Information Security News – 7/28/2025

U.S. Nuclear Weapons Department Compromised in SharePoint Attack

Article Link: https://www.neowin.net/news/us-nuclear-weapons-department-compromised-in-sharepoint-attack/

• Hackers broke into Microsoft’s on-prem SharePoint servers, hitting thousands of systems worldwide, including the U.S. Energy Department and the National Nuclear Security Administration.
• Microsoft says state-backed hackers from China are behind it. They got in using a zero-day flaw, pulled off remote code execution, and grabbed credentials. SharePoint Online didn’t take a hit.
• The Energy Department says the damage was limited, no sensitive data leaked, and their Microsoft 365 setup helped keep things under control.
• Microsoft pushed out emergency patches and plans to share more in a detailed future advisory. The full scope is still unfolding, but organizations across the globe have already felt the sting.

Humans Can Be Tracked with Unique ‘Fingerprint’ Based on How Their Bodies Block Wi-Fi Signals

Article Link: https://www.theregister.com/2025/07/22/whofi_wifi_identifier/

• Researchers at La Sapienza University of Rome have developed “WhoFi,” a method that uses Wi-Fi signal distortions caused by the human body to re-identify individuals with up to 95.5 percent accuracy.
• The technique captures unique signal interference patterns, known as Channel State Information, and processes them through a deep neural network to create a biometric signature, even when the subject carries no devices.
• Unlike cameras, Wi-Fi sensing works in the dark, goes through walls, and doesn’t rely on visible features, giving it a leg up in surveillance without triggering the same privacy alarms.
• While no commercial deployments have been mentioned, the findings raise the stakes for privacy advocates, as someone could now be tracked just for walking through a Wi-Fi signal. No chips, no cards, no phone. Just invisible markers.

Ports are Getting Smarter and More Hackable

Article Link: https://www.helpnetsecurity.coCm/2025/07/23/ccdcoe-maritime-port-cyber-attacks/

• NATO’s Cooperative Cyber Defence Centre of Excellence (CCDCOE) reports that global port infrastructure, responsible for 80 percent of worldwide trade, is under increasing attack from threat groups backed by Russia, Iran, and China.
• Vulnerabilities in access control and vessel traffic systems are being exploited through ransomware, phishing, and disruption campaigns. Most ports remain outside of formal military cyber protection, creating wide open lanes for attack.
• Incidents like NotPetya and the 2022 fuel terminal shutdowns in Europe show how fast maritime chaos spreads. Pro-Russian hacktivists like NoName057 have piled on with DDoS attacks that clog up operations and drain response teams.
• The report is pushing for NATO to overhaul its maritime strategy, connect with commercial operators, boost maritime threat intel sharing, and stage live cyber drills to close gaps before attackers make their move.

Ransomware Gangs Leveraging RMM Tools to Attack Organizations and Exfiltrate Data

Article Link: https://cybersecuritynews.com/ransomware-gangs-leveraging-rmm-tools/

• Ransomware crews are now using remote IT tools like AnyDesk and ScreenConnect to sneak into networks, steal data, and set up full-blown extortion attacks while pretending to be legit tech support.
• These tools come with trusted certificates, admin access, and encrypted tunnels, making them a dream for attackers. The bad guys blend in with normal activity, drop payloads later, and use secure channels that security tools can’t easily detect.
• CATO Networks investigated hits on a UK manufacturer, a US construction firm, and a nonprofit. In each case, the RMM tools quietly downloaded scripts, moved through the network, and deployed ransomware without setting off alarms.
• Defenders are being told to watch for unusual tool use, strange logins, and suspicious off-hours activity. The best bet is to stay proactive toward network awareness to catch the threat before the encryption event hits the jackpot.

