Risky Bulletin: EU launches its own vulnerability database - Risky Bulletin

Summary6 min read

Risky Bulletin: EU Launches Its Own Vulnerability Database
Episode Release Date: May 14, 2025
Host: Claire Aird

1. EU Cyber Security Agency Introduces EUVD

The European Union Cyber Security Agency has officially launched its own vulnerability database, named the EU Vulnerability Database (EUVd). This initiative marks a significant step for the EU in enhancing its cybersecurity infrastructure, independently from the American Common Vulnerabilities and Exposures (CVE) program. Claire Aird notes, “[The EUVd] is unrelated to the funding issues with the American CVE program” (00:04).

The establishment of the EUVD was initiated in 2022, aiming to provide a centralized platform for recording and managing cybersecurity vulnerabilities within the EU. This move is expected to bolster the region's ability to respond swiftly to emerging threats and coordinate more effectively across member states.

2. Spain Probes Cyber Role in Energy Grid Collapse

Spain's cybersecurity agency is currently assessing the cybersecurity practices of small and medium-sized electricity providers following a nationwide power grid collapse in late April. According to Aird, "officials have yet to identify the cause and have not excluded a possible cyber attack" (00:04). This investigation highlights the increasing vulnerability of critical infrastructure to cyber threats and the importance of robust security measures in preventing large-scale disruptions.

3. Russian Cadet Arrested for Selling Hacking Tools

In a significant crackdown, Russian authorities have arrested a military cadet accused of selling a hacking tool designed to breach government networks. Claire Aird reports, “The tool allegedly allowed attackers to bypass security systems and access classified information on the Russian Ministry of Defence network” (00:04). The cadet, a student at the A.F. Mozhaisky Military Space Academy, is charged with marketing the tool on the Evito classified ads portal for $100. The Federal Security Service (FSB) detained him last week, underscoring Russia's stringent stance against cyber espionage and unauthorized cyber activities.

4. Turkish APT Exploits Zero-Day Vulnerability in Iraq

A Turkish cyber espionage group, known as Marble Dust (also identified as Sea Turtle and UNC1326), targeted Kurdish military members in Iraq by exploiting a zero-day vulnerability in the output messenger application. This attack, which occurred last year, was only patched in December. Microsoft’s security team attributed the operation to Marble Dust, highlighting the persistent threat posed by advanced persistent threats (APTs) in regional conflicts (00:04).

5. North Korean APT Shifts Focus to Ukraine

Historically targeting Russian interests, a North Korean APT has shifted its focus to the Ukrainian government to gather intelligence on Russia's invasion efforts. Claire Aird explains, “This is the first time the group is believed to have targeted the Ukrainian government. It's historically focused on Russia” (00:04). This strategic pivot occurred in February, following North Korea's commitment of troops to support Russia’s military endeavors, indicating a broader scope of cyber operations in the region.

6. US Army Deactivates Information Operations Unit

In a notable restructuring, the US Army has deactivated its only information operations unit, the First Information Operations Command, which was established in 2002. Claire Aird states, “Its functions will be taken over by the Army Cyber Command” (00:04). This decision, made in 2024 under the Biden administration, marks a shift in how the US military handles information warfare and cybersecurity training, consolidating these responsibilities within a single command structure.

7. Fortinet and Ivanti Address Critical Vulnerabilities

Fortinet has patched a zero-day vulnerability affecting 40 voice phone systems, which allows remote unauthenticated attackers to execute malicious code via specially crafted web requests. Claire Aird mentions, “Fortinet says 40 mail, 40 NDR, 40 recorder and 40 camera are also vulnerable to the same issue” (00:04).

Simultaneously, Ivanti has released a security update for its mobile device management platform, EPMM, addressing vulnerabilities that enable attackers to bypass authentication and deploy malicious code. These zero-days reside in two open-source libraries utilized by Ivanti's software, though the specific libraries remain unnamed (00:04). Both patches are critical for maintaining the integrity and security of affected systems.

8. Alabama Investigates Security Breach

Alabama state officials are investigating a recent security breach after detecting suspicious network activity. According to Claire Aird, “attackers obtained credentials for some state employees. A preliminary investigation suggests residents' personal data appears safe” (00:04). This incident underscores the ongoing risks of credential theft and the necessity for continuous monitoring and robust security protocols to protect sensitive information.

