Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire network, powered by N2K.
Ann Johnson (0:14)
Secure access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero Trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE Treasury's OCC reports a major email breach we got some Patch Tuesday updates A critical vulnerability in AWS Systems Manager Agent allows attackers to execute arbitrary code with root privileges. Experts urged Congress to keep strict export controls to help slow China's progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution. CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft's Ann Johnson from afternoon cybertea is joined by Jack Resider, the creator and host of the acclaimed podcast Darknet Diaries. And Feds aim to rewrite Social Security code in record time. It's Wednesday, April 9th, 2025. I'm Dave Buettner and this is your CyberW Intel Briefing. Thanks for joining us here. It's great to have you with us as always. The US Treasury's Office of the Comptroller of the Currency, the OCC, reported a major email breach discovered on February 12. The incident involved unauthorized access to 103 email accounts, including those of OCC executives and staff. Hackers accessed around 150,000 emails dating back to May of 2023. Some messages contained sensitive information on federally regulated banks used for oversight and examinations. The breach was initially flagged by Microsoft, which alerted the occasional While the OCC says there's no sign the wider financial sector was affected, the compromised data is considered highly sensitive. The attacker's identity remains unknown, but previous targeting of treasury entities has been linked to China based group Silk Typhoon. The OCC has since ended the unauthorized access and is continuing its investigation. This month's Patch Tuesday was a heavyweight, with Microsoft releasing fixes for 147 vulnerabilities, five of them rated critical and one already being exploited in the wild. That zero day involved a malicious proxy driver being used in targeted attacks. Most of the bugs hit core components like Windows kernel, Office and Azure services. If your org runs Microsoft infrastructure, this one's a must do. But the patch party didn't stop there. Fortinet issued a fix for a critical bug in Fortiswitch. It allows remote unauthenticated attackers to reset admin passwords with a specially crafted request. It's a serious threat to network integrity and needs urgent patching. Ivanti patched six vulnerabilities in its endpoint Manager. One of them could let an unauthenticated user execute a cross site scripting attack and gain administrative access. VMware also delivered updates for 47 issues in Tanzu with 10 marked critical and Zoom resolved six bugs across its workplace suite. In the industrial sector, Rockwell, Siemens, Schneider Electric and ABB all patched ICS vulnerabilities. Siemens even recommended replacing a power monitoring device entirely due to security flaws that couldn't be safely mitigated with software alone. So don't delay and patch em if you got em. A critical vulnerability in AWS System Manager Agent allowed attackers to execute arbitrary code with root privileges by exploiting improper input validation in the validatepluginid function. This flaw let attackers craft malicious plugin IDs using path traversal to create and execute unauthorized scripts in system directories. Since the SSM agent is widely used to manage EC2 and on prem servers, the risk was significant. AWS patched the issue on March 5 after responsible disclosure in February. Security experts advise updating immediately validating plugin IDs and using safe Path resolution methods like Build Safe Path. This incident underscores that even mature cloud tools are vulnerable and highlights the need for strict input, validation and ongoing system monitoring in cloud environments. Technology experts urged Congress to keep strict export controls on semiconductor chips and other tech, arguing these restrictions are crucial for slowing China's progress in AI and preserving US leadership, CyberScoop reports. Although the US has long limited China's access to advanced chips, the rise of generative AI models from firms like Deepseek and Alibaba has raised doubts about the strategy's effectiveness. Still, experts like Gregory Allen of the center for Strategic and International Studies said these restrictions have already limited China's AI advancement and should continue. Deepseek, despite its progress, still struggles with a lack of high performance computing power, something only US Made chips currently provide. Experts argue that American technology is still foundational to China's AI development, giving the US Vital leverage. They also criticized the Biden administration's export control rollout, saying advance notice allowed Chinese firms to stockpile parts. They called for tighter, faster controls guided by deeper collaboration with tech and intelligence sectors. A critical bug in WhatsApp for Windows allows attackers to execute malicious code by tricking users into opening rigged attachments. The flaw, fixed in a recent version, involves a mismatch between MIME type and file extension. For example, an EXE file disguised as an image could run if clicked. Though the exploit requires user interaction, experts warn it's easy to deceive users. Meta urges everyone to update WhatsApp and be cautious with attachments, even from familiar contacts. CISA has issued an urgent call for organizations to Patch two actively exploited zero day vulnerabilities. The first is a critical flaw in Gladonet's Center Stack cloud server, which allows remote code execution via improper handling of cryptographic keys. Exploited since March, it was recently patched. The second is a Windows CLFS vulnerability, a Use after Free issue in Microsoft's Common Log file system driver enables local privilege escalation. It's actively exploited by the Pipe Magic malware in ransomware attacks, and it was addressed on patch Tuesday. CISA mandates federal agencies apply these patches by April 29th. A chilling insider threat case has rocked the University of Maryland Medical center, where a now former pharmacist allegedly used his access to IT systems to spy on female clinicians for nearly a decade. Matthew Bachela is accused of installing Spyware on over 400 hospital and home devices, enabling him to secretly watch co workers breastfeeding in intimate moments and interacting with their families. He reportedly used keyloggers to steal passwords, gaining access to personal accounts and cloud storage. Despite alerts from IT staff and suspicions of hacking, UMMC allegedly failed to identify or stop the breach. Victims only learned of the voyeurism through FBI investigations. A civil lawsuit claims UMMC was negligent, violating healthcare security laws. The hospital has since fired Bachelor and pledged to improve its cybersecurity, but the damage, both emotional and reputational, is severe. This case is a stark reminder of how dangerous insider threats can be when detection and oversight fail. Coming up after the break, Microsoft's Ann Johnson from the afternoon cybertea podcast is joined by Jack Resyder, creator and host of Darknet Diaries, and the feds aim to rewrite Social Security code in record time. Stay with us. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done. Five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.