Women Who ‘Hacked the Status Quo’ Aim to Inspire Cybersecurity Careers

Article Link: https://www.darkreading.com/cybersecurity-operations/women-hacked-status-quo-cybersecurity-careers

• A group of women in information security, including Cisco’s Ashley Shen and researchers from Google, will speak at Black Hat USA 2025 to share how they found their way in a male-heavy industry and help other women find theirs too.
• After facing years of being the only woman on her team, Shen and others plan to pass along honest advice, personal stories, and encouragement to those just starting out. Their talk will focus on what helped them keep going and how to build confidence, not just to survive tough moments.
• These women-built careers in threat hunting and security research, often while dealing with comments that made them feel like they had to be “exceptional” just to belong. By speaking up and being real, they hope to make things better for the next generation.
• Scholarships, return-to-work programs, and peer meetups are now helping more women learn the ropes and find a place in the field. By speaking up, sharing ideas, and supporting one another, women can help shape safer technology, bring new perspectives to tough problems, and make the industry more welcoming for everyone who comes next.

Lawsuit Says Clorox Hackers Got Passwords Simply by Asking

Article Link: https://www.nbcnews.comCognizant

/business/business-news/lawsuit-says-clorox-hackers-got-passwords-simply-asking-rcna220313

• Clorox is suing IT provider Cognizant over a 2023 breach, claiming hackers got into their network just by asking the help desk for passwords.
• The attackers, part of the Scattered Spider crew, allegedly called support, requested password resets, and were handed access without any identity checks.
• The breach cost Clorox $380 million, with most losses tied to halted product shipments and the rest of the cleanup efforts the company says were mishandled.
• Clorox says lessons learned concluded that ID checks and account controls were missing which revealed just how wide-ranging vendor risk management is in their overall supply chain.
  

Dordt University Notifies 34K+ People of April 2024 Data Breach That Compromised SSNs, Medical Info

Article Link: https://www.comparitech.com/news/dordt-university-notifies-34k-people-of-april-2024-data-breach-that-compromised-ssns-medical-info/

• Dordt University is notifying 34,251 people of a ransomware attack from April 2024, claimed by the BianLian gang, involving the theft of sensitive personal data.
• Between April 21 and May 16, attackers accessed names, Social Security numbers, financial details, medical records, and login credentials. A leaked proof pack included employee documents and data on 420 students.
• The breach remained unaddressed publicly for 14 months, far exceeding the education sector’s 4.8-month average. Dordt has not confirmed whether a ransom was demanded or paid.
• Affected individuals are receiving free identity protection. The case stresses the need for stronger access controls, phishing prevention, vendor oversight, and faster breach notification across the education sector.

Alaska Airlines Resumes Operations After IT Outage

Article Link: https://www.reuters.com/world/us/alaska-airlines-resumes-operations-after-it-outage-2025-07-21/

• Alaska Airlines grounded all Alaska and Horizon Air flights for three hours Sunday, July 20, at night due to an unexplained IT failure, the second shutdown in just over a year.
• The outage began at 8 p.m. Pacific and ended by 11 p.m. Flights were delayed as crews and aircraft were repositioned. The airline did not say what caused the issue.
• This follows a similar grounding in April 2024, plus recent cyber incidents at Hawaiian Airlines, WestJet, and Qantas. The timing raises concern as hacker groups show growing interest in airline systems.
• With millions depending on flight tech daily, even brief outages show how fast operations can fall apart. Airlines rely on digital systems for flight planning, crew scheduling, ticketing, and security, making them extremely high-value targets that must be better protected.

Operator of Jetflicks Illegal Streaming Service Gets 7 Years in Prison

Article Link: https://www.bleepingcomputer.com/news/technology/operator-of-jetflix-illegal-streaming-service-gets-7-years-in-prison/

• Kristopher Lee Dallmann, the guy behind the illegal streaming site Jetflicks, was sentenced to seven years in prison for running one of the biggest TV and movie piracy operations in the country.
• He and his crew used automated tools to grab pirated content from sites around the world, then turned it into a paid service with tens of thousands of subscribers. They streamed shows taken from platforms like Netflix, Hulu, and Amazon Prime, pulling in millions.
• Jetflicks ran for 12 years before the FBI shut it down in 2019. The government estimates it caused at least $37.5 million in damage and left content creators and companies unpaid for their work.
• This case is a wake-up call. Piracy doesn’t just hurt big companies; it takes money from the people who make the content and damages consumer trust in digital platforms for everyone.