Risky Bulletin: Russia's War on Foreign Software Continues

Host: Claire Aird
Release Date: August 6, 2025
Podcast: Risky Bulletin by risky.biz

Introduction

In this episode of Risky Bulletin, Claire Aird delves into the latest cybersecurity developments, ranging from international software regulations to significant data breaches affecting major corporations. The episode, released on August 6, 2025, provides a comprehensive overview of the evolving cyber threat landscape and the responses from both governmental bodies and private enterprises.

1. Russia Mandates Migration to Domestic ERP Systems

Russian authorities have enacted a new law requiring companies to transition to domestically produced Enterprise Resource Planning (ERP) systems.

• Legislation Details:
  "The government passed a law in April that requires critical infrastructure operators to use Russian-made software," Aird explains (00:30).

• Implementation Timeline:
  The law becomes effective in September 2025, though a specific deadline for migration has yet to be established.

• Current Compliance Status:
  Approximately one-third of Russian firms continue to utilize foreign ERP solutions such as SAP and Oracle, highlighting significant potential disruptions in the transition period.

• Impact on Businesses:
  This move underscores Russia's intention to bolster its cybersecurity by reducing reliance on foreign software, potentially reshaping the global ERP market.

2. Ohio Requires Public Approval for Ransomware Payments

In a groundbreaking shift, Ohio's local government bodies must now approve any ransom payments resulting from ransomware attacks through transparent, public mechanisms.

• New Policy Overview:
  "Local government bodies in Ohio will have to approve ransomware payments in full view of the public," states Aird (02:15).

• Legislative Context:
  This requirement is part of the 2026 state budget bill, which also mandates the establishment of cybersecurity programs aimed at preventing future cyberattacks.

• Funding Constraints:
  The bill restricts the use of current Department of Homeland Security (DHS) Cyber grants, previously utilized by the Multi-State Information Sharing and Analysis Centre (MS-ISAC), for services provided by MS-ISAC.

• Strategic Response:
  A 17-member panel, led by former US Army Cyber Command head Ed Cardin and Josh Stiefel of the House Armed Services Committee, is tasked with formulating a roadmap for establishing a dedicated US cyber force for the next fiscal year.

3. Significant Data Breaches Affecting Major Corporations

Two high-profile companies, Chanel and Cisco, have reported substantial data breaches, raising concerns over their cybersecurity defenses.

• Chanel Data Breach:
  "Chanel has notified customers of a data breach impacting its U.S. operations," Aird reports (05:45). The breach involved unauthorized access through one of Chanel's database providers, although the exact number of affected individuals remains undisclosed.

• Cisco Security Incident:
  In a similar vein, Cisco experienced a breach in late July, compromising customer information. The breach was facilitated by a threat actor employing voice phishing tactics against a third-party CRM platform manager. Both breaches suggest a potential coordinated campaign targeting Salesforce users, though neither company has formally confirmed this association.

4. Thai Hospital Fined for an Unusual Data Breach

A private hospital in Thailand faced a hefty fine of $37,000 after an egregious data breach incident.

• Incident Details:
  Patient records were infamously repurposed as packaging for local delicacies, specifically "Kannom, Tokyo," a type of crispy crepe filled with custard (07:20).

• Hospital's Response:
  The institution admitted to hiring a contractor to dispose of sensitive records but failed to ensure proper execution, leading to the breach.

5. Ransomware Attack Leads to Data Leak in Louisiana

Data from Louisiana's East Baton Rouge Sheriff's Office was exposed following a ransomware attack in April of the previous year.

• Exposed Information:
  The leaked data includes informant details, polygraph results, internal affairs investigations, IMSI catcher warrants, training manuals for creating online sock puppet accounts, and information on using Cellebrite and GreyKey phone unlocking tools (09:10).

• Response Strategy:
  Notably, the Sheriff's office opted not to pay the ransom, a decision that underscores the complexities and risks associated with such cyber extortion tactics.

6. Ongoing Cybersecurity Threats and Vulnerabilities

a. Candiru Spyware Vendor Remains Active

Israeli spyware provider Candiru continues its operations despite scrutiny.

• Recent Developments:
  Security firm Recorded Future identified new servers associated with Candiru's Devil's Tongue spyware, with active deployments in countries including Hungary, Saudi Arabia, and Indonesia (11:00).

b. Iranian APT Group Alters Front Company Name

An Iranian advanced persistent threat (APT) group has rebranded its front company to evade US sanctions.

• Company Evolution:
  Previously sanctioned as the Cotton Sandstorm Group, the company has undergone name changes to Shahid Shustari and Aria Sepa Ayanda Sozan while maintaining its operational base.

c. SonicWall Advises Disabling SSL VPN Feature

SonicWall has issued a critical advisory for administrators to disable the SSL VPN feature on their devices immediately.

• Reason for Advisory:
  Multiple security firms, including Arctic Wolf and Google, reported ongoing attacks exploiting SonicWall systems to deploy ransomware (13:00).

d. Nvidia Servers Vulnerable to Hijacking

A series of three vulnerabilities in Nvidia's Triton Inference server platform have allowed remote attackers to hijack servers running AI models.

• Vulnerability Details:
  Discovered by Wiz (now part of Google Cloud), these bugs have been patched by Nvidia following their disclosure (14:30).

e. Dell Laptops Susceptible to Firmware Backdoors

Five vulnerabilities, collectively known as "ReVault," impact over 100 Dell laptop models by compromising the Control Vault 3 firmware.

• Exploitation Mechanism:
  These bugs can be leveraged via a Windows API without needing elevated privileges, facilitating unauthorized backdoors. Dell has responded with necessary firmware updates (16:00).

f. Streamlit Framework Vulnerability

A critical flaw in the Streamlit app deployment framework allows attackers to perform path traversal and arbitrary file uploads, potentially compromising underlying cloud servers.

• Patch Information:
  Streamlit addressed this vulnerability with a security patch released in March (17:40).

g. Adobe Releases Emergency Security Updates

Adobe has issued an out-of-band update for its Experience Manager CMS to fix two vulnerabilities after researchers released proof-of-concept exploits.

• Patch Rationale:
  Despite the absence of active exploitation in the wild, Adobe preemptively patched the issues following responsible disclosure protocols (19:10).

h. Cloudflare Accuses Perplexity of Policy Violations

Cloudflare has leveled accusations against AI company Perplexity for circumventing crawl restrictions by altering user agents and IP addresses, effectively hiding their scanning activities in approximately 20% of cases (20:50).

7. Meta Enhances WhatsApp Security Features

In an effort to combat scams and unauthorized additions to user groups, Meta has introduced a new feature in WhatsApp.

• New Notification System:
  Users will receive alerts when they are added to new groups by individuals outside their contact list. These group notifications will remain disabled until the user opts to join, enhancing personal security and privacy (22:00).

Conclusion

Today's edition of Risky Bulletin highlights significant shifts in cybersecurity policies, particularly Russia's move towards domestic software solutions and Ohio's transparent approach to handling ransomware payments. The episode also underscores the persistent threat of data breaches impacting both global brands and public institutions, while detailing ongoing vulnerabilities in major software platforms. These developments collectively emphasize the critical need for robust cybersecurity measures and proactive governance in the face of evolving cyber threats.

This summary is based on the transcript provided and aims to encapsulate the key discussions and insights shared in the August 6, 2025 episode of Risky Bulletin.