Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. The UK Sanctions Russian military intelligence officers tied to GRU Cyber units An AI powered malware called lamehug targets Windows systems Google Files A lawsuit against the operators of the Bad Box 2.0 botnet. A pair of healthcare data breaches impact over 3 million individuals. Researchers report a phishing attack that bypasses Fido authentication by exploiting QR codes. A critical flaw in Nvidia's container toolkit threatens managed AI cloud services. A secure messaging app is found exposing sensitive data due to outdated configurations. Meta investors settle their $8 billion lawsuit. Our guest is Will Marco, CEO of Four One Insights and N2K Cyberwire Senior Workforce Analyst with a data driven look at how AI is affecting jobs and Belgian police provide timely cyber tips Baked right it's Friday, July 18, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Happy Friday. It is great to have you with us. The UK has sanctioned 18 Russian military intelligence officers tied to GRU cyber UN accused of targeting civilians in Ukraine, including attacks like the Mariupol Theater strike. The sanctions also cite earlier hacks such as that of Yulia Skripal's phone and broader cyber campaigns to destabilize Europe and threaten UK security. Key GRU units like Fancy Bear and Sandworm were implicated, along with malware operations like Authentic Antics. Many of those sanctioned are already indicted in the us, though a few names are newly identified. The UK also targeted a Russian backed content operation in Africa, pushing disinformation. Foreign Secretary David lammy warned that Russia's hybrid threats won't go unchecked and the UK's commitment to defending Ukraine and European security is ironclad. Ukrainian cybersecurity officials have uncovered a new malware called lamehug, which uses an AI powered large language model to generate commands on compromised Windows systems. Certua linked the malware to The Russian backed APT28 hacking group known for targeting Ukraine's defense sector. The malware was spread via fake ministry emails containing a malicious PIF file built with Python and using Alibaba's LLM through hugging face. Lamehug adapts in real time, making it harder to detect. IBM X Force called this tactic novel for its dynamic execution. APT28, active since 2004, has a long history of attacks against Ukraine, including attempts at critical infrastructure and Western firms aiding Ukraine Google has filed a lawsuit against the operators of Bad Box 2.0, a massive botnet infecting over 10 million Android based devices. Lacking Google's security protections, the malware was pre installed on devices or spread via malicious apps, creating backdoors for fraud and illicit schemes. Bad Box 2.0 is the largest known botnet targeting smart TVs and connected devices, with potential for more dangerous attacks like ransomware or DDoS. Operators sold access to infected devices as residential proxies and used them for ad fraud. Google's lawsuit seeks to disrupt the botnet's infrastructure, citing links to multiple cybercrime groups in China. These groups collaborated through shared command and control systems, each handling different roles from malware development to infrastructure and monetization. This follows the takedown of the original bad box in 2023, two major healthcare data breaches have been disclosed, impacting over 3 million individuals. Radiology Associates of Richmond, Virginia reported a breach from April 2024 affecting 1.4 million people. Hackers accessed systems for several days, but the breach wasn't confirmed until more than a year later. Exposed data included personal and health information, including some Social Security numbers in Maryland. Anne Arundel Dermatology revealed a separate breach affecting 1.9 million individuals. Hackers had access to their Systems for nearly three months in early 2025. While neither breach shows confirmed misuse or involvement by known ransomware groups. Both firms are offering identity protection services. These incidents add to a growing list of large scale healthcare breaches in recent months, as tracked by the U.S. department of Health and Human Services. Researchers at security firm Expel report a phishing attack that bypasses Fido authentication by exploiting QR codes used in cross device sign ins. Fido keys, which are device bound and offer strong mfa, are typically secure, but this attack tricks users into scanning a malicious QR code. The attacker created a fake Okta login page that mimicked the legitimate portal and relayed login credentials in real time. Once users scanned the QR code, thinking it was part of the legitimate login, the attacker gained access. Expel suspects ties to the Poison Seed campaign, which has targeted crypto wallets. While no malicious actions were seen after login in this case, Expel warns that attackers have also enrolled their own Fido keys to lock victims out. To defend against this, experts recommend requiring Bluetooth for cross device logins, monitoring authentication logs for unusual activity, and watching for unexpected Fido key registrations. Terminating active sessions quickly is also advised if compromise is suspected. Researchers at Wiz discovered a critical flaw in Nvidia's container toolkit, dubbed Nvidia Scape, which threatens managed AI cloud services. The vulnerability, shown at PWN to own Berlin with a CVSS score of 9.0, allows privilege escalation, data theft, tampering and denial of service attacks. It stems from a misconfigured Open Container Initiative hook. A malicious container can gain root access on shared GPU hosts, risking sensitive data and AI models. Wiz warns that containers alone aren't secure and recommends stronger isolation like virtualization. Telemessage Signal, a secure messaging app used by US Agencies and businesses, was found exposing sensitive data due to outdated configurations in spring boot, leaving the heap dump endpoint open. This flaw allows attackers to extract memory dumps containing credentials and session data. Despite newer spring boot versions disabling this by default, vulnerable instances persisted. As of May of this year, CISA added the issue to its known Exploited Vulnerabilities list, warning of active attacks. Telemessage previously suffered a major breach in May, exposing 410 gigabytes of sensitive data. Meta investors have settled a lawsuit accusing CEO Mark Zuckerberg and other executives of mishandling the Cambridge Analytica data privacy scandal. The case, which sought $8 billion in damages, alleged leaders ignored red flags about the firm's misuse of Facebook user data. It also focused on Meta's $5 billion FTC fine in 2019 claiming it was inflated to protect Zuckerberg from personal liability. Settlement terms remain undisclosed. Meta and plaintiff representatives have not commented on the outcome. Coming up after the break, my conversation with Will Marco, CEO of Four One Insights and N2K Cyberwire's senior workforce analyst. We're taking a data driven look at how AI is affecting jobs. And Belgian police provide timely cyber tips. Baked right in. Stick around. Hey, everybody. Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple Night to stay ahead of threats. Download it now at sempras.com purple-knight that's sempras.com purple-Knight it is always my pleasure to welcome back to the show Will Marco. He is the CEO of Four One Insights and an N2K CyberWire Senior Workforce Analyst. Will, welcome back.