In today’s cybersecurity news…
Hack of federal court filing system exploited security flaws known since 2020
Politico reports that a sweeping hack of the federal judiciary’s CM/ECF case filing system exploited basic security flaws first identified in 2020, letting suspected Russian attackers and other groups steal sealed case data, source code, and sensitive court records from at least 12 district courts. The decentralized system’s inconsistent security and slow adoption of fixes have reportedly left vulnerabilities largely unaddressed for years.
(Politico)
Pennsylvania attorney general says cyberattack knocked phone, email systems offline
A cyberattack took down the Pennsylvania attorney general’s phone, email, and website, though prosecutors continue working on cases. The cause is under investigation, and officials haven’t confirmed whether it involved recently disclosed Citrix NetScaler vulnerabilities, which security expert Kevin Beaumont previously found on the office’s network. Citrix NetScaler flaws have been exploited globally, including against the Dutch justice system and Caribbean courts.
Spike in Fortinet VPN brute-force attacks raises zero-day concerns
GreyNoise detected major brute-force spikes on Fortinet SSL VPNs on August 3, followed by FortiManager targeting on August 5, a pattern that has preceded new vulnerability disclosures in 80% of past cases. GreyNoise now says the activity, traced to a specific attacker cluster, is likely adaptive testing rather than researcher scans. GreyNoise now warns defenders to treat the spike as a potential zero-day precursor, block ten listed IPs, and harden Fortinet device access.
Alarm raised over ‘high-severity’ vulnerabilities in Matrix messaging protocol
The Matrix Foundation patched two high-severity vulnerabilities in its federated messaging protocol that could have let hostile actors seize control of sensitive chat rooms used by governments and enterprises. Discovered during joint research with Element, the flaws were fixed under an embargo and have not been exploited in the wild. One bug involves room control permissions; the other relates to predictable room IDs. The fixes require disruptive room upgrades, and organizations running Matrix need to test deployments before rollout.(The Record)
Huge thanks to our sponsor, Vanta
We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks.
But more than 9,000 companies have continuous visibility into their controls with Vanta.
Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI.
Now that’s…a new way to GRC. Get started at Vanta.com/headlines
UK expands police facial recognition rollout with 10 new vans heading to a town near you
The UK Home Office is expanding police access to live facial recognition (LFR) with ten new vans, extending the tech to seven more police regions. Officials say deployments will be intelligence-led, targeted, and compliant with College of Policing guidance. Privacy advocates warn of increased surveillance and potential rights violations. The expansion comes alongside a pending judicial review and controversy over police use of passport and immigration photo databases.
St. Paul’s mayor confirms Interlock data leak
St. Paul, Minnesota, Mayor Melvin Carter confirmed the Interlock ransomware group leaked 43GB of data from a Parks and Recreation shared drive after the city refused to pay. The files include personal and work documents but not core systems, and all city data is backed up. The July 25 attack forced a full network shutdown, disrupting online services for 307,000 residents, though emergency operations stayed up. New security measures include password resets for 2,000 employees and advanced protections on most devices, with help from the FBI and the Minnesota National Guard.
Microsoft removes PowerShell 2.0 from Windows 11, Windows Server
Microsoft will permanently remove PowerShell 2.0 from Windows this month with Windows 11 version 24H2, and from Windows Server 2025 in September, ending support for the 14-year-old tool eight years after its deprecation. Legacy scripts will default to PowerShell 5.1, but Microsoft urges users to migrate to PowerShell 5.1 or 7 to avoid disruptions, as some older applications and installers may fail without it. The move is part of reducing legacy code, simplifying Windows, and improving security.
Deepfake AI trading scams target global investors
An investigation by Group-IB show deepfake-driven scams are targeting investors worldwide. These campaigns mimic news broadcasts, publish fabricated reviews and charts, and localize content to match a user’s language and country. Victims are then funneled to sites asking for $100–$250 deposits and sensitive personal data. The scams are spread through YouTube, social media, and blogs. They appear to exclude U.S. and Israeli IPs but are linked to domains tied to other fraudulent trading schemes.