CyberWire Daily: X's Grok Controversy, Data Breaches, and CISO Legal Risks

Grok's Non-Consensual Imagery Sparks EU Scrutiny

• 🇪🇺 The European Commission is considering enforcement action against X (formerly Twitter) due to its AI tool, Grok, generating sexualized images of a minor.
• ⚠️ Grok has also been misused to create non-consensual sexual imagery of women, and previously spread Holocaust-denying material.
• ⚖️ This scrutiny intensifies tensions between the EU and US over platform regulation, with France and the UK also investigating.

Major Data Breaches Linked to Single Threat Actor

• 🔗 Researchers have linked numerous major data breaches to a threat actor known as Zestics (persona Scentap), who acts as an initial access broker.
• 🔓 Zestics exploits stolen credentials, often harvested by info-stealer malware, to gain access to enterprise networks and sell data and access.
• 📉 Weak security, particularly the lack of multi-factor authentication on file-sharing services, enables these repeated compromises across various sectors.

UK's New Cyber Action Plan and Sector-Specific Threats

• 🇬🇧 The UK government has launched a new cyber action plan with a centralized cyber unit and a software security ambassador scheme, backed by 210 million pounds.
• 🎯 A stealthy ClickFix phishing campaign is targeting the hospitality sector using fake Booking.com cancellation emails to deploy RATs.
• 👾 New VVS Stealer malware, sold as a subscription on Telegram, targets Discord users by stealing authentication tokens and harvesting credentials from browsers.

Healthcare Data Leaks and a Critical Dolby Flaw

• 🏥 Covenant Health is notifying nearly 478,000 patients of a May 2025 cyber attack, potentially exposing personal, insurance, and medical information.
• 🚑 AFLAC is notifying 22.6 million people of a June 2025 cyber attack, with compromised data possibly including social security numbers and health details.
• 📱 Google has patched a critical vulnerability in the Android implementation of Dolby software, which could lead to data leakage.

SolarWinds Dismissal and CISO Legal Landscape

• 🧑‍⚖️ Ilona Cohen of HackerOne discusses the implications of the SolarWinds CISO charges dismissal, noting a recalibration by the SEC.
• 📉 The dismissal was influenced by a court rejecting the SEC's broad theory that internal accounting rules could cover cybersecurity program design.
• 🛡️ While personal risk for CISOs may be reduced, the SEC's authority to police misleading statements to investors regarding cybersecurity remains, emphasizing the need for accurate public disclosures.