Good Morning Security Gang!
Welcome to your comprehensive breakdown of the latest cybersecurity developments from the Cyber Hub podcast, hosted by CISO James Azar from the teammates village. This packed episode covers major incidents from insurance sector breaches to international scam takedowns, critical vulnerability patches, and emerging attack vectors that are reshaping the threat landscape.
Cyber Hub Podcast Summary - January 12, 2025
Executive Summary
The cybersecurity landscape continues to evolve with significant developments across multiple fronts. This week's episode highlights a major insurance company breach affecting millions of customers, international law enforcement success against cybercriminal operations, critical infrastructure vulnerabilities, and emerging attack techniques using everyday devices. The episode also addresses concerning regulatory developments in the UK regarding free speech and encryption, alongside major industry acquisitions and funding rounds.
Erie Insurance Cyber Attack Disrupts Operations
Erie Insurance and Erie Indemnity Companies disclosed a weekend cyber attack that caused significant business disruption and platform outages. The property and casualty insurer, which serves six million active policies, began experiencing outages on Saturday, June 7th. Customers reported being unable to access the customer portal, file claims, or receive essential paperwork from the company.
The company filed an 8-K with the SEC regarding the detection of unusual network activity and is working with law enforcement on forensic analysis. The full material impact remains unknown. Customers needing to initiate claims can still call 800-367-3743, while customer care remains available at 1-800-458-0811. This incident highlights the vulnerability of insurance companies and the critical need for robust cybersecurity measures in financial services.
International Law Enforcement Deals Major Blow to Scam Operations
A coordinated international operation led by Singapore police has delivered a significant blow to cybercriminal operations across Southeast Asia. Seven law enforcement agencies worked together to shut down dozens of scam call centers and arrest over 1,800 individuals involved in fraudulent activities.
The month-long operation in April and May investigated 33,900 suspects believed to be involved in at least 9,200 scam cases. These ranged from fraudulent investment schemes and dating app scams to government impersonations and job website fraud. Officials believe victims lost approximately $225 million, with authorities freezing around $20 million and seizing significant assets.
Singapore alone arrested 106 people responsible for 1,300 scams that netted $30 million, with police able to recover nearly $8 million from 714 bank accounts. The operation involved at least ten countries including Australia, Canada, and Indonesia, demonstrating the transnational nature of modern cybercrime and the necessity of international cooperation in combating these threats.
Critical Vulnerabilities Patched in Fortinet and Avanti Products
Fortinet and Avanti have released fixes for over a dozen vulnerabilities across their product portfolios, including multiple high-severity flaws. Key vulnerabilities include CVE-2025-5355, CVE-2025-22463, and CVE-2025-22455 in Avanti's Workspace Control Update version 10.19.0.0 and prior, which could allow authenticated attackers to decrypt stored SQL credentials and environment passwords.
Fortinet released fourteen patches addressing one high and thirteen medium-severity vulnerabilities. The most critical is CVE-2025-31104, an OS command injection bug in FortiADC that could allow authenticated attackers to execute arbitrary code using crafted HTTP requests. These vulnerabilities underscore the importance of maintaining up-to-date security patches across all network infrastructure components.
Former Black Basta Members Adapt Attack Techniques
Former members of the Black Basta ransomware operation have continued their activities despite the group's decline following public leaks of internal chat logs. These threat actors are sticking to proven techniques including email bombing and Microsoft Teams phishing to establish persistent access to target networks.
The attackers have introduced Python script execution alongside traditional techniques, using curl requests to fetch and deploy malicious payloads. Recent targets include customers in finance, insurance, and construction sectors, with attackers masquerading as help desk personnel through Teams messaging. This highlights the need for organizations to reconsider their internal communication security protocols and implement stronger verification processes for IT support interactions.
Apache Tomcat Under Coordinated Brute Force Attack
Threat intelligence firm GreyNoise has identified a coordinated brute force campaign targeting Apache Tomcat manager interfaces. The surge in attacks began on June 5th, with 295 unique IP addresses engaged in malicious brute force attempts against Tomcat managers.
