This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Christina Shannon, CIO, KIK Consumer Products
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Google acquires cybersecurity firm Wiz for $32 billion
Alphabet’s Google Cloud has acquired cloud-based cybersecurity firm Wiz for $32 billion. Wiz was founded in Israel and was valued at $16 billion in 2024 while preparing for an IPO. This more than doubles Alphabet’s acquisition of Motorola Mobility for $12.5 billion in 2012. The Financial Times’ sources say that Wiz and Alphabet have agreed to a $3.2B termination fee, which lets Wiz run like an independent company, if the deal falls through or is significantly delayed.
Bipartisan Senate bill offers improved cybersecurity for water utilities
The bill is being re-introduced by Senators Catherine Cortez Masto of Nevada and Mike Rounds of South Dakota, after previous legislation was stalled during the 118th Congress. Named the Cybersecurity for Rural Water Systems Act, bill would “update and expand the Department of Agriculture’s Circuit Rider Program, which provides technical assistance to rural water systems.” A press release announcing the bill, states that “just 20% of water and wastewater systems across the U.S. have basic cyber protections.”
23,000 repositories targeted in popular GitHub action
A supply chain attack on the widely used GitHub Action ‘tj-actions/changed-files’ compromised CI/CD secrets in build logs for over 23,000 repositories. Attackers hijacked a GitHub personal access token (PAT) to inject malicious code that exposed secrets in publicly accessible workflow logs, though there’s no evidence the data was exfiltrated. GitHub removed and restored the repository on March 15 after eliminating the malicious commit, but the incident raised concerns about broader supply chain risks for open-source projects. Users are recommended to rotate secrets during the attack’s time frame, review workflows, and ensure projects use a secure, tagged version of the action.
(Bleeping Computer), (The Register), (The Register)
Supply chain hack hits 100+ auto dealerships
Over 100 car dealership websites were compromised by a supply chain attack, where hackers injected malicious ClickFix code through the LES Automotive video service. The attack tricked visitors into copying and executing a malicious command, ultimately infecting them with the SectopRAT remote access trojan via PowerShell. Researchers warn that ClickFix, a growing social engineering tactic, has been used for years but there has been a surge in the technique over the past several months.
Huge thanks to our sponsor, DeleteMe
DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.
With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety.
Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.
Stalkerware company SpyX suffers data breach
SpyX is a consumer-grade spyware operation, described as “mobile monitoring software for Android and Apple devices, ostensibly for granting parental control of a child’s phone.” It suffered a data breach in June 2024, but according to TechCrunch, “it had not been previously reported, and there is no indication that SpyX’s operators ever notified its customers or those targeted by the spyware.” The breach has revealed that SpyX and two other related mobile apps – clones of SpyX had records on almost two million people at the time of the breach, including thousands of Apple users.”
Swiss telecom Ascom the latest victim of HellCat’s Jira campaign
Representatives from the global telecommunications provider headquartered in Switzerland have confirmed a cyberattack on its IT infrastructure, in which its technical ticketing system was breached. This appears to be the work of a hacker group named Hellcat which is busy targeting Jira servers worldwide using compromised credentials. A member of the hacking group allegedly told BleepingComputer that the Ascom attack resulted in theft of source code for multiple products, details about various projects, invoices, confidential documents, and issues from the ticketing system. The vector for the attack was their Jira ticketing system which has become a common attack method for the HellCat hackers. Other companies that have suffered similar Jira-based attacks of late include Schneider Electric, Spanish telecom group Telefónica, and French telecom company Orange Group, and British multinational car maker Jaguar Land Rover.