CyberWire Daily Summary: "When Spies Get Spied On"
Release Date: August 13, 2025
Host: Dave Bittner, N2K Networks

Episode Overview

In the August 13, 2025 episode of CyberWire Daily, host Dave Bittner delves into the latest cybersecurity developments, ranging from critical vulnerability patches to sophisticated ransomware operations targeting global infrastructure. The episode features an in-depth interview with Jack Jones, the pioneer behind the Factor Analysis of Information Risk (FAIR) model, exploring advancements in cyber risk quantification. Additionally, the episode sheds light on the challenges consumers face under California law when attempting to remove their data from brokers.

Patch Tuesday: A Comprehensive Security Update

Timestamp: [00:02]

The episode kicks off with a detailed analysis of August 2025's Patch Tuesday, highlighting a surge in security updates across major technology platforms:

• Microsoft patched over 100 vulnerabilities across Windows, Office, and Hyper-V, addressing 12 critical issues, including a high-severity GDI remote code execution flaw with a CVSS score of 9.8. "Although none appear actively exploited, the severity warrants immediate attention," notes Bittner.

• Intel, AMD, and Nvidia issued multiple advisories:

  • Intel addressed high-severity flaws in Xeon drivers and firmware, mitigating potential privilege escalations and denial-of-service attacks.
  • AMD resolved issues related to stacking engine attacks and an EDK2 SMM code execution vulnerability.
  • Nvidia fixed high-severity bugs in its Nemo, Isaac, and Apex tools, preventing remote code executions and data tampering in industrial systems.

• Adobe released updates for over 60 vulnerabilities across 13 products, including Photoshop and InDesign, primarily fixing critical code execution flaws not yet exploited in the wild.

• Fortinet and Avanti also rolled out critical patches addressing remote code executions and authentication bypasses in their respective platforms.

• The Matrix Foundation patched two high-severity vulnerabilities in its open-source federated communications protocol, enhancing security for sensitive governmental and enterprise communications.

Curly Comrades: Russian-Aligned APT Targets Critical Infrastructure

Timestamp: [07:45]

Bitdefender Labs unveiled insights into Curly Comrades, a Russian-aligned Advanced Persistent Threat (APT) group active since mid-2024. This group has been targeting critical infrastructure in Georgia and Moldova, infiltrating judicial, governmental, and energy sectors to steal credentials and exfiltrate sensitive data.

Key findings include:

• Utilization of the custom Mukur agent Backdoor, which bypasses AMSI to execute encrypted PowerShell scripts.
• Techniques such as command hijacking of disabled engine tasks for system re-entry.
• Blending legitimate utilities with custom malware using proxy relays and compromised websites for covert command and control (C2) operations.

“The stealthy, redundant infrastructure underscores both the resilience and geopolitical intent of Curly Comrades,” explains Bittner.

Recommendations:

• Deployment of Extended Detection and Response (XDR) solutions.
• Implementation of LOL bin monitoring and managed detection services.

Microsoft Advises Ignoring Certificate Services Client Errors

Timestamp: [09:30]

Microsoft has issued a caution to Windows 11 users regarding new certificate services client errors appearing post-July 2025 updates. Despite logs showing Error ID 57 related to a failed Microsoft Pluton cryptographic provider load, Microsoft assures users that these errors are harmless and linked to an unfinished feature. "These events do not affect system performance or security," Microsoft states, advising users to disregard the alerts.

NJRAT Malware in Fake Minecraft Clone Exposed

Timestamp: [10:58]

Point Wild's LAT61 threat intelligence team has detected a malware campaign embedding the NJRAT Remote Access Trojan (RAT) within a counterfeit Minecraft clone, specifically the Eaglecraft 1.12 offline version popular in educational and restricted environments. The RAT silently steals passwords, keystrokes, personal data, and can activate webcams and microphones.

Key Indicators:

• Installation of WindowsServices.exe for persistence.
• Connection to remote servers in India via Amazon's cloud infrastructure.
• Evasion techniques to disable security tools like Wireshark.

Expert Advice: “Players should only download Minecraft from official sources and avoid unofficial mods or installers to prevent spyware infections and data theft,” warns Bittner.

Royal Enfield Ransomware Attack Disrupts Operations

Timestamp: [12:52]

Motorcycle manufacturer Royal Enfield has been hit by a ransomware attack, with hackers claiming to have encrypted all servers and wiped backups. This attack led to the suspension of online ordering and certain workshop services. The Chennai-based company confirmed the cybersecurity incident and initiated an internal investigation without disclosing specific details about the compromised data.

