IBM's Operating System Is A Perfect 10 - In Terms of Cybersecurity Vulnerability. Cyber Security Today for March 21, 2025

Jim Love

IBM's AIX scores a perfect 10 in terms of vulnerability Rapid cuts of agency staff leave employees with sensitive data. A YouTuber sounds the alarm. This browser hack can steal Everything, and over 300 malicious Android apps are removed from the Google play store after 60 million downloads. This is Cybersecurity today. I'm your host, Jim Love. Most of us don't think much about IBM's AIX operating system, but it's still widely used in mission critical applications across sectors like finance, healthcare and telecommunications. It is also the OS that runs large data centers. Given that footprint in highly secure industries and applications, it's even more of an issue that it scored a perfect 10, at least in terms of security vulnerability. IBM has issued an urgent Security bulletin addressing two critical vulnerabilities in its AIX operating system, one with a maximum severity score of 10 that could allow remote attackers to execute arbitrary commands. CVE2024-56346 is a vulnerability that affects the Nemesis Network Installation Network, or NIM Master Service, allowing remote attackers to execute arbitrary commands without authentication or user interaction. It's been assigned a CVSS base score of 10, and there's CVE2024-56347. This flaw impacts the NIMSH Services SSL TLS protection mechanisms, also permitting remote command execution but requiring some user interaction. It carries a CVSS base score of 9.6, still very high. Both vulnerabilities stem from improper process controls and affect AIX versions 7.2 and 7.3. IBM strongly recommends that all affected systems be updated immediately. Patches can be downloaded from IBM's official repository. The Department of Government Efficiency, or DOGE, suddenly dismantled the U.S. agency for International Development, USAID, but has left numerous employees, particularly those overseas, in possession of government issued devices containing sensitive information, posing significant security risks. In a rapid move to reduce federal workforce, doge, led by Elon Musk, under President Trump's directive, executed extensive layoffs across various agencies, including usaid. This abrupt action resulted in many employees retaining laptops and phones loaded with confidential data as proper off boarding procedures were neglected. The lack of clear guidance and resources for these displaced workers, especially those stationed abroad, has left them uncertain about how to return their devices securely. Consequently, the responsibility of safeguarding sensitive information, encompassing personnel records and details of local partners, has fallen on the employees themselves, who are no longer working for the organization. Federal guidelines mandate the revocation of access and remote wiping of devices in such scenarios. However, the current administration has failed to implement these security measures, potentially exposing government data to to unauthorized access and compromising the safety of local collaborators. This mishandling reflects a broader pattern of disarray within the federal agencies following aggressive restructuring efforts. Similar issues have arisen in other departments, such as the Consumer Financial Protection Bureau, where layoffs have hindered the agency's ability to monitor technological systems utilized by firms, potentially allowing companies to evade regulation more more easily. A recent video titled this Browser can Steal Everything has gone viral, exposing dangerous exploits that could allow hackers to access sensitive user data through compromised browser extensions. Cyber security experts warn that unsuspecting users could have their passwords, browsing history and financial details stolen without even realizing it. The video is by a YouTuber named Matt Johansen. He details how malicious browser extensions, particularly on Google Chrome and Chromium based browsers like Edge and Brave, can inject malicious script, intercept login credentials, and even modify web content in real time. These compromised extensions often request excessive permissions, such as reading and changing website data, accessing clipboard contents, and more. All kinds of extensions ask for and require permissions, often wide ranging permissions, so users, and many can't work without these extensions. They're accustomed to granting these requests, and they might not give them a lot of thought. In fact, some corrupted extensions start out as innocent apps with desirable functionality, but they can be bought or taken over. There's the example of the Great Suspender, which was an app that helped manage memory usage by suspending unused tabs in browsers. It greatly sped up the browsers because they weren't bogged down with a number of open processes. It also solved a real problem, and it was used by thousands of users. But the Great Suspender was sold to a group who planted malicious software into it and compromised a large number of computers. Johansson gave a demo of how a seemingly innocent browser extension could impersonate a password manager like lastpass and trick a user into logging in and giving access to all credentials. Cybersecurity firms often recommend using a password manager, but if extensions can get your login information, they'll actually be a bigger danger if not protected by multi factor authentication. Now, this won't be popular, but enterprise users may have to consider restricting browser extension installations in the same way that companies don't allow admin access so that users can't install software on their own computers. This video also suggests that doing regular audits of installed extensions, removing any unused or suspicious add ins, and of course, keeping browsers up to date is essential. There's a link to the video in the Show Notes and in a related story, we always tell users to load apps only from the official app stores. But it turns out that's not enough. Security researchers have identified and Google has removed over 300 malicious Android applications from the Google Play Store, and these had been collectively downloaded more than 60 million times before the removal. They're engaged in ad fraud and attempting to steal user credentials and even credit card information. The malicious apps, part of a campaign dubbed Vapor, were first uncovered by IAS Threat Lab, which identified 180 such applications, generating 200 million fraudulent advertising bid requests daily. Bitdefender later expanded this number to 331 apps, noting significant infections in countries including Brazil, the United States, Mexico, Turkey and South Korea. These applications masquerade as utility tools such as health and fitness trackers, note taking apps, battery optimizers, and even QR code scanners. Once installed, they display intrusive ads outside their intended context and attempt to phish users credentials and financial information. Despite their removal from the Play Store, users who have these apps installed remain at risk. It's crucial to manually uninstall any suspicious applications and monitor devices for unusual behavior. Some recommendations include verifying app authenticity before downloading check app reviews, developer information, and the permissions they request keeping devices updated regularly updating your device's operating systems and applications patches, security vulnerabilities, and using reputable security software even on a phone. Install trusted antivirus or security applications to detect and prevent malware infections and that's our show. Join me this weekend for our interview show. We'll be talking about how cyber crooks are now targeting schools and a recent report from a group called the center for Internet Security. I'm your host, Chiblove. Thanks for listening.