IBM's Operating System Is A Perfect 10 - In Terms of Cybersecurity Vulnerability. Cyber Security Today for March 21, 2025

Fri Mar 21 2025

Cybersecurity Today: Critical IBM AIX Vulnerability and Major Browser Exploits Revealed In this episode, host Jim Love discusses pressing cybersecurity issues, including IBM's AIX operating system scoring a perfect 10 in security vulnerability,...

Summary

Cybersecurity Today: IBM's Operating System Under Fire and Emerging Threats Hosted by Jim Love | Episode Released on March 21, 2025

In the March 21, 2025 episode of Cybersecurity Today, host Jim Love delves into several pressing cybersecurity issues affecting businesses and government agencies. The episode covers vulnerabilities in IBM's AIX operating system, the security implications of recent federal agency layoffs, alarming developments in browser and mobile application security, and provides actionable insights to safeguard against these evolving threats.

1. IBM's AIX Operating System Receives a Perfect 10 Vulnerability Score

Jim Love opens the episode by highlighting a significant security concern with IBM's AIX operating system, a staple in mission-critical applications across sectors such as finance, healthcare, and telecommunications.

“[...] AIX scores a perfect 10 in terms of security vulnerability.” (00:02)

IBM has released an urgent security bulletin addressing two critical vulnerabilities:

CVE2024-56346: Affects the Nemesis Network Installation Network (NIM) Master Service, allowing remote attackers to execute arbitrary commands without authentication. This vulnerability has been assigned the highest CVSS base score of 10.
CVE2024-56347: Impacts the NIMSH Services SSL/TLS protection mechanisms, permitting remote command execution with some user interaction. This flaw carries a CVSS base score of 9.6.

Both vulnerabilities result from improper process controls and impact AIX versions 7.2 and 7.3. Jim emphasizes the urgency:

“IBM strongly recommends that all affected systems be updated immediately.” (02:45)

Administrators are urged to download and apply the necessary patches from IBM's official repository to mitigate these risks.

2. Federal Workforce Reductions Leave Sensitive Data Vulnerable

The episode transitions to the Department of Government Efficiency (DOGE), which recently dismantled the U.S. Agency for International Development (USAID). Led by Elon Musk under President Trump's directive, DOGE executed widespread layoffs, inadvertently compromising data security.

“The abrupt action resulted in many employees retaining laptops and phones loaded with confidential data.” (05:30)

Key issues include:

Incomplete Offboarding: Employees, especially those stationed overseas, still possess government-issued devices containing sensitive information.
Lack of Security Measures: Federal guidelines mandate the revocation of access and remote wiping of devices post-termination. However, these protocols were not implemented, exposing data to unauthorized access.
Broader Agency Disarray: Similar security lapses have been observed in other departments like the Consumer Financial Protection Bureau, where reduced staffing undermines system monitoring and regulatory enforcement.

Jim underscores the severity of these oversights:

“This mishandling reflects a broader pattern of disarray within the federal agencies following aggressive restructuring efforts.” (07:15)

3. Malicious Browser Extensions Pose Significant Threats

A viral video titled "This Browser can Steal Everything" has sparked concern within the cybersecurity community. Created by YouTuber Matt Johansen, the video exposes how compromised browser extensions can become powerful tools for hackers.

“Compromised extensions often request excessive permissions, such as reading and changing website data, accessing clipboard contents, and more.” (12:50)

Key takeaways from the video include:

Excessive Permissions: Malicious extensions exploit permissions to inject scripts, intercept login credentials, and modify web content in real time.
Evolving Threats: Extensions like "The Great Suspender" demonstrated how legitimate tools can be repurposed for malicious activities after being sold to unscrupulous parties.
Enterprise Implications: Jim discusses the potential need for organizations to restrict browser extension installations to prevent unauthorized software from being added.

“Enterprise users may have to consider restricting browser extension installations in the same way that companies don't allow admin access.” (15:20)

Recommendations:

Regular audits of installed extensions.
Removal of unused or suspicious add-ins.
Keeping browsers updated to the latest versions.

Links to Matt Johansen's video are provided in the show's notes for listeners seeking more information.