The majority of the 188 unique IPs conducting these attacks are located in the US, UK, Germany, Netherlands, and Singapore. An additional 298 unique IPs were observed conducting login attempts, with 246 IP addresses flagged in the last 24 hours all categorized as malicious. Organizations are advised to change default credentials, disable unnecessary remote access, implement firewall restrictions, and maintain current firmware updates.
SmartWatch Covert Data Exfiltration Attack Revealed
Israeli researchers led by Mordechai Guri have developed a sophisticated attack called "Smart Attack" that uses smartwatches as covert ultrasonic signal receivers to exfiltrate data from air-gapped systems. This method targets highly secure environments like energy facilities, government installations, and nuclear power plants.
The attack requires malware to first infect an air-gapped computer to gather sensitive information such as keystrokes, encryption keys, and credentials. The malware then uses the computer's speakers to emit ultrasonic signals using binary frequency shift keying (BFSK), with 18.5 kHz representing zero and 19.5 kHz representing one. These frequencies are inaudible to humans but can be detected by smartwatch microphones, with data ultimately exfiltrated via Wi-Fi, Bluetooth, or cellular connectivity.
UK Regulatory Actions Raise Free Speech Concerns
The UK's communications regulator Ofcom has announced investigations into several platforms, including 4chan, for hosting illegal content and failing to verify user ages under the country's Online Safety Act. The regulator claims to have received complaints about illegal content while site administrators have failed to respond to information requests.
Simultaneously, WhatsApp is joining Apple's encryption fight against the UK government, which has demanded access to encrypted messages and iCloud content to comply with legal warrants. Following an April judgment by the Investigatory Powers Tribunal, both companies are challenging secret legal orders that would compromise user privacy globally. WhatsApp's Will Cathcart stated the company is intervening to protect privacy rights worldwide.
Industry Consolidation and Major Funding Rounds
SecureOnyx announced the acquisition of ThreatQuotient to enhance their all-in-one security operations platform. ThreatQuotient, a late-stage Virginia startup behind the ThreatQ threat intelligence platform, had raised $90 million across eight rounds since 2013.
In major funding news, Cyera raised a Series E round of $540 million, bringing their total funding to $1.3 billion and valuing the company at $6 billion. The round was backed by major investors including Lightspeed Venture Partners, Sequoia, and Spark Capital, demonstrating continued strong investor confidence in cybersecurity solutions.
Action Items for Security Teams
• Immediate Patch Management: Update Fortinet and Avanti products to address critical vulnerabilities, particularly CVE-2025-31104 in FortiADC systems
• Apache Tomcat Security Review: Implement strong authentication, disable unnecessary remote access, and monitor for brute force attempts against Tomcat manager interfaces
• Internal Communication Security: Review Microsoft Teams security policies and implement additional verification processes for help desk interactions
• Air-Gapped Environment Assessment: Consider ultrasonic jamming solutions for highly sensitive environments and review policies regarding personal devices like smartwatches
• Insurance Coverage Review: Evaluate cyber insurance policies and incident response procedures following the Erie Insurance breach
• International Threat Intelligence: Monitor for indicators of compromise from dismantled scam operations and adjust security controls accordingly
• Regulatory Compliance Preparation: Stay informed about evolving privacy regulations and encryption requirements in your operating jurisdictions
• Vendor Risk Assessment: Review security postures of third-party providers and ensure they maintain adequate cybersecurity measures
✅ Story Links:
https://therecord.media/asia-scam-center-takedowns-singapore-police
https://www.securityweek.com/fortinet-ivanti-patch-high-severity-vulnerabilities
https://thehackernews.com/2025/06/former-black-basta-members-use.html
https://thehackernews.com/2025/06/295-malicious-ips-launch-coordinated.html
https://therecord.media/4chan-investigation-uk-ofcom-regulator
https://therecord.media/whatsapp-uk-encryption-fight-apple
https://www.securityweek.com/securonix-acquires-threat-intelligence-firm-threatquotient/
https://www.securityweek.com/cyera-raises-540-million-to-expand-ai-powered-data-security-platform/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post