CyberWire Daily: Chrome & Firefox Squash the Latest Flaws
Released: April 2, 2025
Host: Dave Buettner, CyberWire Network, powered by N2K Networks

Introduction

In the April 2, 2025 episode of CyberWire Daily, host Dave Buettner delivers a comprehensive roundup of the latest cybersecurity developments. The episode delves into critical browser security updates, significant data breaches, sophisticated cyberattack campaigns, vulnerabilities in major cloud platforms, legal actions against tech giants, and insights from a high-profile cybersecurity leader. Additionally, the episode features an informative segment on the Cisco Enterprise Network Core Technologies exam, catering to professionals aiming to bolster their networking expertise.

1. Browser Security Updates: Chrome 135 & Firefox 137

Patching Critical Flaws

Google and Mozilla took proactive steps to enhance browser security by releasing updates for Chrome and Firefox.

• Chrome 135: This update addresses 14 security vulnerabilities, including a high-severity "use after free" bug in navigations, which could be exploited for unauthorized code execution. Notably, Google rewarded Philip Beer with a $10,000 bug bounty for a vulnerability related to custom tabs ([00:10:02] Buettner).

• Firefox 137: Mozilla's release fixes eight flaws, with three high-severity memory bugs that similarly pose risks of code execution. Updates are extended to Firefox ESR and Thunderbird, ensuring comprehensive protection across platforms.

Urgent Update Recommendations

Both companies emphasize the importance of promptly applying these updates to mitigate potential exploitation, although there is currently no evidence of these specific bugs being actively exploited in the wild.

“Chrome 135 is now available for Linux, Windows, and macOS, while Firefox 137 is live for all supported platforms.” ([00:10:40] Buettner)

2. Data Breach at UK's Royal Mail Group

Massive Data Leak

A significant breach has impacted the UK's Royal Mail Group, with a threat actor known as Ghna leaking 144 gigabytes of stolen data on breach forums. This incident mirrors a previous breach at Samsung and traces back to a 2021 Infostealer malware infection at Spectos, a third-party data service provider.

Details of the Leaked Data

The compromised data includes:

• Customer PII (Personally Identifiable Information)
• Internal Zoom recordings
• Mailing lists
• Delivery data
• WordPress SQL database

Implications and Insights

The breach highlights critical flaws in supply chain security, demonstrating how outdated stolen credentials can culminate in extensive data exposure years later.

“Hackers are increasingly using AI to extract value from such large data dumps, enabling faster, more targeted attacks.” ([00:11:55] Buettner)

Call for Enhanced Security Measures

This incident underscores the urgent need for:

• Improved third-party risk management
• Continuous monitoring
• Implementation of AI-aware defenses within cybersecurity strategies

3. Bizarre Recruitment Campaign to Hack Chinese Websites

Unorthodox Recruitment Tactics

A mysterious figure named Jack has initiated a peculiar campaign offering up to $100,000 a month to cybersecurity professionals tasked with hacking Chinese websites using web shells. The campaign propagates via sockpuppet accounts on X Twitter, featuring AI-generated avatars and vague incentives.

Campaign Characteristics

• Objective: "Hack any website registered in China" with no specific targets, emphasizing volume over precision.
• Conflicting Claims: Jack ambiguously mentions working for the Indian government, leading to speculation about the campaign’s true intent.

Expert Opinions

Security experts remain baffled, debating whether the campaign is genuine or a form of trolling. Despite its dubious nature, there have been no reports of phishing or malware distribution associated with the campaign.

“The campaign is persistent, widespread, and bizarre, with no clear motive or endgame.” ([00:15:10] Buettner)

4. PostgreSQL Servers Compromised for Cryptojacking

Jinx0126 Campaign Exploitation

Over 1,500 PostgreSQL servers with weak credentials have fallen victim to the Jinx0126 cryptojacking campaign. This operation leverages vulnerabilities in PostgreSQL to execute system commands, terminate competing miners, and deploy the XMRig mining software for cryptocurrency extraction.

Technical Breakdown

• Exploitation Method: Utilization of PostgreSQL SQL commands to install malicious binaries.
• Persistence Mechanism: A spoofed postmaster binary ensures continued unauthorized access and privilege escalation.
• Evasion Techniques: The campaign employs unique hashes and fileless execution to bypass traditional detection methods, indicating a sophisticated evolution in cloud-targeted attacks.

“The campaign uses unique hashes and fileless execution to bypass detection, marking a sophisticated evolution in cloud-targeted attacks.” ([00:16:50] Buettner)

5. Google Cloud Patches "Imagerunner" Vulnerability

Vulnerability Details

Google Cloud has addressed a vulnerability named imagerunner affecting its Cloud Run platform. Discovered by Tenable, the flaw permitted users with specific permissions to modify cloud run services and access private container images, potentially leading to the extraction and exfiltration of sensitive data.

Remediation Measures

• Patch Deployment: Google fully deployed the fix by January 28, 2025, and now enforces stricter IAM (Identity and Access Management) checks during deployments to prevent unauthorized image access.
• Customer Notifications: Customers were alerted about the vulnerability in November 2024.

New Security Features

Google also introduced a beta feature allowing enterprise users to send end-to-end encrypted emails within their organization, with plans to expand this to all Gmail inboxes by year-end. This feature simplifies secure communications by eliminating the need for certificate management or key sharing.

