Security News Bites for June 27, 2025

Cost of Recent UK Retail Cyberattacks is $350 to $600 Million

Britain’s Cyber Monitoring Centre (CMC) estimates the total cost of the cyberattacks that crippled major UK retail organizations recently could be in the region of £270-440 million ($362-$591 million). Marks & Spencer, the Co-op, and Harrods were all targets.  That is a lot of money for just three out of millions of attacks. Credit: The Register

Robotaxis Are Here With the Anticipated Issues

I don’t think it is a surprise that robotaxis are not perfect, but they are here. Human drivers are not perfect either. The Uber/Waymo partnership has opened another market -Atlanta. Currently, it is operating in a small 8 mile by 8 mile section of Atlanta, but that will expand over time. (To compare, this is 65 square miles and metro Atlanta is 8,000 square miles). Credit: Tech Crunch On the other side, the National Highway Traffic Safety Administration “reached out” to Tesla after numerous videos were posted online showing robotaxis in Atlanta violating traffic laws. In one way robotaxis are like humans – they speed and slam on the brakes when they see a police car. Credit: Tech Crunch

There is Something Else Going on Here

The US House of Representatives Office of Cybersecurity (in the Office of the Chief Administrative Officer (CAO)) just BANNED WhatsApp because they deem it a high risk to users due to the lack of transparency in how it protects user data, absence of stored data encryption and potential security risks. The only risk is that they can’t eavesdrop on staffers conversations. They suggest using Microsoft Teams (where Microsoft controls the encryption), FaceTime (where Apple controls the encryption), iMessage (likewise) and Signal. Of the 4, the only one that is close to secure is Signal and WhatsApp uses the Signal protocol. Meta, of course, is not happy. The CAO says WhatsApp doesn’t encrypt stored data – did they even look at say the marketing material, never mind the tech specs? Is the House Chief Administrative Officer suggesting, with a straight face, that Apple and Microsoft are “transparent in how they protect user data”? The CIO inside that office has a degree in English Literature from Elon (Elon, NC, not Musk) University and a masters in journalism from the University of Georgia. Credit: Tech Crunch

Scattered Spider Hacking Group Shifts to Aviation and Transportation

Scattered spider is known for its hacking of UK retail firms like Marks & Spencer and then likely but unconfirmed hacks on insurance companies like Aflac and Erie Insurance. Now, it appears they are going after the Aviation and transportation sector, attacking Westjet and, likely, they are responsible for the Hawaiian Airlines breach. Whatever their method, they seem to be successful. American Airlines is currently suffering an outage but we don’t know if that is due to Scattered Spider. Mostly these hackers use very low tech methods, mostly social engineering. Credit: Bleeping Computer

House, Senate Introduce Bill to Ban DeepSeek, Others in Gov Agencies

US lawmakers on Wednesday introduced a bill in both the House and Senate that would prohibit federal agencies from using artificial intelligence models developed in China, such as DeepSeek, as well as from Russia and other nations hostile to the US. This seems like a good idea under all circumstances. Of course, since they are not banning private sector use, it is not clear whether banning it at federal agencies will make much difference. Credit: Cybernews

by