4. Over 300 Malicious Android Apps Removed from Google Play Store

Despite rigorous security measures, malicious applications continue to infiltrate reputable platforms. Google has recently removed over 300 malicious Android apps from its Play Store, which had collectively been downloaded more than 60 million times prior to their removal.

“These applications masquerade as utility tools such as health and fitness trackers, note-taking apps, battery optimizers, and even QR code scanners.” (20:10)

Key points include:

Vapor Campaign: Named by security researchers, this campaign involved apps that engaged in ad fraud and attempted to steal user credentials and financial information.
Widespread Impact: Initially identified by IAS Threat Lab as 180 applications, Bitdefender expanded the scope to 331 apps, affecting users in countries like Brazil, the United States, Mexico, Turkey, and South Korea.
User Risk Post-Removal: Even after their removal from the Play Store, users with these apps installed remain vulnerable.

Jim provides essential safety tips:

“It's crucial to manually uninstall any suspicious applications and monitor devices for unusual behavior.” (22:05)

Preventative Measures:

Verify app authenticity by checking reviews and developer information.
Scrutinize the permissions requested by applications.
Keep device operating systems and applications updated regularly.
Utilize reputable security software to detect and prevent malware infections.

5. Concluding Insights and Upcoming Topics

Jim Love wraps up the episode by reiterating the importance of proactive cybersecurity measures in the face of evolving threats. He highlights the necessity for both individuals and organizations to stay informed and vigilant.

“Cybersecurity is an ongoing battle, and staying updated with the latest threats is essential to protect sensitive information.” (27:30)

Looking ahead, listeners are invited to join the upcoming interview show, where topics will include:

Cybercriminal Targeting of Educational Institutions: Exploring how schools are becoming prime targets for cyber attacks.
Recent Report from the Center for Internet Security: Discussing key findings and recommendations to bolster cybersecurity defenses.

“Join me this weekend for our interview show. We'll be talking about how cyber crooks are now targeting schools and a recent report from a group called the Center for Internet Security.” (28:45)

Listeners are encouraged to tune in to future episodes for in-depth discussions and expert insights into the ever-changing landscape of cybersecurity.

Stay Protected: Ensure your systems are updated, scrutinize the permissions of installed applications and extensions, and maintain robust security protocols to defend against these multifaceted cyber threats.

For more detailed information and resources mentioned in this episode, refer to the show notes available on the Cybersecurity Today website.

Loading summary...

Transcript

Jim Love (0:02)

