Transcript
A (0:00)
From the CISO series. It's Cybersecurity Headlines.
B (0:07)
These are the cybersecurity headlines for Monday, June 9, 2025. I'm Steve Prentiss. Presidential Cyber Executive Order Signed the President signed a new executive order aimed at refocusing U.S. cybersecurity policy by emphasizing secure software development, updated encryption and Internet routing security. The order revokes part of the Biden and Obama era directives, including digital identity initiatives, which it claims could increase fraud risks. It also criticizes the previous administration for politicizing cybersecurity and shifts AI policy from potential censorship to identifying vulnerabilities. The order rolls back compliance mandates for software vendors, instead encouraging collaboration with industry partners. It also targets post quantum cryptography and consumer device security. Neuberger warns of US infrastructure's cyber attack weakness Former NSA Cybersecurity Director Anne Neuberger warned that US Critical infrastructure would likely collapse under a major cyber attack due to vulnerabilities and workforce cuts, particularly, she said, under the current administration. Speaking at the AI Expo for National Competitiveness, she criticized recent reductions at cisa, which she said weakened national defenses. Neuberger advocated for AI driven solutions, including using AI to assess legacy systems and digital twins to simulate infrastructure vulnerabilities. She emphasized that while talent losses are harmful, AI offers a strategic opportunity to enhance cybersecurity and and fill critical gaps in protecting essential US Systems. Mirai botnet infects TBK DVR devices via command injection flaw this is a new variant of the Mirai malware botnet and it is exploiting a command injection Vulnerability in TBK DVR 4104 and 4216 Digital video recording devices. The flaw, which has a CVE number, is a command injection vulnerability that was disclosed by security researcher netsec fish in April 2024 and published initially as a proof of concept. Although Kaspersky researchers now report seeing active exploitation. The exploit delivers ARM32 malware, which connects to a C2 server, to pull the device into a botnet swarm, making it conduct DDoS attacks and other malicious behavior. OpenAI takes down ChatGPT accounts linked to state backed hacking and disinformation. The owner of ChatGPT says threat actors from countries such as China, Russia, North Korea, Iran and the Philippines are using the LLM product for three key areas of activity social media comment generation, malware refinement and cyber attack assistance and foreign employment scams. One example of Many are using ChatGPT to publish comments on topics such as US politics on TikTok and X Reddit, Facebook and other social media platforms, and then shifting to other accounts to reply to those same comments. They have also been using it to assist with writing scripts for brute forcing passwords as well as in conducting employment scams, including arranging for delivery of company laptops. Huge thanks to our sponsor Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots and manual processes. That's Vanta. With Vanta, GRC can be so much easier while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program, including compliance, risk and customer trust, and streamlines the way you manage information. The impact is real. A recent IDC analysis found that compliance teams using Vanta are 129% of more productive get back time to focus on strengthening security and scaling your business. Get started at vanta.com headlines that is V A N T A dot com headlines supply chain malware hits NPM and PYPI ecosystems targeting a global audience. This particular supply chain attack targets more than a dozen packages associated with the UI component library gluestack to deliver malware. According to Aikido Security, the malware allows an attacker to run shell commands, take screenshots, upload files, steal sensitive information, and mine cryptocurrency. It is currently seeing nearly 1 million downloads per week. As posted in the Hacker News, the code injected into the packages is similar to the Remote Access Trojan that was delivered following the compromise of another NPM package, RAND user agent last month. This indicates that the same threat actors could be behind this activity. Bad Box botnet continues to exploit off brand IoT devices following up on a story we covered last December, The Bad Box 2.0 malware campaign continues to infect millions of connected devices worldwide, specifically IoT hardware such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames, and other products. It is exploiting these devices for criminal activity, according to the FBI. The agency says the malware can come pre installed in off brand or aftermarket devices or arrive alongside software updates from sketchy sources. The botnet allows its owners to mask their activity by making it appear to come from legitimate home networks, also known as residential proxies. In some cases, the operators sell access to the botnet to other cybercriminals, the alert said. Microsoft shares the script to restore the initpub folder that you should not have deleted. This PowerShell script released by Microsoft will help restore the empty initpub folder that had been created by the April 2025 Windows Security Updates this folder helps mitigate a high severity Windows Process Activation privilege escalation vulnerability, but many users have deleted it believing it to not be needed. This has caused such people to become vulnerable to the patched vulnerability Massive data breach of over 4 billion user records found exposed online Cybersecurity researcher Bob Dyachenko and the Cyber News Team uncovered a massive 631 gigabyte unsecured database in China containing over 4 billion records, likely affecting hundreds of millions of users. The leaked data includes WeChat, Alipay, along with financial, residential and ID information suggesting that it was compiled for profiling, surveillance or data enrichment. The largest collection, a file named WeChatIDB, contained over 805 million records. Other collections included banking and address data. Researchers warn that threat actors could exploit this trove for fraud, phishing, blackmail or even state sponsored disinformation. The database was taken offline shortly after discovery and its owner remains unknown. Remember to subscribe to the CISO Series YouTube channel. We're posting a ton of original interviews, interesting product demos and plus we host our Week in Review show there every Friday at 3:30pm Eastern. Come and join us to get in on the action. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us at feedbackisoseries. We would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.