its search business.
  • Company must share some search index data with rivals.
  • Banned from exclusive contracts locking out competitors.
  • DOJ’s antitrust case resolved unless appealed.

17. Browser Security Improvements ([04:14])

• Chrome Cookie Protection: New cookie prefix system distinguishes server- vs. browser-set cookies, helping defend against XSS and malicious extensions.

Notable Quotes & Moments

• “A ransomware group has hacked the art commissioning website Artists and Clients and is leveraging the artist to extort the owners.” — Claire Airdrop [00:16]
• “Synkya says it blocked most of the attackers' transfers. Both banks have said no customer accounts were compromised.” [00:36]
• “An infosteeler is taking screenshots and webcam photos when it detects users watching adult content…” [02:24]
• “French privacy watchdog has fined Google €325 million for tracking Gmail users with advertising cookies.” [03:44]
• “The company will also have to share some of its separate search index data with its competition and establish a five person antitrust committee…” [04:09]

Timestamps for Important Segments

• Bridgestone Cyberattack: [00:06]
• Ransomware Extortion Tactics: [00:16]
• Brazilian Payment System Hack: [00:29]
• Google/Scattered Lapsus Data Threats: [00:41]
• Cloudflare Certificate Authority Mishap: [01:02]
• New Texas Security Unit: [01:15]
• EU-US Data Ruling: [01:37]
• Major Streaming, SEO Manipulation: [01:48]
• Wave of Reconnaissance on Cisco: [02:12]
• InfoStealer Sextortion Campaign: [02:24]
• North Korean Intelligence Activity: [02:39]
• US Bounties/APT Group Attacks: [02:53]
• Patch Updates/Exploited Flaws: [03:18]
• Regulatory Fines and Actions: [03:38]
• Disney COPPA Violation: [03:52]
• US v. Google Antitrust Outcome: [04:00]
• Chrome Cookie Security Upgrade: [04:14]

Conclusion

This Risky Bulletin episode offers an in-depth, fast-paced update on key global cybersecurity events, from high-impact corporate shutdowns to legal and regulatory milestones. It’s essential listening for anyone needing a comprehensive overview of the latest threats, vulnerabilities, and policy shifts in security, all delivered in the Risky Business team’s brisk, no-nonsense tone.