Risky Bulletin: Google Buys Wiz for $32 Billion
Hosted by Caitlin Sorey, Risky.biz
Release Date: March 19, 2025

Introduction

In this episode of Risky Bulletin, host Caitlin Sorey delves into the latest and most significant developments in the cybersecurity landscape. From major acquisitions to emerging threats and legal battles, this edition provides a comprehensive overview of critical events shaping the industry.

1. Google Acquires Wiz for $32 Billion

The episode opens with the groundbreaking news that Google has acquired Wiz, a prominent cloud security company, for a staggering $32 billion. Caitlin notes, “Google will purchase cloud security company Wiz for $32 billion. The company will join Google's cloud division, but will retain its brand and continue to support all the major cloud platforms” (00:04).

This acquisition marks the largest cybersecurity-related deal to date. Interestingly, in 2024, Wiz had previously declined a $23 billion offer from Google, highlighting the strategic value and growth potential seen by both parties. The integration aims to bolster Google Cloud's security offerings while allowing Wiz to maintain its operational independence.

2. State-Sponsored Cyber Espionage: China and Taiwan Tensions

A significant portion of the episode discusses the escalating cyber tensions between China and Taiwan. China has officially attributed the Poison Ivy and Green Spot Advanced Persistent Threat (APT) groups to the Taiwanese military's Information Communications and Electronic Force Command (ISFCOM).

Caitlin reports, “Chinese officials say the APT is run by a cyber warf inside Taiwan's Information Communications and Electronic Force Command, also known as ISEFCOM” (00:04). China has publicly named four individuals allegedly leading these groups. Additionally, China claims that ISFCOM is behind the hacktivist group Anonymous 64. However, Taiwanese officials have vehemently denied these allegations, asserting that ISFCOM exclusively engages in defensive cyber operations.

This accusation comes amid broader concerns about state-sponsored cyber activities disrupting global security dynamics.

3. Persistent Windows Zero-Day Vulnerability Exploited by APT Groups

The bulletin highlights the ongoing exploitation of a Windows zero-day vulnerability, a bug that allows attackers to obscure command line arguments in LNK shortcut files. Trend Micro has identified this technique being employed by 11 APT groups from nations including North Korea, Iran, Russia, and China, with over 1,000 samples detected.

Caitlin emphasizes the severity of the issue: “Trend Micro reported the flaw in September 2024, but Microsoft assessed it as low severity and has no plan to issue a patch” (00:04). This complacency from Microsoft raises alarms, as the vulnerability has been actively exploited for eight years without effective remediation, posing a significant risk to Windows users worldwide.

4. European Tech Companies Advocate for Enhanced Digital Infrastructure

A coalition of over 100 European tech companies, including industry giants like Airbus, OVH, Cloud, Nexcloud, and Proton, has submitted an open letter to EU lawmakers. The collective urges investment in European digital infrastructure to reduce dependency on foreign technology, particularly from the U.S.

Caitlin notes, “The call comes amongst growing European scepticism about the reliability of the US as a partner” (00:04). This initiative underscores a strategic pivot towards self-reliance in digital capabilities, driven by concerns over security and geopolitical stability.

5. CISA Court Order and Workforce Instability

The Cybersecurity and Infrastructure Security Agency (CISA) is facing internal turmoil as a U.S. court has mandated the reinstatement of previously terminated probationary staff members. Caitlin explains, “CISA has urged affected employees to get in touch so they can be reinstated, then placed on administrative leave” (00:04).

The layoffs, impacting teams focused on election security, anti-disinformation, and penetration testing, reflect broader challenges within government cybersecurity agencies. The potential for second-term firings suggests ongoing instability and shifting priorities within CISA, raising questions about government efficiency and workforce management.

6. Critical Vulnerability in AMI Mega Rack Baseboard Management Controllers

A newly discovered remotely exploitable vulnerability in AMI Mega Rack baseboard management controllers poses severe risks. The flaw, which bypasses authentication for remote management, has received the highest severity score of 10 on the Common Vulnerability Scoring System (CVSS).