“Google’s approach doesn’t require certificate management or key sharing, simplifying secure communications.” ([00:18:00] Buettner)

6. Oracle Faces Class Action Lawsuit Over Data Breaches

Legal Challenges

Oracle is currently embroiled in a class action lawsuit in Texas, filed by Michael Toik and law firm Seamus and Gentile. The suit alleges that Oracle violated Texas data breach notification laws by failing to inform victims within the required 60-day timeframe following breaches that exposed personal and health data.

Allegations

• Negligence: Accusations center on Oracle's inadequate security practices leading to data exposure.
• Lack of Transparency: Plaintiffs claim Oracle did not disclose the breach, nor did it explain how it occurred or assure data security post-breach.
• Potential Risks: Continued risks of identity theft and financial loss for affected individuals.

Plaintiffs’ Demands

The lawsuit seeks:

• Compensation for affected individuals
• Improved cybersecurity practices within Oracle

“He and others expect to face ongoing risks of identity theft and financial loss.” ([00:19:20] Buettner)

Oracle has yet to issue a response to these allegations.

7. CISA Releases ICS Advisories on Rockwell Automation & Hitachi Energy

Critical Vulnerabilities Identified

On April 1, CISA (Cybersecurity and Infrastructure Security Agency) released advisories highlighting major vulnerabilities in products from Rockwell Automation and Hitachi Energy, posing significant risks to critical infrastructure sectors such as manufacturing, energy, water, and chemicals.

Rockwell Automation Advisory

• Vulnerability: Deserialization flaw in systems using Veeam Backup and Replication
• Impact: Allows remote code execution with administrative access
• Mitigation: Patches are available and must be applied immediately

Hitachi Energy Advisory

• Vulnerabilities: Includes a critical injection vulnerability in Micro SCADA Pro X SYS600
• Affected Versions: Multiple versions are impacted
• Mitigation: Patches provided for affected systems

CISA’s Recommendations

• Immediate Patching: Apply available fixes without delay
• Limit ICS Exposure: Restrict access to Industrial Control Systems
• Secure Configurations: Implement best practices for system security

“No exploitation has been reported yet, but the agency stresses urgency due to the potential for severe disruption.” ([00:20:30] Buettner)

8. Exclusive Interview with General Paul Nakasone

Assessment of Evolving Cyber Threats

In an exclusive interview with The Record, former NSA and US Cyber Command Chief General Paul Nakasone provides a candid evaluation of America's shifting cyber threat landscape.

Key Insights

• China’s Cyber Aggression: General Nakasone highlights Chinese campaigns such as Volt and SALT Typhoon as indicators that Beijing has surpassed Russia in both capability and intent. He notes, “This is nothing like we've seen before,” emphasizing the unprecedented nature of Chinese cyber operations ([00:21:00] Nakasone).

• Critical Infrastructure Intrusions: Pointing to Chinese intrusions into critical US infrastructure, he underscores the necessity for enhanced cyber deterrence, rapid defense mechanisms, and robust partnerships across government, industry, and academia.

• AI’s Dual-Use Potential: Now serving on the OpenAI board, Nakasone discusses the dual-use nature of AI technologies, which can be harnessed for both offensive and defensive purposes. He advocates for a national strategy encompassing data, energy, semiconductors, and talent to leverage AI’s potential responsibly.

• Broader Strategic Concerns: From AI ethics to tensions in Taiwan and offensive cyber policies, Nakasone’s overarching message is clear: “The US must move faster or fall behind.” He stresses that proactive measures are essential to stay ahead in the cyber domain ([00:21:35] Nakasone).

9. Certbytes Segment: Cisco Enterprise Network Core Technologies Exam

Exam Overview

The episode features an insightful segment hosted by Chris and Troy, focusing on the Cisco Enterprise Network Core Technologies (350-401 ENCOR) exam.

Key Highlights

• Certification Importance: The exam is a gateway to the Cisco Certified Specialist Enterprise Core certification, which also fulfills prerequisites for several other Cisco certifications, positioning candidates for roles such as network engineers.

• Exam Structure: Beyond multiple-choice and drag-and-drop questions, the exam includes performance-based items that require hands-on configuration and troubleshooting of routers and switches.

• Study Tips: Troy emphasizes the necessity of using network simulation tools to gain practical experience, ensuring readiness for the performance-based sections.

“You need to get lots of hands-on. So find some sort of a network simulation tool that allows you to practice working with routers and switches.” ([00:18:50] Troy)

Sample Question Breakdown

During the segment, Chris navigates a sample question about Enhanced Interior Gateway Routing Protocol (EIGRP) packet types, illustrating effective test-taking strategies even when unfamiliar with the subject matter.

Conclusion

This episode of CyberWire Daily provides a thorough exploration of recent cybersecurity developments, from essential browser updates and substantial data breaches to emerging cyber threats and legal challenges within the tech industry. The exclusive interview with General Paul Nakasone offers strategic insights into national cyber defense, underscoring the evolving nature of global cyber threats. Additionally, the Certbytes segment serves as a valuable resource for professionals seeking to advance their networking certifications. Collectively, the episode equips listeners with critical information and actionable insights to navigate the complex cybersecurity landscape.

For More Information:
Visit thecyberwire.com for detailed reports and additional resources related to today's topics.