NASCAR announces data breach following March cyberattack
The National Association for Stock Car Racing, better known to the world as NASCAR has now warned customers of a data breach caused by a cyberattack in late March. The company filed with regulators in Maine, New Hampshire and Massachusetts, and has said that Social Security numbers were accessed but has not stated how many people were affected. Back in April, the Medusa ransomware gang added the company to its leak site and demanded a $4 million ransom. Medusa has been identified by the FBI and other U.S. agencies as among the top 10 most prolific ransomware strains this year.
Plankey appears to be on track to lead CISA
Sean Plankey, the President’s nominee to run CISA, received “a largely warm reception from lawmakers on the Senate committee charged with advancing his nomination.” Plankey has pledged to ask DHS Secretary Kristi Noem for more funding, if he determines a larger budget is needed for the agency. Plankey has most recently acted as Noem’s senior adviser overseeing the Coast Guard, and has also served on the National Security Council and with the Department of Energy. He is a supporter of the reauthorization of the Cybersecurity Information Sharing Act of 2015 (CISA 2015), which is “a U.S. federal law designed to improve cybersecurity by encouraging the sharing of cyber threat information between the private sector and the government, and among private entities.” He also stated that he would “would prioritize evicting China from the U.S. supply chain.”
(The Record and Cyberscoop)
Microsoft investigates another outage affecting 365 admin center
Microsoft is keeping tabs on an outage that blocked Microsoft 365 administrators with business or enterprise subscriptions from accessing the admin center. This is being described as a service degradation issue and is tracking the problem on its official service health status page because Microsoft 365 administrators may be unable to access the admin center to get Service health information. This is the second time in a week that the company has had to mitigate an issue with the Microsoft 365 admin center.
Insurer Allianz Life confirms data breach
The U.S. based provider of annuities and life insurance is a subsidiary of Allianz SE, a global financial services group headquartered in Germany. It is now confirmed that the personal information for the majority of its 1.4 million customers was exposed in a data breach that occurred on July 16. The breach is being attributed to a malicious threat actor who “gained access to a third-party, cloud-based CRM system used by Allianz Life Insurance Company of North America.” A spokesperson stated that “The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life customers, financial professionals, and select Allianz Life employees, using a social engineering technique.” BleepingComputer believes that this attack is the work of the ShinyHunters extortion group.
Huge thanks to our episode sponsor, Dropzone AI
BlackSuit website goes dark
BlackSuit, a ransomware gang that is believed to be a rebrand of Royal ransomware, itself a product of the Conti gang, now has some new bling on its website: the logos of 17 law enforcement agencies plus cybersecurity firm BitDefender, who worked with U.S. Homeland Security to disable the site. Branded “Operation Checkmate,” this action has for the moment halted or at least frustrated the dealings of the group, which is known for exploiting phishing, Remote Desktop Protocol, vulnerabilities in public-facing applications, using access data from access brokers and harvesting VPN credentials from stealer logs.
Unpatched flaw in LG surveillance cameras allows admin access
CISA is warning of an unpatched authentication bypass vulnerability in a specific model of security camera – the type often mounted on ceilings in commercial buildings. The model number (LG LNV5110R) and CVE number (CVE-2025-7742) are listed in this episode’s show notes. Approximately 1,300 cameras are active and vulnerable to full unauthenticated RCE, allowing remote takeover and network pivoting. As CISA points out, this is a critical infrastructure threat, which is not just simply a risk to isolated devices, but potentially endangers facilities that are vital to public safety and national operations. “The manufacturer, LG Innotek is aware of the vulnerability, but it will not patch it because this particular camera model is an end-of-life product.
Microsoft cannot guarantee data sovereignty
Speaking under oath in the French Senate, executives from Microsoft France said their company cannot guarantee data sovereignty to customers in France, and by extension to the wider European Union – due to the Cloud Act, a law that “gives the U.S. government authority to obtain digital data held by U.S.-based tech corporations irrespective of whether that data is stored on servers at home or on foreign soil. It is said to compel these companies, via warrant or subpoena, to accept the request.” The issue of access to data, and the enforceability of provisions of the Cloud ACT will require a great deal of litigation, especially considering, as AWS – who supported the bill, along with Microsoft and Google – stated, is that “the Cloud Act does not only apply to U.S. headquartered companies, it is applicable to all “electronic communication service or remote computing service providers” that do business stateside.
Arizona woman who helped place North Korean workers is sentenced
Following up on a story we brought you in late May, Christina Marie Chapman, a 50-year-old woman from Arizona, has been sentenced to “102 months in prison after pleading guilty to her involvement in a scheme that enabled North Korean IT workers to infiltrate 309 U.S. companies.” She was charged, along with her co-conspirator, a Ukrainian citizen, Oleksandr Didenko. “Didenko also ran an online platform known as UpWorkSell (which was seized by the DOJ) that assisted North Koreans in using false identities while hunting for remote IT work positions.
