Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack

Wed May 14 2025

Radware says recently WAF bypasses were patched in 2023 Marks & Spencer confirms data stolen in ransomware attack Alabama suffers cybersecurity event Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right...

Summary

Cyber Security Headlines - Detailed Summary
Hosted by CISO Series
Episode Title: Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack
Release Date: May 14, 2025

1. Radware Addresses Cloud Web Application Firewall (WAF) Vulnerabilities

In the opening segment, host Steve Prentiss discusses Radware's response to recent vulnerabilities identified in their Cloud Web Application Firewall (WAF). On May 7, the CERT Coordination Center at Carnegie Mellon released an advisory highlighting that Radware's WAF was susceptible to filter bypass methods. These vulnerabilities allowed threat actors to execute attacks without being obstructed by the firewall.

Key Points:

Vulnerability Details: The bypass methods involved adding random data to the request body using an HTTP GET method, enabling malicious payloads to infiltrate the underlying web application. Both methods have designated CVE numbers for reference.
Radware's Response: Radware promptly addressed both vulnerabilities. According to Prentiss, "Radware announced that both issues mentioned in the advisory had been addressed by its R&D team shortly after they were reported to the company in 2023" (04:15).

Conclusion: Radware's swift action demonstrates their commitment to security and their ability to respond effectively to identified threats.

2. Marks and Spencer Confirms Data Theft in Ransomware Attack

Prentiss moves on to discuss the ongoing ransomware attack affecting British retailer Marks and Spencer (M&S). The company has confirmed that personal data was compromised during the attack, which has rendered their online purchasing system inoperative.

Key Points:

Nature of the Stolen Data: M&S reports that the stolen information includes Personally Identifiable Information (PII) and masked payment card details related to their proprietary credit card, SparksPay. Importantly, the company ensures that full payment card details were not stored on their systems, mitigating the risk of financial fraud.
Operational Impact: As a result of the attack, M&S online platforms remain inaccessible, disrupting customers' ability to make purchases and affecting the company's revenue streams.

Notable Quote:
Steve Prentiss emphasizes the severity of the situation, stating, "The ransomware attack has left the company still without the capacity to provide online purchases on its website" (10:40).

Conclusion: The attack on M&S underscores the persistent threat of ransomware to large retailers and the critical importance of robust data protection measures.

3. Turkish APT Group Exploits Output Messenger Zero-Day to Target Kurdish Military

The podcast highlights the activities of a Turkish Advanced Persistent Threat (APT) group known as Marbled Dust. This group has been leveraging a zero-day vulnerability in the Output Messenger application to surveil Kurdish military operations.

Key Points:

Exploitation Method: Since April of the previous year, Marbled Dust has exploited vulnerabilities in Output Messenger (versions before 2.0.63) to collect user data and deploy malicious files. The specific vulnerability pertains to the Team Chat feature within the application.
Targeted Entities: The group's focus extends to government bodies, Kurdish organizations—including political factions like PKK—telecommunications service providers, and media outlets.

Notable Quote:
Prentiss notes the strategic targeting, stating, "The group specializes in targeting government entities and Kurdish organizations, ranging from political groups like PKK through to telecommunications service providers and the media" (22:05).

Conclusion: The exploitation of Output Messenger by Marbled Dust exemplifies the strategic use of zero-day vulnerabilities in geopolitical cyber espionage.

4. Cyberattack on Alabama Government Services

In a concerning development, Alabama experienced a cybersecurity event impacting state government operations. Governor Kivy publicly announced the attack and called for patience as the state grapples with its consequences.

Key Points:

Impact on Government Services: The attack has led to disruptions in accessing government websites and other communication channels. State employees have reported that some usernames and passwords were compromised.
Data Compromise: Importantly, officials believe that no personally identifiable information (PII) of Alabama residents has been accessed or retrieved by the attackers.
Unknowns: The full extent of the breach and the responsible group remain unidentified at this time.

Notable Quote:
Governor Kivy addressed the situation, stating, "We are asking for patience due to some possible disruptions to government website access or other communications" (35:20).

Conclusion: The Alabama cyberattack highlights the vulnerabilities within state infrastructure and the ongoing challenges in securing governmental digital assets.

5. Additional Highlights

While the primary focus was on the above stories, the episode also touched upon several other significant cybersecurity events:

Co-op Faces Persistent Hacker Threats: The British retailer continues to combat an attempted cyberattack, fearing that hackers maintain access to its network, which has disrupted logistics and supply chains.
North Korean Hackers Target Ukrainian Government: The group TA406 employs spearphishing tactics against Ukrainian government entities to gather intelligence on the country's stance against the Russian invasion.
Intel CPU Flaws Expose Sensitive Data: Researchers from ETH Zurich uncovered a branch privilege injection flaw affecting modern Intel CPUs, potentially allowing attackers to access sensitive data from privileged memory regions. While the risk to regular users is low, applying the latest updates is advised.
SAP Releases Critical Patches for NetWeaver Vulnerability: Addressing a CVSS10 severity bug, SAP has deployed fixes to mitigate remote code execution threats exploited by attackers since January.