9. Christian Dior Suffers Data Theft in China

A cybersecurity breach at Christian Dior's network in China resulted in the theft of customer data, including names, emails, phone numbers, and home addresses. Aird reports, “The French fashion house notified users last week and urged customers to watch for possible phishing emails” (00:04). This incident highlights the pervasive threat of data breaches in the retail sector and the importance of timely communication with affected individuals to mitigate potential phishing attacks.

10. Kosovo Citizen Extradited for Running Cybercrime Marketplace

Don Masaritsa, a citizen of Kosovo, has been extradited to the United States on charges of operating BlackDB, an online marketplace for selling stolen credit card details and hacked service accounts. Claire Aird notes, “If convicted, he faces up to 55 years in prison” (00:04). This case exemplifies international cooperation in combating cybercrime and the significant legal consequences for those involved in facilitating illicit online activities.

11. Dragon Force Ransomware Group Condemns Misuse of Its Tools

The Dragon Force Ransomware Group has publicly condemned the use of its ransomware in attacks targeting hospitals, critical infrastructure, and Russian companies. In a forum post, the group stated, “Such attacks are against its rules,” adding that similar misuses have led to the downfall of other major ransomware operations (00:04). This stance highlights the internal governance among cybercriminal groups and their attempts to control the impact of their tools.

12. Telegram Shuts Down Crypto Laundering Accounts

Telegram has taken action by shutting down thousands of accounts used to launder proceeds from pig butchering scams. These crypto scammers utilized the platform to launder over $35 billion in cryptocurrency. As Claire Aird explains, “some accounts were run by Cambodian company Huiwuan Guaranty. Others are run by Jinbei Guarantee, a similar operation for Chinese speaking scammers” (00:04). The US recently sanctioned Huiwuan, reflecting increased efforts to disrupt illicit financial flows in the crypto space.

13. DHS Impersonation Scams Targeting Foreign Students

Scammers posing as Department of Homeland Security (DHS) agents are increasingly targeting foreign students in the US, demanding payments to resolve nonexistent immigration issues. Claire Aird states, “The scammers threaten prosecution or deportation if fake legal fees aren't paid” (00:04). Most victims hail from the Middle East, emphasizing the need for awareness and protective measures among vulnerable populations against such fraudulent schemes.

14. Discovery of a New CPU Side Channel Attack Technique

Security researchers have uncovered a novel technique for CPU side channel attacks, specifically a training solo variant of the Spectre attack. This new method effectively bypasses existing mitigations, including domain isolation protections. Claire Aird reports, “ARM and Intel processors are vulnerable, including Intel's latest models” (00:04). The discovery of eight vulnerabilities in Nissan Leaf cars further exacerbates concerns, as these bugs allow attackers to control vehicle telematics, infotainment systems, and the CAN bus, potentially manipulating core vehicle functions like steering and door operations.

15. Microsoft Implements Screenshot Blocking in Teams Meetings

In an effort to enhance security and prevent unauthorized data capture, Microsoft will introduce a Prevent Screen Capture feature in Teams meetings. As Claire Aird explains, “It will turn the screen black when a user tries to take a screenshot. It'll roll out for all platforms in July” (00:04). This feature aims to protect sensitive information shared during virtual meetings from being inadvertently or maliciously captured and distributed.

Conclusion

This episode of Risky Bulletin delivered a comprehensive overview of the latest developments in cybersecurity, ranging from governmental initiatives and high-profile breaches to the evolving tactics of cybercriminal groups. Host Claire Aird effectively highlighted the dynamic landscape of cyber threats and the ongoing efforts to mitigate risks across various sectors. For listeners seeking to stay informed on critical cybersecurity issues, this episode offered valuable insights and timely updates.

