Good Morning Security Gang,

CyberHub Podcast Summary – Tuesday, May 27, 2025

🎖 Memorial Day Reflections

James Azar opened the show with a respectful note on Memorial Day, highlighting the ongoing grief carried by the families of fallen service members. He emphasized that while we honor their sacrifice on this day, their loss is carried every single day, reminding listeners to appreciate the cost of freedom and the importance of service.

🇺🇸 FBI: Law Firms Targeted by Silent Ransom Group (SRG)

The FBI issued a warning that law firms are being targeted by the Silent Ransom Group (a.k.a. Chaty Spider) through callback phishing and spoofed IT support calls. The group’s new tactic—posing as internal IT and requesting remote sessions—allows them to exfiltrate data under the guise of overnight maintenance.

Defensive Tips:

• Require identity verification for remote support calls.

• Use internal communication tools to validate IT support identities.

• Monitor for unauthorized RDP activity and block suspicious remote access.

👟 Adidas Hit by Third-Party Data Breach

Adidas disclosed a data breach caused by a third-party customer service provider. While the company did not name the vendor or specify all affected data, similar incidents in Turkey and South Korea exposed names, emails, phone numbers, and addresses. The breach highlights the persistent risk of vendor supply chain compromise.

💸 Nova Scotia Power Fallout: Customer Loses $30,000

A Nova Scotia couple believes their $30,000 bank theft is linked to the recent breach of Nova Scotia Power. Attackers accessed personal data sufficient to impersonate the victim in a call to Manulife, facilitating a fraudulent transfer. While hard to prove conclusively, the case raises alarms around data retention and lack of segmentation in utility company systems.

☎️ 3AM Ransomware Group Using Voice Phishing and Email Bombing

The 3AM ransomware gang is using phone-based phishing and email flooding to target employees. One campaign used Microsoft Quick Assist to gain remote access and deploy a Q-Door backdoor using virtual machines to evade detection. The attack relied heavily on trust and voice impersonation—tactics that are resurging due to high effectiveness.

🇷🇺 Russian Espionage Campaigns Surge

👤 Laundry Bear Behind Dutch Police Breach

A new APT group dubbed “Laundry Bear” (Void Blizzard) is linked to a 2024 breach of the Dutch Police and other national institutions. Attackers accessed global address lists using hijacked credentials and collected officer contact info—raising fears of deeper state surveillance.

☁️ Void Blizzard’s Global Cloud Abuse Campaign

Microsoft linked Void Blizzard to credential-stuffing and espionage operations targeting NATO members, Ukraine, and NGOs through stolen cloud credentials. Their goal is long-term data collection to benefit Russian strategic interests.

🚂 Killnet Claims Ukrainian Railway Attack

The pro-Kremlin Killnet group has reemerged, claiming responsibility for hacking Ukraine’s train tracking system. Their alleged data leak helped Russia destroy radar sites, though independent validation is still pending. Experts suspect the group’s return is tied to geopolitical leverage tactics during ceasefire talks.

☁️ CISA Warns of Commvault Azure Breach

CISA and Microsoft revealed that a subset of Commvault’s Azure-hosted applications were compromised by an unnamed nation-state actor. The attack leveraged weak cloud configurations and default permissions, affecting clients using Commvault's backup SaaS solutions for Microsoft 365. CISA is warning that similar campaigns may be targeting other SaaS vendors and their customers.

💼 Check Point Acquires Preemptive Exposure Firm

Check Point Software announced its acquisition of Perimeter 81 (Verti Cyber Security), bolstering its exposure management and preemptive threat detection capabilities. The move aligns with Check Point’s “prevention-first” approach in the era of AI-driven threats, signaling continued consolidation among cybersecurity vendors.

✅ Action List for Cybersecurity Leaders

• 🛑 Train employees to verify IT support calls using secure internal channels.

• 🧩 Conduct an audit of third-party vendors with customer data access.

• 🧮 Ensure financial and personal data is properly segmented and stored.

• 🔍 Implement strict remote access controls and restrict Quick Assist use.

• 🚨 Monitor for signs of credential stuffing and cloud abuse, especially in Azure environments.

• 🧱 Strengthen endpoint detection against virtual machine-based evasion techniques.

• ⚠️ Review SaaS configurations and eliminate overly permissive default settings.

• 🔄 Stay updated on ransomware group TTPs, especially those involving hybrid phishing techniques.

The cybersecurity battlefield is intensifying as ransomware groups shift tactics and nation-state actors exploit cloud systems and vendor weaknesses. From law firms to critical infrastructure and open-source libraries, no sector is immune.

Until next time, stay alert, stay prepared—and most importantly, stay cyber safe.

✅ Story Links:

https://www.securityweek.com/law-firms-warned-of-silent-ransom-group-attacks/

https://www.bleepingcomputer.com/news/security/adidas-warns-of-data-breach-after-customer-service-provider-hack/

https://www.ctvnews.ca/atlantic/nova-scotia/article/ns-couple-loses-30k-believes-its-due-to-power-utilitys-cybersecurity-breach/

https://www.bleepingcomputer.com/news/security/3am-ransomware-uses-spoofed-it-calls-email-bombing-to-breach-networks/

https://www.bleepingcomputer.com/news/security/russian-void-blizzard-cyberspies-linked-to-dutch-police-breach/

https://therecord.media/russian-hacker-group-killnet-returns-with-new-identity

https://thehackernews.com/2025/05/russian-hackers-breach-20-ngos-using.html

https://therecord.media/commvault-clients-cloud-applications-cyberthreat-cisa-alert

https://www.investing.com/news/company-news/check-point-acquires-veriti-cybersecurity-to-bolster-defense-93CH-4064858

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.