Risky Bulletin: MITRE Says Funding Risk Could Disrupt CVE Database
Hosted by risky.biz
Release Date: April 16, 2025

1. MITRE Corporation Faces Funding Cuts Impacting CVE Database

The episode opens with crucial news from the MITRE Corporation regarding potential disruptions to the Common Vulnerabilities and Exposures (CVE) database due to impending funding cuts.

“Mitre Corporation has warned partner organisations about possible disruptions to the CVE database,” Claire Airdrop reports at [00:04].
“Disruptions to the CVE program could impact cybersecurity vendors, vulnerability scanning tools and IR investigations.”

MITRE announced that its contract with the US government was set to expire on April 16, without a renewal in sight. This uncertainty raises concerns about the stability and continuity of the CVE program, which is integral to identifying and addressing security vulnerabilities across various platforms and industries.

2. China Accuses NSA of Cyber Attacks on Asian Winter Games

In a significant geopolitical development, China has accused the National Security Agency (NSA) of orchestrating cyber attacks against the Asian Winter Games held in February.

“China has breathlessly accused the NSA of being behind cyber attacks against the Asian Winter Games in February,” Claire states at [00:04].

Beijing alleges that NSA front companies rented servers to attack the games' digital infrastructure and attempted to steal personal data of participants. Additionally, China claims that the NSA tried to activate backdoors on Windows systems using encrypted data packets. However, these accusations lack substantial evidence, and the White House has labeled them as fabricated. Notably, China mentioned collaboration from the University of California and Virginia Tech in aiding the NSA, a claim that has yet to be substantiated.

3. CA Browser Forum to Reduce TLS Certificate Lifespan

The CA Browser Forum has announced a gradual reduction in the maximum validity period for TLS (Transport Layer Security) certificates, a move aimed at enhancing internet security.

“The lifespan of TLS certificates was 10 years in 2012, but has been reduced multiple times. It's currently three hundred and ninety-eight days,” Claire explains at [00:04].

Starting in March 2026, the maximum validity will decrease to 47 days over three phases spanning three years. The ballot for this decision passed unopposed, receiving 28 votes in favor and 5 abstentions. This change is expected to mitigate security risks by ensuring more frequent updates and renewals of certificates, thereby reducing the window of opportunity for malicious exploitation.

4. Ransomware Attack Disrupts DaVita Dialysis Clinics

A ransomware attack has targeted DaVita, a leading provider of dialysis services in the United States, causing disruptions in operations.

“A ransomware attack is impacting Davita, a major provider of dialysis services in the US,” Claire reports at [00:04].

DaVita confirmed that some of its systems were encrypted, though patient care continued uninterrupted. The company has not disclosed the expected recovery timeline. With over 3,000 clinics and services extending to more than 760 hospitals, the attack underscores the vulnerability of critical healthcare infrastructure to cyber threats.

5. Hacktivists Alter Silicon Valley Traffic Control Crosswalks

In an unusual act of hacktivism, individuals modified traffic control crosswalk buttons in Silicon Valley to play custom audio messages featuring voices of prominent tech figures.

“The hack altered the buttons to play AI-generated audio of Mark Zuckerberg and Elon Musk,” Claire shares at [00:04].

These altered crosswalks began broadcasting the audio clips on Friday and were swiftly removed by authorities the following day. This incident highlights the creative and disruptive methods employed by hacktivists to draw attention to their causes.

6. 4chan Suffers Security Breach

The controversial internet forum 4chan has reportedly been hacked, with attackers leaking portions of the site's source code and backend interfaces.

“4chan has not confirmed the breach, but the site was offline on Tuesday,” Claire notes at [00:04].

The breach was announced on the rival forum Soyjak, drawing parallels to a similar incident faced by Party4chan in 2014. Such breaches raise concerns about the security measures in place to protect user data and the integrity of online platforms.

7. Kilox Cryptocurrency Exchange Loses $7 Million in Attack

Kilox, a cryptocurrency exchange, suffered a significant financial loss after an attack exploited a vulnerability in its Price Oracle system.

“The attackers used Tornado Cash to hide the origin of the funds they used to run the exploits,” Claire informs at [00:04].

The incident resulted in a loss of $7 million, with more than half traced to a single wallet. Tornado Cash, a blockchain money laundering service, assisted the attackers in obscuring the funds' origins, despite recent sanctions being lifted by the US.

8. Cyber Insurance and Ransom Payments: A Risky Correlation

A Dutch police study revealed that companies with cyber insurance tend to pay ransoms almost three times higher than those without such coverage.

“Companies with cyber insurance pay ransoms almost three times bigger than non-insured organisations,” Claire states at [00:04].

The study suggests that ransomware gangs often seek out companies with insurance, as the presence of cyber insurance signals a higher willingness to pay. However, the research also found that robust backups are the most effective defense against ransomware attacks. Furthermore, in 95% of cases where a ransom was paid, companies would have faced bankruptcy if they had not complied.

9. Malicious Android Apps Pose as WhatsApp to Hijack Crypto Wallets

A cluster of deceptive Android applications masquerading as WhatsApp has been identified, designed to compromise cryptocurrency transactions.

“The malware hijacks crypto wallet transactions by manipulating cryptocurrency addresses on the device's clipboard,” Claire explains at [00:04].

Russian security firm Dr. Web reports that the attackers are managing over 60 command and control servers. To date, the group has successfully stolen more than $600,000, with over half attributed to a single wallet, highlighting the significant financial risks associated with such malware.

10. Meta to Use EU User Data for AI Model Training

In a major policy shift, Meta has announced its intention to utilize EU user data to train its artificial intelligence models, addressing prior regulatory concerns.

“Meta says it will only use public data to train its models,” Claire shares at [00:04].

This approach includes public posts and interactions with existing AI chatbots. EU users will be notified of this change shortly and will have the option to opt out, complying with European data privacy regulations and ensuring transparency in data usage.

Conclusion

Today's episode of Risky Bulletin covered a broad spectrum of cybersecurity issues, from funding challenges at MITRE and international cyber espionage allegations to practical security measures like TLS certificate lifespan reductions and the implications of cyber insurance on ransom payments. The discussions underscore the evolving landscape of cybersecurity threats and the critical measures needed to mitigate risks across various sectors.

This summary was prepared based on the transcript provided and excludes non-content sections such as advertisements and introductions.