For more information and regular updates, visit Risky.Business.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
The EU launches its own vulnerability database A Turkish APT deploys a zero day in Iraq North Korea tasks an APT to Ukraine and Spain will probe cyber's role in last month's energy grid collapse. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 14th of May and this podcast episode is brought to you by Callight. The EU Cyber Security Agency has launched its own vulnerability database. The timing of the database, called the euvd, is unrelated to the funding issues with the American CVE program. The agency was tasked with establishing it in 2022. Spain's cybersecurity agency is assessing the cyber security practices of small and medium electricity providers. The inquiry is part of an investigation into the nationwide collapse of the country's power grid in late April, according to the Times, officials have yet to identify the cause and have not excluded a possible cyber attack. Russian authorities have arrested a military cadet for selling a hacking tool designed to access government networks. The tool allegedly allowed attackers to bypass security systems and access classified information on the Russian Ministry of Defence network. The cadet was a student at the A.F. mozhaisky Military Space Academy. He is accused of selling the tool on the Evito classified ads portal for $100. It detained by the FSB Last week, a Turkish cyber espionage group targeted Kurdish military members in Iraq by exploiting a zero day vulnerability in the output messenger. The attacks took place last year and the zero day was patched in December. Microsoft's security team attributed the operation to a group it tracks as marble dust. The group is also known as sea turtle and UNC1326. A North Korean APT is targeting the Ukrainian government to collect information about Russia's invasion. This is the first time the group is believed to have targeted the Ukrainian government. It's historically focused on Russia. The shift occurred in February, shortly after North Korea committed troops to assist Russia's invasion. The US army has deactivated its only information operations unit. The First Information Operations Command was established in 2002 and was responsible for providing providing information warfare capabilities and training. Its functions will be taken over by the Army Cyber Command. The order to shut down the centre was made in 2024 under the Biden administration. Fortinet has patched a zero day vulnerability that's been exploited in attacks against 40 voice phone systems. The zero day allows remote unauthenticated attackers to run malicious code using specially crafted web requests. Fortinet says 40 mail, 40 NDR, 40 recorder and 40 camera camera are also vulnerable to the same issue Ivanti has released a security Update to fix 20 days in its mobile device management platform EPMM. Attackers are chaining the vulnerabilities to bypass authentication and run malicious code. Avanti says the zero days are located in two open source libraries used by its software. It didn't name the libraries. Alabama state officials are investigating a security breach after suspicious network activity was detected last week. Officials said attackers obtained credentials for some state employees. A preliminary investigation suggests residents personal data appears safe A hacker has stolen customer data from Christian Dior's network in China. Stolen data included names, emails, phone numbers and home addresses. The French fashion house notified users last week and urged customers to watch for possible phishing emails. A citizen of Kosovo accused of running a cybercrime marketplace has been extradited to the US Don Masaritsa was arrested at the end of last year. He is accused of running BlackDB, an online marketplace for selling stolen credit card details and hacked service and accounts. If convicted, he faces up to 55 years in prison. The Dragon Force Ransomware Group has condemned the possible use of its ransomware in attacks on hospitals, critical infrastructure and Russian companies. In a forum post, the group said such attacks are against its rules. Similar attacks have contributed to the downfall of other major ransomware operations. The group's tools are being used in recent attacks against UK retailers. Telegram has shut down thousands of accounts that were used to launder proceeds from pig butchering operations. Crypto scammers use the accounts to launder more than $35 billion worth of cryptocurrency. Blockchain investigations firm Elliptic says some accounts were run by Cambodian company Huiwuan Guaranty. Others are run by Jinbei Guarantee, a similar operation for Chinese speaking scammers. The Huywu was sanctioned by the US this month. Scammers posing as DHS agents are contacting foreign students in the US and demanding payments to settle non existent immigration issues. The scammers threaten prosecution or deportation if fake legal fees aren't paid. Most victims are from the Middle East. Security researchers have found a new technique for CPU side channel attacks. The training solo variant of the Spectre attack bypasses existing mitigations including domain isolation protections. ARM and intel processors are vulnerable, including Intel's latest models. Eight vulnerabilities have been discovered in Nissan Leaf cars. Researchers from Hungarian security firm PC Automotive said the bugs allow control over the car's telematics, infotainment systems and the can bus. Attackers could control core vehicle features like steering and opening doors. They could also track vehicle locations and record occupants conversations and finally Microsoft will block users from taking screenshots during teams meetings. The Prevent Screen Capture feature will turn the screen black when a user tries to take a screenshot. It'll roll out for all platforms in July. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Callight. Find them@callight.com thanks for your.

Risky Bulletin: EU Launches Its Own Vulnerability Database
Episode Release Date: May 14, 2025
Host: Claire Aird