Conclusion

This episode of Cyber Security Headlines provided a comprehensive overview of critical cybersecurity incidents and responses from various organizations. From Radware's timely patching of their WAF vulnerabilities to the persistent threats faced by retailers like Marks and Spencer and Co-op, the discussions underscored the evolving landscape of cyber threats. Additionally, geopolitical tensions continue to fuel cyber espionage activities, as seen in the targeting of Ukrainian government entities by North Korean hackers. The episode concluded with a reminder of the importance of maintaining up-to-date security measures, especially in light of newly discovered hardware vulnerabilities and the continuous efforts of threat actors.

For a more in-depth analysis of these stories, listeners are encouraged to visit CISOseries.com.

Summary

Cyber Security Headlines - Detailed Summary
Hosted by CISO Series
Episode Title: Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack
Release Date: May 14, 2025

1. Radware Addresses Cloud Web Application Firewall (WAF) Vulnerabilities

Key Points:

Vulnerability Details: The bypass methods involved adding random data to the request body using an HTTP GET method, enabling malicious payloads to infiltrate the underlying web application. Both methods have designated CVE numbers for reference.
Radware's Response: Radware promptly addressed both vulnerabilities. According to Prentiss, "Radware announced that both issues mentioned in the advisory had been addressed by its R&D team shortly after they were reported to the company in 2023" (04:15).

Conclusion: Radware's swift action demonstrates their commitment to security and their ability to respond effectively to identified threats.

2. Marks and Spencer Confirms Data Theft in Ransomware Attack

Key Points:

Nature of the Stolen Data: M&S reports that the stolen information includes Personally Identifiable Information (PII) and masked payment card details related to their proprietary credit card, SparksPay. Importantly, the company ensures that full payment card details were not stored on their systems, mitigating the risk of financial fraud.
Operational Impact: As a result of the attack, M&S online platforms remain inaccessible, disrupting customers' ability to make purchases and affecting the company's revenue streams.

Conclusion: The attack on M&S underscores the persistent threat of ransomware to large retailers and the critical importance of robust data protection measures.

3. Turkish APT Group Exploits Output Messenger Zero-Day to Target Kurdish Military

Key Points:

Exploitation Method: Since April of the previous year, Marbled Dust has exploited vulnerabilities in Output Messenger (versions before 2.0.63) to collect user data and deploy malicious files. The specific vulnerability pertains to the Team Chat feature within the application.
Targeted Entities: The group's focus extends to government bodies, Kurdish organizations—including political factions like PKK—telecommunications service providers, and media outlets.

Conclusion: The exploitation of Output Messenger by Marbled Dust exemplifies the strategic use of zero-day vulnerabilities in geopolitical cyber espionage.

4. Cyberattack on Alabama Government Services

Key Points:

Impact on Government Services: The attack has led to disruptions in accessing government websites and other communication channels. State employees have reported that some usernames and passwords were compromised.
Data Compromise: Importantly, officials believe that no personally identifiable information (PII) of Alabama residents has been accessed or retrieved by the attackers.
Unknowns: The full extent of the breach and the responsible group remain unidentified at this time.

Notable Quote:
Governor Kivy addressed the situation, stating, "We are asking for patience due to some possible disruptions to government website access or other communications" (35:20).

Conclusion: The Alabama cyberattack highlights the vulnerabilities within state infrastructure and the ongoing challenges in securing governmental digital assets.

5. Additional Highlights

While the primary focus was on the above stories, the episode also touched upon several other significant cybersecurity events:

Co-op Faces Persistent Hacker Threats: The British retailer continues to combat an attempted cyberattack, fearing that hackers maintain access to its network, which has disrupted logistics and supply chains.
North Korean Hackers Target Ukrainian Government: The group TA406 employs spearphishing tactics against Ukrainian government entities to gather intelligence on the country's stance against the Russian invasion.
Intel CPU Flaws Expose Sensitive Data: Researchers from ETH Zurich uncovered a branch privilege injection flaw affecting modern Intel CPUs, potentially allowing attackers to access sensitive data from privileged memory regions. While the risk to regular users is low, applying the latest updates is advised.
SAP Releases Critical Patches for NetWeaver Vulnerability: Addressing a CVSS10 severity bug, SAP has deployed fixes to mitigate remote code execution threats exploited by attackers since January.

Conclusion

For a more in-depth analysis of these stories, listeners are encouraged to visit CISOseries.com.

wavePod

Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack

Powered by Wave AI

Summary

1. Radware Addresses Cloud Web Application Firewall (WAF) Vulnerabilities

2. Marks and Spencer Confirms Data Theft in Ransomware Attack

3. Turkish APT Group Exploits Output Messenger Zero-Day to Target Kurdish Military

4. Cyberattack on Alabama Government Services

5. Additional Highlights

Conclusion

Summary

1. Radware Addresses Cloud Web Application Firewall (WAF) Vulnerabilities

2. Marks and Spencer Confirms Data Theft in Ransomware Attack

3. Turkish APT Group Exploits Output Messenger Zero-Day to Target Kurdish Military

4. Cyberattack on Alabama Government Services

5. Additional Highlights

Conclusion