CyberWire Daily: Episode Summary — "Can’t Escape RCE Flaws"
Release Date: March 20, 2025
Host: N2K Networks
Guest: David Weissman, Vice President of Secure Communications at BlackBerry
1. Critical Veeam Vulnerability Patched
At the outset, the episode highlights a significant security update from Veeam. The company has addressed a critical vulnerability (CVSS score: 9.9) in its backup and replication software that previously allowed remote code execution (RCE) by authenticated users.
[02:00] Dave Bittner: "Veeam has released patches for a critical vulnerability with a CVSS score of 9.9 in its backup and replication software that allows remote code execution by authenticated users."
Key Points:
- The flaw stemmed from improper deserialization handling.
- Veeam urges all users to update immediately to mitigate potential threats.
- Cybersecurity firm Watchtower identified additional vulnerabilities, linking them to past RCE exploits used in ransomware attacks.
- Despite requiring authentication, the exploitation risk remains due to weak authentication mechanisms.
2. Ongoing Risks from Spyware and Data Breaches
The podcast delves into recent spyware operations and data breaches that underscore the persistent risks in the cybersecurity landscape.
a. Spy X Data Breach
A significant breach in the consumer spyware sector is discussed, where Spy X exposed nearly 2 million accounts, including thousands of Apple users. The breach remained unreported until recently, emphasizing the vulnerabilities of consumer-grade spyware.
[06:00] Dave Bittner: "A spyware data breach highlights ongoing risks... Security expert Troy Hunt confirmed 17,000 plain text Apple account credentials in the leaked data."
Recommendations:
- Enable Google Play Protect.
- Utilize two-factor authentication.
- Regularly check and secure Apple account settings.
- Follow spyware removal guides cautiously to avoid alerting perpetrators.
b. Clearview AI’s Data Acquisition Attempts
Clearview AI is under scrutiny for attempting to purchase sensitive personal data, including Social Security numbers and mugshots, to enhance its facial recognition database.
[09:50] Dave Bittner: "Court records reveal that Clearview AI... also attempted to purchase sensitive data such as Social Security numbers and email addresses."
Concerns:
- Potential exacerbation of racial bias in facial recognition technologies.
- Legal and regulatory challenges facing Clearview AI, including ongoing lawsuits and investigations.
3. International Moves Towards Digital Sovereignty
The Netherlands Parliament is taking steps to reduce reliance on U.S. software firms, aiming to bolster national digital sovereignty.
[11:30] Dave Bittner: "The Netherlands Parliament approved motions urging reduced reliance on US Software firms... creating a Dutch controlled cloud platform."
Highlights:
- Legislative efforts to prioritize European tech firms in public contracts.
- Evaluation of Amazon Web Services for Dutch internet hosting needs.
- Encouragement for EU investment in local cloud infrastructure as a strategic initiative.
4. Pennsylvania Union Data Breach
A significant data breach affecting over half a million individuals within the Pennsylvania State Education Association (PSEA) is discussed, with the Raisida ransomware gang claiming responsibility.
[13:00] Dave Bittner: "The Pennsylvania State Education association is notifying over 517,000 individuals of a data breach... Raisida has previously attacked major institutions."
Details:
- Attackers stole personal, financial, and health data, including Social Security numbers.
- PSEA is offering affected individuals free credit monitoring and urging vigilant account monitoring.
- Uncertainty remains regarding whether a ransom was paid.
5. Emergence of New Malware Threats
The episode covers the discovery of sophisticated malware variants that are complicating cybersecurity defenses.
a. Betruger Backdoor by Ransom Hub
Symantec researchers identified "Betruger," a custom backdoor deployed by a Ransom Hub affiliate, designed to streamline ransomware attacks.
[14:30] Dave Bittner: "Researchers at Symantec have discovered a Ransom Hub affiliate deploying a new custom backdoor called Betruger."
Capabilities of Betruger:
- Credential theft and keystroke logging.
- Privilege escalation and data exfiltration.
- Consolidation of multiple malicious functionalities to reduce detectability.
b. Arcane Information Stealer Malware
Kaspersky uncovered "Arcane," an info-stealer targeting VPN credentials, gaming accounts, and more, primarily affecting users in Russia, Belarus, and Kazakhstan.
[16:00] Dave Bittner: "A new information stealing malware called Arcane is targeting users by stealing VPN credentials, gaming accounts, messaging data and browser information."
Distribution Methods:
- Disseminated through YouTube videos promoting game cheats and cracks.
- Utilizes fake downloaders like "Arcana loader" to deceive users.
6. Interview with David Weissman: Implementing CISA’s Encrypted Communications Guidelines
The centerpiece of the episode is an in-depth discussion with David Weissman from BlackBerry, focusing on the implementation of the Cybersecurity and Infrastructure Security Agency (CISA) guidelines for encrypted communications.
[13:45] David Weissman: "I think there are two sets of guidelines... The first is for telecom carriers, networking equipment organizations, and the second is more for the general public."
Key Insights:
-
For the General Public:
- Transition from SMS-based communications to encrypted applications like Signal or WhatsApp.
- Importance of end-to-end encryption to mitigate risks associated with traditional SMS vulnerabilities.
[13:45] David Weissman: "They recommend using some of the popular free applications... like Signal WhatsApp, those types of things."
-
Security Configurations:
- Basic security settings for both iOS and Android devices to enhance protection.
[13:45] David Weissman: "They also give guidance on... basic security configuration settings you should put on your phone."
Challenges and Recommendations:
-
User Adoption:
- Encouraging the shift to encrypted messaging apps for improved privacy.
- Balancing ease of use with enhanced security measures.
[15:35] David Weissman: "I think the vast majority of people, if they're already doing texting, they can use a messaging app... increasing their own levels of privacy."
-
Advanced Threats:
- Addressing risks like identity spoofing and deepfakes despite enhanced encryption.
- The evolving nature of AI-driven attacks requiring heightened skepticism and vigilance.
[18:08] David Weissman: "People are just going to have to be much more skeptical if anything seems off at all, that they're communicating with who they think they are."
7. AI-Generated Defamation: A Case Study
The episode concludes with a discussion on the ramifications of AI models generating false and defamatory statements about individuals, citing the case of Norwegian man Arve Jalmar Holman.
[20:30] Dave Bittner: "Imagine casually asking ChatGPT about yourself, only to discover it has labeled you as a child murderer... a clear violation of GDPR."
Implications:
-
Legal and Ethical Concerns:
- Violations of data accuracy and correction rights under GDPR.
- Potential for reputational damage and legal actions against AI providers like OpenAI.
-
Regulatory Actions:
- Norway's regulators considering stringent measures against AI models that propagate defamatory content.
- Ongoing debates about the responsibilities of AI developers in ensuring data integrity and preventing misuse.
Conclusion: The episode underscores the relentless evolution of cyber threats, from sophisticated RCE vulnerabilities and spyware breaches to the challenges posed by AI-generated misinformation. Through expert insights and detailed analyses, "CyberWire Daily" delivers a comprehensive overview of the current cybersecurity landscape, emphasizing the need for proactive measures and regulatory vigilance.
For more detailed information on today's stories, visit The CyberWire Daily Briefing. Your feedback is valuable—share your thoughts and help us bring you the insights you need to stay ahead in cybersecurity.