Implications:

• Potential regulatory fines.
• Reputational damage and loss of trust among dealers, suppliers, and customers.

DOJ's Operation Against Black Suit Ransomware Gang

Timestamp: [14:06]

The U.S. Department of Justice (DOJ) announced a significant operation against the Black Suit Ransomware Group, formerly known as Royal. This multinational effort, dubbed Operation Checkmate, involved agencies from the US, UK’s NCA, Europe, and Canada. The operation resulted in the seizure of four servers, nine domains, and $1.1 million in cryptocurrency stolen from victims who paid a $1.4 million ransom in April 2023.

Key Points:

• Black Suit, active since 2022 and linked to Conti, has demanded over $500 million from victims across manufacturing, government, healthcare, and commercial sectors.
• The operation emphasizes a disruption-first strategy to protect critical infrastructure and US businesses from ransomware threats.

Interview: Jack Jones on Cyber Risk Quantification and FAIR Model

Timestamp: [15:19] - [23:51]

Guest: Jack Jones, Father of the Factor Analysis of Information Risk (FAIR) model and creator of the Fair Controls Analytics Model

Discussion Highlights:

1. Origin of FAIR:

   • Jack Jones recounts his early experiences as a Chief Information Security Officer (CISO) at Nationwide Insurance in 2000.
   • Faced with the challenge of communicating risk to executives, Jones developed FAIR to quantitatively measure and present cyber risk, transforming abstract risk discussions into actionable insights.
   • “I put together my strategy and went on my dog and pony show… and he said… ‘how much less risk will we have?’” (Transcript [12:52])

2. Adoption and Evolution:

   • FAIR has been adopted as an open standard by The Open Group, with professional certifications available.
   • Taught in over two dozen universities and supported by the FAIR Institute, which boasts 17,000 global members.
   • “FAIR has been around for over 20 years now, and it has stood the test of time,” Jones emphasizes. (Transcript [18:00])

3. How FAIR Works:

   • Begins by defining risk as a clearly scoped loss event scenario (e.g., operational outage due to ransomware).
   • Utilizes data from internal and external experts, employing methodologies like Monte Carlo simulations and Bayesian analysis to account for uncertainty.
   • Facilitates informed decision-making by presenting loss exposure and recommending cost-effective mitigation strategies.
   • “Fair is still going to be perfectly capable of analyzing those… the model itself has really proven to be very resilient,” Jones states. (Transcript [15:27], [18:00])

4. Comparative Analysis:

   • Jones acknowledges the existence of other risk models but asserts that many proprietary models resemble FAIR in structure and function.
   • “Not everybody's happy with, with the notion of quantifying risk. And, to date, it has stood the test of time,” he notes. (Transcript [19:49], [21:29])

5. Recommendations for Adoption:

   • Do your homework: Utilize resources from the FAIR Institute and The Open Group.
   • Engage with the community: Reach out to experts and participate in local FAIR chapters.
   • “Don’t hesitate to reach out, including reaching out to me through LinkedIn,” Jones advises. (Transcript [21:42])

6. Reflections on FAIR’s Success:

   • Jones expresses pride in FAIR's enduring impact, attributing its success to community support and collaborative growth.
   • “I’m incredibly grateful… it would not be nearly what it was or what it's turned out to be,” he reflects. (Transcript [23:51])

California Law vs. Data Brokers: The Opt-Out Maze

Timestamp: [24:00]

The episode concludes by examining the practical challenges consumers face when exercising their right to delete personal information from data brokers under California law. A review by The Markup and CalMatters revealed that out of 499 registered brokers, only 35 had accessible opt-out pages. Many brokers deliberately hid these pages from search engines using obfuscated code, rendering them virtually inaccessible.

Findings:

• Hidden Opt-Out Pages: Some brokers concealed opt-out links in tiny fonts or behind multiple scrolling layers, making them as elusive as "Atlantis."
• Company Responses: While some brokers removed the obscuring code after media attention, others defended their practices citing spam prevention.

“It’s all legal, of course, just not particularly findable. Which one suspects is probably the case,” Bittner concludes.

Closing Notes

• Survey Announcement: CyberWire is conducting an audience survey until the end of the month. Participants can find the link in the show notes.
• Production Credits:
  • Senior Producer: Alice Carruth
  • CyberWire Producer: Liz Stokes
  • Mixing: Trey Hester
  • Original Music: Elliot Heltzman
  • Executive Producer: Jennifer Ibin
  • Publisher: Peter Kilpe

“Thanks for listening. We'll see you back here tomorrow,” concludes Dave Bittner.

For more detailed information and links to today's stories, visit CyberWire Daily Briefing.