Risky Bulletin: Comprehensive Summary of the June 25, 2025 Episode

Host: Claire Air
Prepared by: Catalyn Kim Panu
Release Date: June 25, 2025

The latest episode of Risky Bulletin delves into a series of significant cybersecurity incidents and developments. Hosted by Claire Air and prepared by Catalyn Kim Panu, the episode offers an in-depth analysis of threats, policy changes, and technological advancements shaping the cybersecurity landscape. Below is a detailed summary structured into key sections.

1. Hackers Breach Norwegian Dam

Timestamp: 00:04

The episode opens with a concerning incident where hackers successfully manipulated a Norwegian dam's water flow controls. In April, cybercriminals accessed the Lake Riesvatna dam near Svelgin city and fully opened a valve, increasing the outflow by 500 liters per second for four hours. Despite the significant increase, officials assured that the flow did not reach the 20,000 liters per second threshold required to cause flooding.

Quote:
"Officials believe a weak password for the valve's web-based control panel enabled the attack."
— Claire Air, [00:04]

This breach highlights the critical vulnerabilities in industrial control systems, emphasizing the need for robust cybersecurity measures in infrastructure management.

2. US House Bans WhatsApp on Staff Devices

Timestamp: 02:10

In response to growing security concerns, the US House of Representatives has prohibited the use of WhatsApp on all staff devices. The app has been classified as high risk due to the absence of on-device data encryption and a lack of transparency concerning user data protection.

Quote:
"The app is classified as high risk due to the absence of on-device data encryption and a lack of transparency over how it protects user data."
— Claire Air, [02:10]

Alternative communication tools approved as replacements include Microsoft Teams, Wickr, Signal, iMessage, and FaceTime, ensuring secure and reliable channels for official use.

3. Russia's Plan for a National IMEI Database

Timestamp: 03:00

The Russian government has announced intentions to establish a national database of mobile device identifiers (IMEI codes). This initiative aims to combat financial fraud by enabling the government to ban devices based on their unique hardware identifiers, rendering stolen or fraudulent devices unusable even if fraudsters change their phone numbers.

Quote:
"The database will be used to combat financial fraud, banning devices by IMEI means."
— Claire Air, [03:00]

This move underscores Russia’s focus on leveraging technology to enhance national security and reduce fraudulent activities.

4. Release of Four REvil Members After Time Served

Timestamp: 04:00

A significant development in the fight against ransomware gangs: a Russian court has sentenced four members of the notorious REvil ransomware group to time served on carding-related charges. These four were part of a larger raid in January 2022, which saw the arrest of 14 REvil members. Previously, four other members received sentences ranging from four and a half to six years in prison.

Quote:
"A Russian court has sentenced four members of the REvil ransomware group to time served."
— Claire Air, [04:00]

This outcome reflects the ongoing challenges in prosecuting cybercriminals and the complexities of international law enforcement collaborations.

5. EU Considers OVH Cloud as Official Provider

Timestamp: 04:30

In a move towards digital sovereignty, the European Commission is evaluating OVH Cloud as the EU's official cloud provider, potentially replacing Microsoft Azure. Discussions with several European cloud providers have intensified, particularly after the Trump administration imposed sanctions on four International Criminal Court judges, leading to the shutdown of their Microsoft accounts.

Quote:
"Talks accelerated this month after the Trump administration imposed sanctions on four International Criminal Court judges."
— Claire Air, [04:30]

This transition aims to bolster the EU's control over its digital infrastructure and reduce dependency on non-European cloud services.

6. EU Pushes for Post-Quantum Cryptographic Standards

Timestamp: 04:55

The EU has mandated that member states begin transitioning their systems to post-quantum cryptographic standards by the end of 2027, with high-risk systems, such as critical infrastructure, to follow by 2030. Post-quantum cryptography encompasses encryption algorithms designed to withstand attacks from quantum computers, ensuring long-term data security.

Quote:
"EU member states have been told to start transitioning systems to use post quantum cryptographic standards by the end of 2027."
— Claire Air, [04:55]

This initiative is part of the broader strategy to future-proof the EU's digital security against emerging technological threats.

7. Common Good Cyber Fund Launched by Canada and UK

Timestamp: 05:15

The Canadian and UK governments have introduced the Common Good Cyber Fund, a $5.7 million initiative over five years aimed at supporting nonprofit cybersecurity organizations. Eligible nonprofits include those maintaining core digital infrastructure like DNS and Internet routing, as well as organizations providing cybersecurity assistance to high-risk individuals.

Quote:
"The Common Good Cyber Fund will be available to nonprofits that maintain core digital infrastructure such as DNS, Internet routing or free threat intelligence systems."
— Claire Air, [05:15]

Managed by the Internet Society and Global Cyber Alliance, this fund seeks to strengthen the cybersecurity posture of essential digital services and vulnerable populations.

