Risky Bulletin: MITRE says funding risk could disrupt CVE database - Risky Bulletin

Summary5 min read

Risky Bulletin: MITRE Says Funding Risk Could Disrupt CVE Database
Hosted by risky.biz
Release Date: April 16, 2025

1. MITRE Corporation Faces Funding Cuts Impacting CVE Database

The episode opens with crucial news from the MITRE Corporation regarding potential disruptions to the Common Vulnerabilities and Exposures (CVE) database due to impending funding cuts.

“Mitre Corporation has warned partner organisations about possible disruptions to the CVE database,” Claire Airdrop reports at [00:04].
“Disruptions to the CVE program could impact cybersecurity vendors, vulnerability scanning tools and IR investigations.”

MITRE announced that its contract with the US government was set to expire on April 16, without a renewal in sight. This uncertainty raises concerns about the stability and continuity of the CVE program, which is integral to identifying and addressing security vulnerabilities across various platforms and industries.

2. China Accuses NSA of Cyber Attacks on Asian Winter Games

In a significant geopolitical development, China has accused the National Security Agency (NSA) of orchestrating cyber attacks against the Asian Winter Games held in February.

“China has breathlessly accused the NSA of being behind cyber attacks against the Asian Winter Games in February,” Claire states at [00:04].

Beijing alleges that NSA front companies rented servers to attack the games' digital infrastructure and attempted to steal personal data of participants. Additionally, China claims that the NSA tried to activate backdoors on Windows systems using encrypted data packets. However, these accusations lack substantial evidence, and the White House has labeled them as fabricated. Notably, China mentioned collaboration from the University of California and Virginia Tech in aiding the NSA, a claim that has yet to be substantiated.

3. CA Browser Forum to Reduce TLS Certificate Lifespan

The CA Browser Forum has announced a gradual reduction in the maximum validity period for TLS (Transport Layer Security) certificates, a move aimed at enhancing internet security.

“The lifespan of TLS certificates was 10 years in 2012, but has been reduced multiple times. It's currently three hundred and ninety-eight days,” Claire explains at [00:04].

Starting in March 2026, the maximum validity will decrease to 47 days over three phases spanning three years. The ballot for this decision passed unopposed, receiving 28 votes in favor and 5 abstentions. This change is expected to mitigate security risks by ensuring more frequent updates and renewals of certificates, thereby reducing the window of opportunity for malicious exploitation.

4. Ransomware Attack Disrupts DaVita Dialysis Clinics

A ransomware attack has targeted DaVita, a leading provider of dialysis services in the United States, causing disruptions in operations.

“A ransomware attack is impacting Davita, a major provider of dialysis services in the US,” Claire reports at [00:04].

DaVita confirmed that some of its systems were encrypted, though patient care continued uninterrupted. The company has not disclosed the expected recovery timeline. With over 3,000 clinics and services extending to more than 760 hospitals, the attack underscores the vulnerability of critical healthcare infrastructure to cyber threats.

5. Hacktivists Alter Silicon Valley Traffic Control Crosswalks

In an unusual act of hacktivism, individuals modified traffic control crosswalk buttons in Silicon Valley to play custom audio messages featuring voices of prominent tech figures.

“The hack altered the buttons to play AI-generated audio of Mark Zuckerberg and Elon Musk,” Claire shares at [00:04].

These altered crosswalks began broadcasting the audio clips on Friday and were swiftly removed by authorities the following day. This incident highlights the creative and disruptive methods employed by hacktivists to draw attention to their causes.

6. 4chan Suffers Security Breach

The controversial internet forum 4chan has reportedly been hacked, with attackers leaking portions of the site's source code and backend interfaces.

“4chan has not confirmed the breach, but the site was offline on Tuesday,” Claire notes at [00:04].

The breach was announced on the rival forum Soyjak, drawing parallels to a similar incident faced by Party4chan in 2014. Such breaches raise concerns about the security measures in place to protect user data and the integrity of online platforms.

7. Kilox Cryptocurrency Exchange Loses $7 Million in Attack

Kilox, a cryptocurrency exchange, suffered a significant financial loss after an attack exploited a vulnerability in its Price Oracle system.

“The attackers used Tornado Cash to hide the origin of the funds they used to run the exploits,” Claire informs at [00:04].

The incident resulted in a loss of $7 million, with more than half traced to a single wallet. Tornado Cash, a blockchain money laundering service, assisted the attackers in obscuring the funds' origins, despite recent sanctions being lifted by the US.

8. Cyber Insurance and Ransom Payments: A Risky Correlation

A Dutch police study revealed that companies with cyber insurance tend to pay ransoms almost three times higher than those without such coverage.

“Companies with cyber insurance pay ransoms almost three times bigger than non-insured organisations,” Claire states at [00:04].

The study suggests that ransomware gangs often seek out companies with insurance, as the presence of cyber insurance signals a higher willingness to pay. However, the research also found that robust backups are the most effective defense against ransomware attacks. Furthermore, in 95% of cases where a ransom was paid, companies would have faced bankruptcy if they had not complied.

