Information Security News – 6/16/2025

Grocery Wholesale Giant United Natural Foods Hit by Cyberattack

Article Link: https://www.bleepingcomputer.com/news/security/grocery-wholesale-giant-united-natural-foods-hit-by-cyberattack/

• Grocery wholesaler UNFI, North America’s largest publicly traded distributor, shut down some systems after a cyberattack hit its network, knocking out its ability to fulfill customer orders.
• Mystery surrounds the details, as UNFI hasn’t said how the hackers got in or if any data was stolen, and so far no ransomware group has claimed responsibility.
• With 53 distribution centers serving over 30,000 stores, UNFI’s downtime disrupted grocery deliveries across the U.S. and Canada and even led to canceled warehouse shifts. It’s now the latest food supplier caught in hackers’ crosshairs, following a March breach at Sam’s Club and JBS Foods’ $11 million ransomware ordeal in 2021.
• UNFI activated its incident response plan and pulled systems offline to contain the damage, while bringing in law enforcement and outside experts to investigate. Temporary workarounds are in place to keep supplies moving as teams work to safely restore systems and resume normal operations.

The Worsening Landscape of Educational Cybersecurity

Article Link: https://blog.knowbe4.com/the-worsening-landscape-of-educational-cybersecurity

• KnowBe4’s analysis of the latest UK government’s Cyber Security Breaches Survey 2025: Education Institutions Findings reveal a sharp rise in digital attacks across schools and universities, exposing widespread vulnerabilities and operational strain.
• Hackers prey on education’s weak spots, including open networks, lean defenses, and troves of data, using targeted email scams, impersonation schemes, malware, and denial-of-service attacks to breach.
• Universities are nearly twice as likely to be struck as the average business, and the consequences are severe, with classes disrupted, budgets drained, and reputations tarnished.
• In its coverage of the report, KnowBe4 frames the findings as a directive for institutions to strengthen threat detection, prioritize staff training, conduct phishing simulations, and involve executive leadership in risk oversight.
• Survey: https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024-education-institutions-annex

Gov. Abbott Signs Texas Cyber Command into Law in San Antonio

Article Link: https://www.hstoday.us/subject-matter-areas/cybersecurity/governor-abbott-signs-texas-cyber-command-into-law-in-san-antonio/

• Governor Abbott signs House Bill 150 in San Antonio, launching the Texas Cyber Command, now the largest state-run digital defense force in the U.S.
• The move responds to nonstop attacks from foreign adversaries, with thousands of hacking attempts hitting Texas systems every second.
• Based in San Antonio, the command taps local talent and teams up with the Air Force, FBI, NSA, and others to protect state networks.
• Backed by $135 million, the bill’s objectives will track threats, patch weak points, train responders, and coordinate fast action across agencies.

NIST Updated Incident Response Guide: The Back Story

Article Link: https://securityboulevard.com/2025/06/nist-launches-updated-incident-response-guide/

• NIST has released an updated draft of its incident response guide, Special Publication 800-61 Revision 3, bringing a fresh playbook to tackle modern cyber-attacks.
• The purpose of the revision is to simplify complex procedures, align with today’s threats, and remove outdated practices like blind reliance on perimeter security.
• This matters because breaches are hitting faster and harder, and many teams still struggle with fragmented playbooks, untested procedures, and limited visibility.
• NIST recommends organizations to document clear role responsibility, test incident response plans regularly, realistically organize logs, prioritize relevance, and remember that incident response isn’t just a job for the tech team, it’s a whole-organization effort.
• NIST SP 800-61r3: https://csrc.nist.gov/pubs/sp/800/61/r3/final

Wazuh Servers Targeted by Mirai Botnets

Article Link: https://cybernews.com/security/wazuh-servers-targeted-by-mirai-botnets/

• Mirai botnet variants are targeting Wazuh servers in two fresh attack waves, exploiting a remote code execution flaw.
• Attackers inject a malicious JSON payload through the platform’s API, tricking vulnerable servers into running rogue Python code.
• The botnet is exploiting a months-old vulnerability that remains unlisted in official threat databases, leaving outdated systems exposed.
• A patch was released in version 4.9.1, and users running older versions are being warned to update now to block the attacks.
• CVE-2025-24016: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24016

Cloud Assets Have 115 Vulnerabilities on Average — Some Several Years Old

Article Link: https://www.csoonline.com/article/4003365/cloud-assets-have-115-vulnerabilities-on-average-some-several-years-old.html

• Orca Security researchers report that cloud assets often carry dozens of known vulnerabilities, including flaws that have remained unpatched for years.
• Many cloud environments are neglected or rushed into production, with outdated systems and unsecured AI components exposing gaps that leak data or run malicious code.
• Unpatched software vulnerabilities now rival phishing as a preferred attack method, with some infamous bugs still lurking in enterprise environments and offering easy access to intruders.
• Cloud researchers substantially suggest organizations focus attention on patch management, tighter data protection, corrected misconfigurations, and reduced access privileges to close common attack paths.

Erie Insurance Confirms Cyberattack Behind Business Disruptions

Article Link: https://www.bleepingcomputer.com/news/security/erie-insurance-confirms-cyberattack-behind-business-disruptions/

• Erie Insurance confirmed a cyberattack disrupted its operations over the weekend, forcing a company-wide systems shutdown that impacted both internal functions and customer-facing services.
• The breach was discovered on June 7 when Erie’s IT team spotted suspicious activity on the network and quickly triggered incident response protocols, pulling systems offline while federal law enforcement and outside experts began investigating.
• With more than six million policyholders in 12 states and Washington, D.C., the disruption has blocked customers from logging in, submitting claims, or managing policies online, leaving service teams scrambling to keep operations afloat.
• Erie stated it will not reach out for payments while systems are down and warned customers to stay cautious by avoiding suspicious links, phone calls, or emails that could be tied to fraud.

Why Threat Agents Must be Included in Cybersecurity Risk Assessments

Article Link: https://securityboulevard.com/2025/06/why-threat-agents-must-be-included-in-cybersecurity-risk-assessments/

• Skipping threat agents in risk assessments is like playing a hand blind, with no insight into who’s sitting across the table or what cards they’re holding. The analysis warns that ignoring the humans behind attacks leaves organizations unprepared for the tactics most likely to hit them where it hurts.
• Mapping attacker motives and techniques to business operations, analysts argue, helps teams stop betting on generic threats and start placing chips on risks that actually matter.
• As threats grow more complex and budgets stay flat, the analysis warns that spreading defenses too thin becomes a losing gamble that leaves high-value systems open, and detection delayed.
• The analysts endorse stacking the odds by profiling likely adversaries, studying their playbooks, and focusing protection on the systems attackers are most eager to hit.

Forest Hills, NY Hacker Gets 25 Months for Breaching Law Enforcement Portal and Extorting Victims: Feds

Article Link: https://qns.com/2025/06/forest-hills-criminal-gets-25-months-for-hacking/

• A Forest Hills man is headed to federal prison for 25 months for a brazen hacking scheme in which he impersonated a police officer to breach a federal law enforcement database.
• Also known as “Convict,” “Anon,” and “Ominous,’ he and a 21-year-old Rhode Island accomplice used a stolen police password to infiltrate a restricted law enforcement portal. They even sent fake emergency requests while posing as officers to con social media companies into giving up private user data.
• The hacker crew collected a payload of personal details, including addresses, phone numbers and Social Security numbers. They held that data hostage by threatening to ‘dox’ people on a public website unless they paid up.
• Prosecutors report the sentence sends a hard message. In addition, they pledge to shield the public from digital predators and vow that anyone exploiting government systems to prey on people will be locked up.