This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest TC Niedzialkowski, former CISO
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Chinese hackers breach more U.S. telecoms via unpatched Cisco routers
According to Recorded Future’s Insikt Group, hackers from China’s Salt Typhoon group continue to target telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. In this campaign they are exploiting a privilege escalation vulnerability and a Web UI command injection vulnerability. This has already resulted in network breaches at multiple telecommunications providers, in the U.S. South Africa, Italy and Thailand. The vulnerabilities have CVE numbers, viewable in the show notes. This is not the same exploit as was reported a month ago, which involved end-of-life Cisco routers and a different Chinese threat group, Volt Typhoon. CVE-2023-20198 and CVE-2023-20273
Chase to block Zelle payments to sellers on social media
JPMorgan Chase Bank (Chase) says that, starting March 23, it will begin delaying, declining, or blocking Zelle payments to social media contacts. Zelle is a popular digital payment network that integrates with mobile apps of many U.S. banks. Chase updated its user policy, saying Zelle should not be used to buy goods from retailers or merchants, “including on or through social media or social media marketplaces or messaging apps.” Nearly 50% of all Zelle or wire transfer scams reported by Chase customers between June and December 2024 originated on social media. Chase’s policy change also comes on the heels of a lawsuit brought by the U.S. Consumer Financial Protection Bureau (CFPB) against Zelle’s operator and three of its owner banks (Bank of America, JPMorgan Chase, and Wells Fargo) in December, for rushing the service to market without adequate consumer safeguards.
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M
Health Net Federal Services (HNFS) is an organization that provides healthcare services to military personnel. Along with its parent company Centene Corporation, it will pay just over $11 million to settle claims that HNFS “falsely certified compliance with certain infosec requirements in a contract with the Department of Defense a decade ago.” Neither organization will be admitting guilt or liability.”
Huge thanks to our sponsor, Scrut Automation
South Korea removes Deepseek from app stores
South Korea’s Personal Information Protection Commission announced that the DeepSeek app has been pulled from the Apple App Store and Google Play as of Saturday night. The move follows several South Korean government agencies banning employees from downloading the chatbot as well as numerous reports highlighting security and privacy weaknesses with DeepSeek’s platform. Taiwan and Australia have also banned DeepSeek from all government devices. South Korea’s data protection watchdog said the AI model will become available when “improvements and remedies” are made to ensure it complies with the country’s personal data protection laws. Despite the suspension of new downloads, people who already have DeepSeek on their phones will be able to continue using it or they can access it via DeepSeek’s website.
(BBC)
Palo Alto firewalls under attack through chained flaws
According to The Register, “a flaw patched last week by Palo Alto Networks is now under active attack and, when chained with two older vulnerabilities, allows attackers to gain root access to affected systems.” This is in relation to a 6.9-rated privilege escalation vulnerability in its PAN-OS software that gives access to to the management web interface to anyone with administrator account. This would allow actions on the firewall operating system with root privileges. The company patched this issue in November 2024, but a dark web intelligence services vendor, the Searchlight Cyber’s Assetnote team, found a separate authentication bypass. Palo Alto fixed that problem last week and rated it as a highest urgency patch.
Russian hackers tap into Signal conversations
Russian state-backed hackers are exploiting Signal’s “linked devices” feature to hijack accounts by tricking targets—often Ukrainian military personnel—into scanning malicious QR codes. Once linked, attackers can intercept messages in real time without fully compromising the victim’s device. Google researchers identified multiple threat groups using this technique, with some embedding QR codes in phishing pages disguised as military applications or security alerts. Signal has rolled out security updates to counter these threats but urging users to take extra precautions when scanning QR codes.