8. Shutdown of Critical Infrastructure Defence Project

Timestamp: 05:25

A notable setback occurred with the shutdown of the Critical Infrastructure Defence project, which was established in 2022 by cybersecurity firms Cloudflare, Crowdstrike, and Ping Identity. Originally launched to defend US critical infrastructure organizations—such as hospitals, water systems, and power utilities—against potential Russian cyberattacks and sabotage, the program has now been discontinued.

Quote:
"A project that offered free security services to US critical infrastructure organisations has been shut down."
— Claire Air, [05:25]

The termination of this project raises concerns about the vulnerability of essential services to cyber threats and the need for sustained support and resources.

9. libxml2 Library Vulnerability Reports Made Public

Timestamp: 05:40

In a move to enhance transparency and community involvement, the libxml2 open-source project has changed its policy to make all vulnerability reports public by default. Project lead Nick Wilnhofer stated that security flaws will be patched as time permits rather than adhering to strict deadlines, hoping to encourage downstream users to contribute improvements.

Quote:
"Vulnerability reports will now be public by default... hopes the new policy will encourage downstream users to contribute back to the project."
— Claire Air, [05:40]

This shift aims to foster collaborative security practices and accelerate the remediation of vulnerabilities in widely used libraries.

10. Malware Exploitation via ConnectWise Installer

Timestamp: 05:50

Threat actors have been exploiting the ConnectWise installer to distribute malware. By manipulating the unsigned configuration data within the installer, the malicious group known as Evil Konwe has created cryptographically valid installers that deliver their malware payloads.

Quote:
"This allowed the evil Konwe group to make cryptographically valid installers that launch their malware."
— Claire Air, [05:50]

In response, ConnectWise rotated its signing certificate on June 13 and pledged to enhance the security measures surrounding configuration data in their installers to prevent future abuse.

11. Chinese Botnet: Lapdog and Shortleash

Timestamp: 06:00

Security firm Security Scorecard has identified a new botnet named Lapdog, accompanied by a custom backdoor called Shortleash, used by Chinese hackers to conceal their operations. The botnet has compromised over 1,000 devices, primarily small office/home office (SoHo) routers, facilitating covert cyber-attacks.

Quote:
"At least one Chinese apt group has used the botnet to hide its operations."
— Claire Air, [06:00]

This development underscores the evolving tactics of state-sponsored hacking groups in leveraging botnets for stealthy infiltration and operations.

12. Akamai's XM Rogue Tool Against Crypto Mining Botnets

Timestamp: 06:10

Akamai has introduced the XM Rogue tool, designed to disrupt cryptocurrency mining botnets. The tool infiltrates the botnet, submitting erroneous computation data to Monero mining pools. These repeated inaccuracies lead to the botnet's exclusion from mining pools, resulting in financial losses for the operators.

Quote:
"The XM rogue tool joins the botnet and submits bad computation to Monero mining pools... profits being lost."
— Claire Air, [06:10]

Akamai's proactive approach represents a significant advancement in combating illicit crypto mining operations.

13. WinRAR Path Traversal Vulnerability Patched

Timestamp: 06:20

A critical vulnerability in the WinRAR file archiver has been addressed. The path traversal bug allowed attackers to execute arbitrary code on users' systems. This vulnerability specifically affected WinRAR on Windows platforms. Users are advised to update to the latest version to mitigate potential risks.

Quote:
"A vulnerability has been patched in the Winrar file archiver... allow attackers to run code on users systems."
— Claire Air, [06:20]

This patch is essential for maintaining system security, especially for users handling archived files regularly.

14. Introduction of File Fix Technique as an Alternative to Click Fix

Timestamp: 06:30

Security researcher Mr. Dox has developed the File Fix technique, offering an alternative to the traditional Click Fix method used in social engineering attacks. Unlike Click Fix, which tricks users into copying and pasting commands into Windows, File Fix deceives users into pasting into the run dialog via FileFix. The attacker hides PowerShell commands within whitespace in the purported file path, executing malicious scripts without the user's knowledge.

Quote:
"In Qlik Fix, users are pasting into the run dialog with FileFix... the attacker uses white space to hide PowerShell commands in the path."
— Claire Air, [06:30]

This new technique highlights the continual evolution of social engineering tactics, necessitating heightened user awareness and security training.

Conclusion

The June 25, 2025 episode of Risky Bulletin presents a comprehensive overview of contemporary cybersecurity threats and strategic responses. From the alarming breach of a Norwegian dam to legislative actions like the US House's ban on WhatsApp, the episode underscores the multifaceted nature of cyber risks. Additionally, policy shifts within the EU and the launch of supportive funds by Canada and the UK highlight ongoing efforts to bolster global cybersecurity resilience. The episode also sheds light on emerging threats, such as the exploitation of legitimate installers for malware distribution and the development of sophisticated botnets by state-sponsored actors. Concluding with advancements in defensive technologies and new social engineering techniques, the bulletin emphasizes the dynamic and ever-evolving landscape of cybersecurity.

For those seeking to stay informed on the latest cybersecurity news and analyses, Risky Bulletin continues to be an invaluable resource.