9. Malicious Android Apps Pose as WhatsApp to Hijack Crypto Wallets

A cluster of deceptive Android applications masquerading as WhatsApp has been identified, designed to compromise cryptocurrency transactions.

“The malware hijacks crypto wallet transactions by manipulating cryptocurrency addresses on the device's clipboard,” Claire explains at [00:04].

Russian security firm Dr. Web reports that the attackers are managing over 60 command and control servers. To date, the group has successfully stolen more than $600,000, with over half attributed to a single wallet, highlighting the significant financial risks associated with such malware.

10. Meta to Use EU User Data for AI Model Training

In a major policy shift, Meta has announced its intention to utilize EU user data to train its artificial intelligence models, addressing prior regulatory concerns.

“Meta says it will only use public data to train its models,” Claire shares at [00:04].

This approach includes public posts and interactions with existing AI chatbots. EU users will be notified of this change shortly and will have the option to opt out, complying with European data privacy regulations and ensuring transparency in data usage.

Conclusion

Today's episode of Risky Bulletin covered a broad spectrum of cybersecurity issues, from funding challenges at MITRE and international cyber espionage allegations to practical security measures like TLS certificate lifespan reductions and the implications of cyber insurance on ransom payments. The discussions underscore the evolving landscape of cybersecurity threats and the critical measures needed to mitigate risks across various sectors.

This summary was prepared based on the transcript provided and excludes non-content sections such as advertisements and introductions.

Loading summary

Transcript1 lines

[00:04]
Claire Airdrop
Mitre Corporation says funding cuts will impact the CVE database China accuses NSA employees of an Asian Winter Games hack A ransomware attack disrupts dialysis clinics the CA browser forum will limit TLS certificate lifetime to 47 days and 4chan gets hacked. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire airdrop. Today is the 16th of April and this podcast episode is brought to you by application. Allow listing software maker Airlock Digital. The Mitre Corporation has warned partner organisations about possible disruptions to the CVE database. Mitre said its contract with the US government will expire on Wednesday, April 16 and has not yet been renewed. Disruptions to the CVE program could impact cybersecurity vendors, vulnerability scanning tools and IR investigations. China has breathlessly accused the NSA of being behind cyber attacks against the Asian Winter Games in February. Beijing claims NSA front companies rented servers that attacked the game's digital infrastructure and tried to steal the personal data of games participants. China also says the NSA tried to activate backdoors on Windows systems with what it described as unknown encrypted data packets. Spooky. Apparently the University of California and Virginia Tech aided the NSA in the attack. China has provided little evidence to support its claims and the White House has described them as fabricated. The CA browser forum will gradually reduce the maximum validity of TLS certificates to 47 days. The reduction will happen in three phases over three years, starting in March 2026. The ballot passed without opposition, with 28 votes in favour and 5 abstainers. The lifespan of TLS certific was 10 years in 2012, but has been reduced multiple times. It's currently three hundred and ninety eight days. A ransomware attack is impacting Davita, a major provider of dialysis services in the us. The company said the attack encrypted some systems, but patient care is continuing. It couldn't say how long it would take to recover. Davita is a Fortune 500 company with more than 3,000 clinics. It provides services to more than 760 hospitals and treats more than 200,000 patients every year. A hacktivus has modified Silicon Valley traffic control crosswalk buttons to play custom audio messages. The hack altered the buttons to play AI generated audio of Mark Zuckerberg and Elon Musk. The audio clips began playing on Friday and were removed by authorities on Saturday. Hackers have reached the controversial Internet forum 4chan. The attackers leaked some of the site's source code and posted images of its backend interface and database management page. 4chan has not confirmed the breach, but the site was offline on Tuesday. The hack was announced on rival forum Soyjak. Party4chan suffered a similar breach in 2014. Cryptocurrency exchange Kilox lost $7 million in assets in an attack on Monday. The attacker allegedly exploited a vulnerability in the platform's Price Oracle system. The attackers used Tornado Cash to hide the origin of the funds they used to run the exploits. Tornado Cash is a blockchain money laundering service that recently had sanctions against it lifted by the US. Companies with cyber insurance pay ransoms almost three times bigger than non insured organisations, according to a Dutch police study. Ransomware gangs often look for documents mentioning insurance before deciding on the ransom's value. Decent backups were found to be the best defence against ransomware and large extortions. The same study also found that in 95% of the cases where a company paid a ransom, they would have gone bankrupt if they didn't. A cluster of malicious Android apps has been discovered posing as WhatsApp. The malware hijacks crypto wallet transactions by manipulating cryptocurrency addresses on the device's clipboard. Russian security firm Dr. Web says the attackers are running a cluster of more than 60 command and control servers. So far, the group has stolen More than $600,000, but more than half of that was from a single wallet. And finally Meta will use EU user data to train its AI models After a long delay due to European regulatory concern following negotiations with Ireland's privacy regulator, Meta says it will only use public data to train its models. This includes public posts and interactions with Meta's existing AI chatbots. EU users will be notified of the change in the coming days and can opt out. And that is all for this podcast edition. Today's show is brought to you by our sponsor, Airlock Digital. Find them@airlockdigital.com thanks for your.