Radware clarifies patch, retailer data stolen, Alabama suffers cyberattack

Steve Prentiss

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, May 14, 2025. I'm Steve Prentiss. Radware says recent WAF bypasses were patched in 2023 Technology company Radware has now spoken in response to an Advisory published on May 7 by the CERT Coordination center at Carnegie Mello, which stated that the Radware cloud web application firewall was vulnerable to filter bypass methods that could allow threat actors to conduct attacks without being blocked by the firewall. The methods, both of which have CVE numbers available in the show notes to this episode involved adding random data in the request body with an HTTP GET method, which could cause a firewall to fail to filter the request and allow various types of payloads to to pass through the underlying web application. This past Sunday, Radware announced that both issues mentioned in the advisory had been addressed by its R and D team shortly after they were reported to the company in 2023. Marks and Spencer confirms data stolen in ransomware attack following up on the story we have been watching for a couple of weeks now, the British retailer now says that personal data was stolen in the attack, which has left the company still without the capacity to provide online purchases. On its website. The company describes the stolen data as pii, as well as masked details on the payment cards used for online purchases, including its own M and S credit card or SparksPay. But the company states the data does not include usable card or payment details since they do not store full payment card details on their systems. Turkish APT Group used Output Messenger Zeroday to spy on Kurdish military. The group, identified as Marbled Dust along with a raft of other names, has been exploiting the vulnerability in Team Chat app Output messenger since April of last year, which it has used to collect user data and deploy malicious files. The group specializes in targeting government entities and Kurdish organizations, ranging from political groups like PKK through to telecommunic IT service providers and the media. The flaw being exploited impacts Output messenger versions before 2.0.63 Alabama suffers cybersecurity event Alabama's Governor Kivy announced the attack on Monday and is asking for patience due to some possible disruptions to government website access or other communications, Ivy adds. Some state employee usernames and passwords were compromised, but it is currently believed that no Alabama Alabamian's personally identifiable information has been retrieved. Neither the full scope of the attack nor the group behind it is known at this time. Huge thanks to our sponsor Vanta. Do you know the status of your compliance controls right now. Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get started at vanta.com headlines that is V A N T A dot com headlines co op fears hackers still in the system shelves getting empty as part of the triumvirate of British retailer hacks, the cooperative chain familiarly known as the Co Op continues to deal with an attempted cyber attack detected two weeks ago, according to recorded Future News. Company officials fear the hackers still have access to its network and are keeping some critical logistics systems offline, preventing shops from getting resupplied with many goods. As a result, deliveries from the co op's large depots were well below 20% of their normal capacity, and especially with regards to perishables such as meat, eggs, dairy, fruits and vegetables, as the company name describes. The company is owned by its members rather than being publicly listed, and as such is not required to make any declaration to the London Stock Exchange about the adverse financial impact of the attack. North Korean hackers target Ukrainian government A group tracked as TA406 is known for using spearphishing to target governments, research centers, think tanks, academic institutions and media organizations worldwide, particularly in Europe, Japan, Russia, South Korea and the United States. This latest campaign targets Ukrainian government entities and cybersecurity firm Proofpoint suggests in a report that Pyongyang is seeking to better understand both the appetite to continue fighting against the Russian invasion and the medium term outlook of the conflict. This differs greatly from Russian espionage, which proofpoint says focuses more on tactical intelligence related to battlefield operations. New Intel CPU flaws leak sensitive data from privileged memory According to researchers at ETH Zurich, a new branch privilege injection flaw in all modern Intel CPUs allows attackers to leak sensitive data from memory regions allocated to privileged software like the operating system kernel, along with critical data such as passwords, cryptographic keys and memory of other processes. The branch privilege injection flaw, which has a CVE number which is available in the show notes, belongs to specialized hardware components that try to guess the outcome of a branch instruction before it's resolved to keep the CPU pipeline full for optimum performance bleeping computer writes. The risk is low for regular users and attacks have multiple strong prerequisites to open up realistic exploitation scenarios. That being said, applying the latest updates is recommended SAP patches another Critical netweaver Vulnerability as part of the May patch Tuesday, SAP released a number of fixes. The most important addressing a CVSS10 critical severity bug in Netweaver's visual composer development server component. This is a vulnerability that has been exploited in the wild since January for remote code execution. The company is seeing significant activity from attackers who are using public information to trigger exploitation and abuse of web shells placed by the original attackers who have currently gone dark not only do we present key news stories on cybersecurity headlines, we also like to discuss key news stories with you. One of the ways we do this is in our Week in Review show, which happens live on Fridays. You can join us for the live show by registering through the CISO Series YouTube channel. Then, when the show starts at 3:30pm Eastern, you can be in the bullpen with our great group of regulars commenting by text on the stories being covered by host Rich Stroffolino and our expert guest. Lots of these comments get acknowledged and discussed as part of the show, and some of them even take on a life of their own in the chat room. So come and see what it's all about. Go to the events page@seesawseries.com to register. I'm Steve Prentiss reporting for the CISO Series. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.