Live from New York City for the HNI Global Summit
In today’s pre-recorded episode, host James Azar provides key cybersecurity news and insights while visiting New York City for the HNI Global Summit. Topics include municipal court shutdowns due to a cyber incident, revelations about a massive crypto heist pinned on North Korea, high costs of ransomware for utility services in the UK, and growing tensions between the US and UK over backdoor encryption demands.
Additional stories cover legal actions against major automakers, new threat actor campaigns, malicious Visual Studio extensions, open-source security guidance, and the ongoing exploitation of Ivanti products.
Cleveland Municipal Court Remains Closed After Cyber Attack
The Cleveland Municipal Court has been shut for three consecutive days due to a cybersecurity incident. While details remain sparse, the court took precautionary measures by bringing down all internal systems to contain and remediate the breach. This event echoes a larger trend of municipal courts nationwide—like those in Maryland and Ohio—falling victim to disruptive cyber attacks.
Observers note that large cities should lean on lessons from high-profile breaches, such as Atlanta’s incident, to maintain better operational resilience.
FBI Confirms North Korea Behind Bybit’s $1.5B Crypto Hack
The FBI’s newly released alert attributes Bybit’s record-breaking $1.5 billion Ethereum theft to North Korea’s Lazarus Group. The hackers, tracked as “Trader Traitor” by some, have been implicated in multiple large-scale blockchain attacks, previously netting hundreds of millions of dollars.
Bybit’s co-founder pledged a relentless pursuit of these nation-state attackers, though experts are wary of the regime’s capacity to continue exploiting crypto platforms.
Southern Water Discloses $5.7M Cyber Attack Costs
A February 2024 ransomware attack on Southern Water, a major UK utility provider, resulted in reported recovery costs exceeding £4.5 million ($5.7M). While operational services remained largely unaffected, the Black Basta group took credit for the breach.
The utility’s financial reports highlight continued monitoring of the dark web to protect customer data. The sum spent on incident response parallels its annual environmental and pollution management budget, illustrating how severe a financial toll cyber attacks can exact.
US Intelligence Challenges UK Over Encryption Backdoors
Director of National Intelligence Tulsi Gabbard has launched a legal review following revelations that UK authorities quietly requested Apple create a backdoor to access encrypted data.
Concerns center on whether American citizens’ privacy could be compromised by foreign surveillance demands. Senators Ron Wyden and Randy Biggs urged curtailing U.S.-U.K. intelligence sharing if the request isn’t rescinded, reflecting mounting friction with Britain’s increasingly hardline approach to privacy and free speech.
Arkansas Joins GM Lawsuit Over Data Collection
Arkansas Attorney General Tim Griffin is suing General Motors for alleged unauthorized data collection and sales. The complaint accuses GM of gathering vehicle telemetry—speed, braking, and late-night driving habits—without user consent, sometimes impacting consumers’ insurance eligibility or rates.
Arkansas follows Texas in calling GM’s actions “Orwellian,” underscoring growing scrutiny of automaker telematics programs and the necessity for clear opt-in policies.
Threat Actor “EncryptHub” Targets Global Organizations
Security researchers at Prodaft warn that the Encrypt Hub group, also known as Larvae208, has compromised at least 618 organizations since June 2024. Their toolkit includes SMS phishing, fake VPN login pages, and voice phishing to install remote monitoring and management software, culminating in the deployment of information-stealing malware and sometimes ransomware.
The group appears affiliated with Ransom Hub and BlackSuit, highlighting the decentralized nature of cybercrime syndicates.
Emerging Ransomware Group “Anubis” Offers Multiple Extortion Models
Threat intelligence firm Kela has uncovered a new ransomware-as-a-service operation called Anubis. Affiliates can choose between standard ransomware attacks, data ransom services (selling already-stolen data), or monetizing network access.
The group employs double extortion and sophisticated affiliate programs, often focusing on US, European, Canadian, or Australian targets with no prior ransomware history. Anubis’s quick rise hints at the continued evolution of illicit cyber business models.
Malicious VS Code Extensions Removed by Microsoft
Microsoft pulled two popular Visual Studio Code extensions—Material Theme Free and Material Theme Icons Free—after researchers discovered malicious code. Together, these extensions had nearly 9 million downloads, prompting automatic disabling for existing users.
The incident underscores the importance of vetting third-party development tools and monitoring extension activity for suspicious behavior.
OpenSSF Launches “OSPS Baseline” for Open-Source Projects
The Linux Foundation’s Open Source Security Foundation (OpenSSF) introduced the Open Source Project Security Baseline (OSPS Baseline). This new framework provides a checklist of best practices aimed at enhancing security throughout open-source development.
It emphasizes secure configurations, artifact integrity, and consistent processes, reinforcing the broader industry push for higher standards in open-source software security.
Ivanti Vulnerabilities Still Plague Nearly 3,000 Instances
Close to 2,850 Ivanti ConnectSecure devices remain unpatched despite a zero-day disclosure and active exploitation in the wild. Cybercriminals have been quick to leverage known vulnerabilities in the remote access solution. Researchers warn that failure to patch these systems can expose entire networks to backdoors and data theft, particularly in enterprises relying heavily on Ivanti for secure connectivity.
Bullet Point Action List
Plan Offline Contingencies: Municipalities and enterprises alike should reference public post-mortems (e.g., Atlanta’s ransomware response) to build strong offline processes and backups.
Scrutinize Crypto Exchanges: Bolster security for any blockchain-related platform; nation-state attackers remain highly active in this space.
Quantify Financial Impact: Document and disclose cyber attack costs to enable better organizational and regulatory responses.
Reevaluate International Data-Sharing: Rising policy conflicts over encryption backdoors call for continual legal reviews and potential strategic shifts.
Enforce Transparent Data Policies: Automakers and insurance companies must ensure explicit user consent for data collection and usage.
Watch Out for Phishing Evolution: Stay vigilant against hybrid attacks combining SMS, voice, and web tactics to breach corporate defenses.
Examine Third-Party Tools: Vet and monitor widely used development extensions; malicious code can slip through popular repositories.
Adopt Open Source Security Standards: Align with frameworks like OSPS Baseline to uphold a minimum security threshold for project contributions.
Patch Ivanti and Other Critical Systems: Address high-severity vulnerabilities promptly to prevent remote exploits and unauthorized access.
✅ Story Links:
https://therecord.media/cyber-incident-shuts-down-cleveland-municipal-court
https://www.securityweek.com/fbi-says-north-korea-hacked-bybit-as-details-of-1-5b-heist-emerge/
https://therecord.media/odni-gabbard-uk-apple-backdoor-request-grave-concern
https://therecord.media/arkansas-sues-gm-over-data-collection-sharing
https://www.securityweek.com/new-ransomware-anubis-could-pose-major-threat-to-organizations/
https://www.securityweek.com/openssf-releases-security-baseline-for-open-source-projects/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post