IBM's AIX scores a perfect 10 in terms of vulnerability Rapid cuts of agency staff leave employees with sensitive data. A YouTuber sounds the alarm. This browser hack can steal Everything, and over 300 malicious Android apps are removed from the Google play store after 60 million downloads. This is Cybersecurity today. I'm your host, Jim Love. Most of us don't think much about IBM's AIX operating system, but it's still widely used in mission critical applications across sectors like finance, healthcare and telecommunications. It is also the OS that runs large data centers. Given that footprint in highly secure industries and applications, it's even more of an issue that it scored a perfect 10, at least in terms of security vulnerability. IBM has issued an urgent Security bulletin addressing two critical vulnerabilities in its AIX operating system, one with a maximum severity score of 10 that could allow remote attackers to execute arbitrary commands. CVE2024-56346 is a vulnerability that affects the Nemesis Network Installation Network, or NIM Master Service, allowing remote attackers to execute arbitrary commands without authentication or user interaction. It's been assigned a CVSS base score of 10, and there's CVE2024-56347. This flaw impacts the NIMSH Services SSL TLS protection mechanisms, also permitting remote command execution but requiring some user interaction. It carries a CVSS base score of 9.6, still very high. Both vulnerabilities stem from improper process controls and affect AIX versions 7.2 and 7.3. IBM strongly recommends that all affected systems be updated immediately. Patches can be downloaded from IBM's official repository. The Department of Government Efficiency, or DOGE, suddenly dismantled the U.S. agency for International Development, USAID, but has left numerous employees, particularly those overseas, in possession of government issued devices containing sensitive information, posing significant security risks. In a rapid move to reduce federal workforce, doge, led by Elon Musk, under President Trump's directive, executed extensive layoffs across various agencies, including usaid. This abrupt action resulted in many employees retaining laptops and phones loaded with confidential data as proper off boarding procedures were neglected. The lack of clear guidance and resources for these displaced workers, especially those stationed abroad, has left them uncertain about how to return their devices securely. Consequently, the responsibility of safeguarding sensitive information, encompassing personnel records and details of local partners, has fallen on the employees themselves, who are no longer working for the organization. Federal guidelines mandate the revocation of access and remote wiping of devices in such scenarios. However, the current administration has failed to implement these security measures, potentially exposing government data to to unauthorized access and compromising the safety of local collaborators. This mishandling reflects a broader pattern of disarray within the federal agencies following aggressive restructuring efforts. Similar issues have arisen in other departments, such as the Consumer Financial Protection Bureau, where layoffs have hindered the agency's ability to monitor technological systems utilized by firms, potentially allowing companies to evade regulation more more easily. A recent video titled this Browser can Steal Everything has gone viral, exposing dangerous exploits that could allow hackers to access sensitive user data through compromised browser extensions. Cyber security experts warn that unsuspecting users could have their passwords, browsing history and financial details stolen without even realizing it. The video is by a YouTuber named Matt Johansen. He details how malicious browser extensions, particularly on Google Chrome and Chromium based browsers like Edge and Brave, can inject malicious script, intercept login credentials, and even modify web content in real time. These compromised extensions often request excessive permissions, such as reading and changing website data, accessing clipboard contents, and more. All kinds of extensions ask for and require permissions, often wide ranging permissions, so users, and many can't work without these extensions. They're accustomed to granting these requests, and they might not give them a lot of thought. In fact, some corrupted extensions start out as innocent apps with desirable functionality, but they can be bought or taken over. There's the example of the Great Suspender, which was an app that helped manage memory usage by suspending unused tabs in browsers. It greatly sped up the browsers because they weren't bogged down with a number of open processes. It also solved a real problem, and it was used by thousands of users. But the Great Suspender was sold to a group who planted malicious software into it and compromised a large number of computers. Johansson gave a demo of how a seemingly innocent browser extension could impersonate a password manager like lastpass and trick a user into logging in and giving access to all credentials. Cybersecurity firms often recommend using a password manager, but if extensions can get your login information, they'll actually be a bigger danger if not protected by multi factor authentication. Now, this won't be popular, but enterprise users may have to consider restricting browser extension installations in the same way that companies don't allow admin access so that users can't install software on their own computers. This video also suggests that doing regular audits of installed extensions, removing any unused or suspicious add ins, and of course, keeping browsers up to date is essential. There's a link to the video in the Show Notes and in a related story, we always tell users to load apps only from the official app stores. But it turns out that's not enough. Security researchers have identified and Google has removed over 300 malicious Android applications from the Google Play Store, and these had been collectively downloaded more than 60 million times before the removal. They're engaged in ad fraud and attempting to steal user credentials and even credit card information. The malicious apps, part of a campaign dubbed Vapor, were first uncovered by IAS Threat Lab, which identified 180 such applications, generating 200 million fraudulent advertising bid requests daily. Bitdefender later expanded this number to 331 apps, noting significant infections in countries including Brazil, the United States, Mexico, Turkey and South Korea. These applications masquerade as utility tools such as health and fitness trackers, note taking apps, battery optimizers, and even QR code scanners. Once installed, they display intrusive ads outside their intended context and attempt to phish users credentials and financial information. Despite their removal from the Play Store, users who have these apps installed remain at risk. It's crucial to manually uninstall any suspicious applications and monitor devices for unusual behavior. Some recommendations include verifying app authenticity before downloading check app reviews, developer information, and the permissions they request keeping devices updated regularly updating your device's operating systems and applications patches, security vulnerabilities, and using reputable security software even on a phone. Install trusted antivirus or security applications to detect and prevent malware infections and that's our show. Join me this weekend for our interview show. We'll be talking about how cyber crooks are now targeting schools and a recent report from a group called the center for Internet Security. I'm your host, Chiblove. Thanks for listening.