Transcript
Dave Buettner (0:02)
You're listening to the Cyberwire Network, powered by N2K. Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard jobs.com Google and Mozilla patch nearly two dozen security flaws the UK's Royal Mail Group sees 144 gigabytes of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking Google Cloud patches, a vulnerability affecting its cloud run platform. Oracle faces a class action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America's evolving cyber threats. On today's Certbyte segment, a look at the Cisco Enterprise Network Core Technologies exam and are AI LLMs more like minds or mirrors? It's Wednesday, April 2, 2025. I'm Dave Buettner and this is your CyberWire Intel Brief. Thanks for joining us here today. It's great to have you with us. Google and Mozilla released updates on Tuesday to patch nearly two dozen security flaws in Chrome 135 and Firefox 137. Chrome 135 includes 14 fixes with a high severity use after free bug in navigations. Topping the list. Google paid $18,000 in bug bounties, including $10,000 to Philip Beer for a custom tabs issue. Firefox 137 addresses eight flaws, including three high severity memory bugs that could allow code execution. Mozilla also rolled out updates for Firefox, ESR and Thunderbird covering many of the same vulnerabilities. While there's no evidence these bugs are being exploited in the wild, both companies urge users to Update promptly. Chrome 135 is now available for Linux, Windows and macOS, while Firefox 137 is live for all supported platforms. A threat actor known as Ghna has leaked 144 gigabytes of data stolen from Royal Mail Group, a UK postal service and courier company, on breach forums following a similar Samsung breach. Both incidents trace back to a 2021 Infosteeler malware infection at Spectos, a third party data service provider. The leaked files include customer PII, internal Zoom recordings, mailing lists, delivery data and a WordPress SQL database. Hackers are increasingly using AI to extract value from such large data dumps, enabling faster, more targeted attacks. The breach exposes deep flaws in supply chain security, showing how old stolen credentials can lead to major breaches. Years later, the Royal Mail incident underscores the urgent need for better third party risk management, ongoing monitoring and AI aware defenses in cybersecurity strategies. A mysterious figure named Jack is offering up to $100,000 a month to cybersecurity professional to hack Chinese websites using web shells. This recruitment campaign spread via sockpuppet accounts on X Twitter features AI generated avatars and vague promises. The job Hack any website registered in China. No specific targets, just volume. Jack claims to want China's traffic but offers little explanation, even contradicting himself about working for the Indian government. Security experts are baffled. Some think it's trolling. Others suspect a bizarre attempt to infect Chinese users with malware. Despite its sketchiness, no one has reported phishing or malware links yet. In the words of one expert, the campaign is persistent, widespread and bizarre, with no clear motive or endgame. Over 1500 PostgreSQL servers with weak credentials have been compromised by the Jinx0126 campaign, a new wave of cryptojacking linked to earlier PG MEM malware. Attackers exploit a PostgreSQL SQL command to run system commands, kill competing miners, and deploy a binary that installs XMRig mining software. A spoofed postmaster binary ensures persistence and escalates privileges. According to Wiz, the campaign uses unique hashes and fileless execution to bypass detection, marking a sophisticated evolution in cloud targeted attacks. Google Cloud has patched a vulnerability called imagerunner, which affected its cloud run platform. Discovered by Tenable, the flaw allowed users with certain permissions to modify cloud run services and potentially access private container images. In the worst case, attackers could extract secrets and exfiltrate sensitive data. Google says they alerted customers in November of last year and fully deployed a fix by January 28th of this year. The update now enforces stricter IAM checks during deployments to prevent unauthorized image access. Elsewhere, Google has launched a beta feature allowing enterprise users to send end to end encrypted emails within their organization, with plans to expand it to all Gmail inboxes by year's end. Google's approach doesn't require certificate management or key sharing, simplifying secure communications. Organizations retain control of encryption keys, keeping messages secure and compliant with regulations. External recipients can access messages via a restricted interface or smime if supported. Additional Gmail security features, including data loss prevention and AI threat protection, are also now available. Oracle is facing a class action lawsuit in Texas over alleged data breaches tied to its cloud services. Filed by Floridian Michael Toik and law firm Seamus and Gentile, the suit accuses Oracle of violating Texas data breach notification laws by failing to alert victims within 60 days. The case alleges that Oracle's poor security practices led to the exposure of personal and health data and that the company has remained silent about the breach. Tykos claims Oracle didn't inform him of the incident, explain how it occurred, or confirmed data security. He and others expect to face ongoing risks of identity theft and financial loss. The plaintiffs seek compensation and demand Oracle improve its cybersecurity practices. Oracle has yet to respond to the allegations. On April 1, CISA released two ICS advisories detailing major vulnerabilities in Rockwell Automation and Hitachi energy products, posing risks to critical infrastructure. The Rockwell advisory warns of a deserialization flaw in systems using Veeam backup and replication, allowing remote code execution with admin access. Patches are available. The Hitachi advisory highlights several flaws, including a critical injection vulnerability in micro scada Pro X SYS600. Multiple versions are affected and there are fixes provided. These issues could impact manufacturing, energy, water and chemical sectors. CISA urges immediate action, patching systems, limiting ICS exposure and applying secure configurations. No exploitation has been reported yet, but the agency stresses urgency due to the potential for severe disruption. In an exclusive interview with the Record, former NSA and US Cyber Command Chief General Paul Nakasone offered a candid assessment of America's evolving cyber threats. A year out of government, Nakasone reflected on China's growing cyber aggression, describing the Volt and SALT typhoon campaigns as clear signs that Beijing has surpassed Russia in capability and intent. This is nothing like we've seen before, he warned, pointing to Chinese intrusions in critical US Infrastructure, Nakasone emphasized the urgent need for better cyber deterrence, faster defense and stronger partnerships across government, industry and academia. Now on the OpenAI board, he also discussed AI's dual use future powerful for both offense and defense, and called for a national strategy around data, energy, semiconductors and talent. From AI ethics to Taiwan tensions and offensive cyber policy, Nakasone's message was the US Must move faster or fall behind. Coming up after the break on today's Certbyte segment A look at the Cisco Enterprise Network Core Technologies exam and are AI LLMs more like minds or mirrors? Stay with us.