Risky Bulletin: EU Launches Its Own Vulnerability Database
Episode Release Date: May 14, 2025
Host: Claire Aird

1. EU Cyber Security Agency Introduces EUVD

The European Union Cyber Security Agency has officially launched its own vulnerability database, named the EU Vulnerability Database (EUVd). This initiative marks a significant step for the EU in enhancing its cybersecurity infrastructure, independently from the American Common Vulnerabilities and Exposures (CVE) program. Claire Aird notes, “[The EUVd] is unrelated to the funding issues with the American CVE program” (00:04).

The establishment of the EUVD was initiated in 2022, aiming to provide a centralized platform for recording and managing cybersecurity vulnerabilities within the EU. This move is expected to bolster the region's ability to respond swiftly to emerging threats and coordinate more effectively across member states.

2. Spain Probes Cyber Role in Energy Grid Collapse

Spain's cybersecurity agency is currently assessing the cybersecurity practices of small and medium-sized electricity providers following a nationwide power grid collapse in late April. According to Aird, "officials have yet to identify the cause and have not excluded a possible cyber attack" (00:04). This investigation highlights the increasing vulnerability of critical infrastructure to cyber threats and the importance of robust security measures in preventing large-scale disruptions.

3. Russian Cadet Arrested for Selling Hacking Tools

In a significant crackdown, Russian authorities have arrested a military cadet accused of selling a hacking tool designed to breach government networks. Claire Aird reports, “The tool allegedly allowed attackers to bypass security systems and access classified information on the Russian Ministry of Defence network” (00:04). The cadet, a student at the A.F. Mozhaisky Military Space Academy, is charged with marketing the tool on the Evito classified ads portal for $100. The Federal Security Service (FSB) detained him last week, underscoring Russia's stringent stance against cyber espionage and unauthorized cyber activities.

4. Turkish APT Exploits Zero-Day Vulnerability in Iraq

A Turkish cyber espionage group, known as Marble Dust (also identified as Sea Turtle and UNC1326), targeted Kurdish military members in Iraq by exploiting a zero-day vulnerability in the output messenger application. This attack, which occurred last year, was only patched in December. Microsoft’s security team attributed the operation to Marble Dust, highlighting the persistent threat posed by advanced persistent threats (APTs) in regional conflicts (00:04).

5. North Korean APT Shifts Focus to Ukraine

Historically targeting Russian interests, a North Korean APT has shifted its focus to the Ukrainian government to gather intelligence on Russia's invasion efforts. Claire Aird explains, “This is the first time the group is believed to have targeted the Ukrainian government. It's historically focused on Russia” (00:04). This strategic pivot occurred in February, following North Korea's commitment of troops to support Russia’s military endeavors, indicating a broader scope of cyber operations in the region.

6. US Army Deactivates Information Operations Unit

In a notable restructuring, the US Army has deactivated its only information operations unit, the First Information Operations Command, which was established in 2002. Claire Aird states, “Its functions will be taken over by the Army Cyber Command” (00:04). This decision, made in 2024 under the Biden administration, marks a shift in how the US military handles information warfare and cybersecurity training, consolidating these responsibilities within a single command structure.

7. Fortinet and Ivanti Address Critical Vulnerabilities

Fortinet has patched a zero-day vulnerability affecting 40 voice phone systems, which allows remote unauthenticated attackers to execute malicious code via specially crafted web requests. Claire Aird mentions, “Fortinet says 40 mail, 40 NDR, 40 recorder and 40 camera are also vulnerable to the same issue” (00:04).

Simultaneously, Ivanti has released a security update for its mobile device management platform, EPMM, addressing vulnerabilities that enable attackers to bypass authentication and deploy malicious code. These zero-days reside in two open-source libraries utilized by Ivanti's software, though the specific libraries remain unnamed (00:04). Both patches are critical for maintaining the integrity and security of affected systems.