Caitlin reports, “Attackers could have used this flaw to tamper with firmware, disable security protections and render devices inoperable” (00:04). Over 1,000 Mega Rack management interfaces are now exposed to the internet, affecting vendors such as ASUS, ASRockrack, and HPE. The widespread exposure amplifies the potential impact, necessitating immediate attention from affected organizations to mitigate exploitation risks.

7. Malware Targeting Car Dealership Websites

An alarming trend has emerged where over 100 car dealership websites have been compromised to deliver malware to unsuspecting users. Security researcher Randy McEwen discovered that visitors encounter pop-ups urging them to execute malicious commands on their computers.

Caitlin details, “The code was delivered via a shared video player platform” (00:04). This method leverages trusted content delivery channels to bypass security measures, making it a sophisticated and pervasive threat to end-users.

8. Infosys Settles Class Action Lawsuits Over 2023 Data Breach

Indian IT services giant Infosys has agreed to settle multiple class action lawsuits stemming from a 2023 security breach. The settlement entails a payment of $17.5 million to affected plaintiffs, addressing the exposure of personal data of over 6.5 million individuals.

Caitlin summarizes, “The Infosys hack exposed the personal data of more than 6.5 million people” (00:04). This case underscores the critical importance of robust data protection measures and the financial and reputational repercussions companies face when failing to safeguard sensitive information.

9. Cryptocurrency Theft: Wemix and OKX Respond

The episode covers two significant incidents in the cryptocurrency sector:

• Wemix Blockchain Gaming Platform Hack: Hackers stole $6.2 million in crypto assets from Wemix in February. Wemix CEO Kim Seok Hwan initiated an investigation four days post-attack and confirmed the breach during a recent press conference. Kim stated, “The delay in confirming the attack was an attempt to avoid a market panic rather than him trying to conceal the breach” (00:04).

• OKX Decentralized Exchange Aggregator Suspension: OKX has suspended its decentralized exchange aggregator following its exploitation by North Korean actors to launder proceeds from the Bybit hack. Caitlin notes, “OKX was encouraged to take the step by European financial regulators” (00:04). In response, OKX has implemented a system to track and block the latest addresses used by the Bybit hackers in real-time, aiming to disrupt further illicit activities.

10. Malicious Apps Discovered on Google Play Store

Bitdefender has identified a cluster of over 330 malicious applications infiltrating the Google Play Store. These apps employ sophisticated techniques to conceal their icons, launch without user interaction, and inundate devices with advertisements.

Caitlin states, “Some apps would display a pop up to attempt to collect user credentials and banking details” (00:04). Notably, more than 60 million users have downloaded these apps since April 2020, highlighting the extensive reach and potential harm of such malicious software.

11. Vulnerabilities in XML Crypto JavaScript Library

Two critical vulnerabilities have been discovered in the XML Crypto JavaScript library, enabling attackers to bypass authentication in systems utilizing this library for verifying signed XML documents. Security researcher Alexander Tan brought these bugs to light, which have been confirmed by the library's maintainer, Work OS.

Caitlin elaborates, “The flaws can be used to bypass SAML authentication. Other SAML implementations that use the library may also be impacted” (00:04). Organizations relying on this library for security should urgently assess and mitigate these vulnerabilities to prevent unauthorized access and potential breaches.

Conclusion

This episode of Risky Bulletin underscores the dynamic and often perilous nature of the cybersecurity landscape. From monumental acquisitions and state-sponsored cyber activities to critical vulnerabilities and significant data breaches, the discussions highlight the ongoing challenges and responses within the industry. Staying informed and proactive remains paramount in navigating and mitigating these evolving threats.

For more detailed insights and updates, listeners are encouraged to follow Risky.biz and stay tuned for future episodes.

Disclaimer: The views and information presented in this summary are based on the episode transcript provided and are intended for informational purposes only.