8. Alabama Investigates Security Breach

Alabama state officials are investigating a recent security breach after detecting suspicious network activity. According to Claire Aird, “attackers obtained credentials for some state employees. A preliminary investigation suggests residents' personal data appears safe” (00:04). This incident underscores the ongoing risks of credential theft and the necessity for continuous monitoring and robust security protocols to protect sensitive information.

9. Christian Dior Suffers Data Theft in China

A cybersecurity breach at Christian Dior's network in China resulted in the theft of customer data, including names, emails, phone numbers, and home addresses. Aird reports, “The French fashion house notified users last week and urged customers to watch for possible phishing emails” (00:04). This incident highlights the pervasive threat of data breaches in the retail sector and the importance of timely communication with affected individuals to mitigate potential phishing attacks.

10. Kosovo Citizen Extradited for Running Cybercrime Marketplace

Don Masaritsa, a citizen of Kosovo, has been extradited to the United States on charges of operating BlackDB, an online marketplace for selling stolen credit card details and hacked service accounts. Claire Aird notes, “If convicted, he faces up to 55 years in prison” (00:04). This case exemplifies international cooperation in combating cybercrime and the significant legal consequences for those involved in facilitating illicit online activities.

11. Dragon Force Ransomware Group Condemns Misuse of Its Tools

The Dragon Force Ransomware Group has publicly condemned the use of its ransomware in attacks targeting hospitals, critical infrastructure, and Russian companies. In a forum post, the group stated, “Such attacks are against its rules,” adding that similar misuses have led to the downfall of other major ransomware operations (00:04). This stance highlights the internal governance among cybercriminal groups and their attempts to control the impact of their tools.

12. Telegram Shuts Down Crypto Laundering Accounts

Telegram has taken action by shutting down thousands of accounts used to launder proceeds from pig butchering scams. These crypto scammers utilized the platform to launder over $35 billion in cryptocurrency. As Claire Aird explains, “some accounts were run by Cambodian company Huiwuan Guaranty. Others are run by Jinbei Guarantee, a similar operation for Chinese speaking scammers” (00:04). The US recently sanctioned Huiwuan, reflecting increased efforts to disrupt illicit financial flows in the crypto space.

13. DHS Impersonation Scams Targeting Foreign Students

Scammers posing as Department of Homeland Security (DHS) agents are increasingly targeting foreign students in the US, demanding payments to resolve nonexistent immigration issues. Claire Aird states, “The scammers threaten prosecution or deportation if fake legal fees aren't paid” (00:04). Most victims hail from the Middle East, emphasizing the need for awareness and protective measures among vulnerable populations against such fraudulent schemes.

14. Discovery of a New CPU Side Channel Attack Technique

Security researchers have uncovered a novel technique for CPU side channel attacks, specifically a training solo variant of the Spectre attack. This new method effectively bypasses existing mitigations, including domain isolation protections. Claire Aird reports, “ARM and Intel processors are vulnerable, including Intel's latest models” (00:04). The discovery of eight vulnerabilities in Nissan Leaf cars further exacerbates concerns, as these bugs allow attackers to control vehicle telematics, infotainment systems, and the CAN bus, potentially manipulating core vehicle functions like steering and door operations.

15. Microsoft Implements Screenshot Blocking in Teams Meetings

In an effort to enhance security and prevent unauthorized data capture, Microsoft will introduce a Prevent Screen Capture feature in Teams meetings. As Claire Aird explains, “It will turn the screen black when a user tries to take a screenshot. It'll roll out for all platforms in July” (00:04). This feature aims to protect sensitive information shared during virtual meetings from being inadvertently or maliciously captured and distributed.

Conclusion

This episode of Risky Bulletin delivered a comprehensive overview of the latest developments in cybersecurity, ranging from governmental initiatives and high-profile breaches to the evolving tactics of cybercriminal groups. Host Claire Aird effectively highlighted the dynamic landscape of cyber threats and the ongoing efforts to mitigate risks across various sectors. For listeners seeking to stay informed on critical cybersecurity issues, this episode offered valuable insights and timely updates.

For more information and regular updates, visit Risky.Business.