Loading summary
Caitlin Sorey
Sentinel One dodges a Chinese APT hack Anonymous sources point to more Salt Typhoon victims A cyber attack disrupts grocery deliveries in the US and 140 arrested in Kazakhstan for selling citizens data. This is the risky bulletin prepared by Catalyn Campanu and read by me, Caitlin sorey. Today is June 11th and this podcast episode is brought to you by Push Security. Security firm SentinelOne said Chinese hackers breached its hardware logistics vendor. The company said it stopped the intrusion before it reached Sentinel One's network. It linked the attacks to a group hacking on behalf of the Chinese government. Sentinelone said it also observed extensive reconnaissance of its Internet exposed systems. Chinese hackers may have breached telecommunications company Comcast and data center operator Digital Realty. Anonymous sources inside CISA and the NSA revealed the breaches to the publication nextgov. They linked them to Chinese cyber espionage group Salt Typhoon. The companies have not publicly confirmed the breaches. A cyber attack is disrupting the operations of U.S. grocery distributor United Natural Foods. The company said it proactively took some IT systems offline after discovering the attack last week. The company's ability to fulfill and distribute customer orders has been impacted. United Natural Foods is the country's largest grocery distributor. U.S. director of National Intelligence Tulsi Gabbard says the intelligence community should move away from building its own tools. Gabbard says U.S. agencies should buy tools from the private sector sector and focus on their core missions. The Biden administration's DNI Avril Haynes had also urged agencies to tap the private sector's knowledge and capabilities. Brett Leatherman has been named to lead the FBI's cyber division. Leatherman has been with the FBI for 22 years and was involved in the Lock Bit Salt Typhoon and Vault Typhoon investigations. He replaces Brian Vondren, who left to become Microsoft's new deputy chief information security officer. Hackers have stolen More than 300,000 crash reports from the Texas Department of Transportation. The breach took place on May 12 after a hacker compromised an employee account. The stolen reports include names, addresses, vehicle registration details and insurance information. The department is currently notifying everyone affected. Spyware maker Paragon Solutions has ended its contract with Italy. Paragon cut the government's access to its platform in February after reports that Italy had targeted journalists and activists. The Israeli spyware maker said it ended the contract after the the Italian government refused its help in investigating the alleged abuses. Italian company NEG has been contracted to provide replacement surveillance capabilities. 140 people have been detained in Kazakhstan accused of selling citizens personal data on Telegram. The group allegedly extracted the data from government databases Some of the information was also shared with debt collection agencies. Russian border authorities are denying entry to Ukrainians with phones that have been wiped clean, according to court documents. Authorities denied entry to users who deleted their image galleries, messages to chats or YouTube watch history. Some Ukrainian travellers who had their entries denied unsuccessfully challenged the decisions in court. A cyber espionage group has been using a Windows WebDAV zero day in phishing attacks. Users who clicked on malicious WebDAV links had malware installed on their systems. Check Point linked the attacks to Middle Eastern APT Group Stealth Falcon. Microsoft released patches for the zero day in this month's patch Tuesday. Microsoft will block two more file extensions in Outlook due to increased abuse. Outlook will block Library Ms. And Search Ms. File types from July. Both file types have been used to abuse Windows features and install malware. A memory leak in the Danabot malware command and control servers exposed information about its operators. Security firm Zscaler said it silently exploited the bug for three years to collect data. The vulnerability exposed details such as threat actor names, their IP addresses and cryptographic keys. Authorities seized Danabot infrastructure in May and charged 16 suspects. Two thirds of all online reconnaissance is due to mass scans for git secrets and environment files. These files contain credentials that can be used to enable other intrusions. Human security says that mass Internet scanning now accounts for almost 70% of the bot traffic it sees. One of the biggest sources of Internet scams this year was the hacked network of a major Romanian distillery. Google has patched a bug that exposed account holders, real names and phone numbers. The attack abused Google's Looker Studio data visualization product to reveal usernames. Phone numbers were extracted from the no JAR Script version of the password recovery interface. The bug was discovered by security researcher Brute Cat, who received a $5,000 reward from Google. A security researcher has accused Apple of silently patching a zero click iMessage exploit. Joseph Goydish claims the exploit could have allowed remote code execution attacks and the theft of secure enclave keys and crypto wallet data. He accused Apple of patching two bugs related to the exploit chain in April without credit or acknowledgment despite responsible disclosure. That's all for this podcast edition. Today's show was brought to you by our sponsor, P Security. Find them@PushSecurity.com.
Release Date: June 11, 2025 | Host: Caitlin Sorey | Source: Risky Business Team
At the forefront of this episode, Caitlin Sorey discusses a significant cybersecurity incident involving SentinelOne. According to the company, Chinese hackers attempted to breach its network through its hardware logistics vendor. However, "SentinelOne stopped the intrusion before it reached Sentinel One's network" (00:04). The attack was traced back to a group affiliated with the Chinese government, identified as Salt Typhoon. Sorey highlights that SentinelOne detected "extensive reconnaissance of its Internet exposed systems," indicating a well-planned espionage effort.
Further, speculative breaches regarding major telecommunications company Comcast and data center operator Digital Realty were mentioned. These claims stem from anonymous sources within the Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA), as cited by nextgov. However, both companies have yet to publicly confirm these breaches.
The episode shifts focus to United Natural Foods (UNFI), the largest grocery distributor in the United States. UNFI experienced a cyber attack that forced the company to "proactively take some IT systems offline" (00:04). This disruption has adversely affected their ability to fulfill and distribute customer orders, posing significant implications for the U.S. grocery supply chain.
Tulsi Gabbard, the U.S. Director of National Intelligence, is featured discussing the strategic direction of the intelligence community. Gabbard advocates for a shift away from developing proprietary tools, emphasizing that "U.S. agencies should buy tools from the private sector and focus on their core missions" (00:04). This sentiment is echoed by DNI Avril Haines, who urges agencies to leverage the private sector's expertise and capabilities to enhance national cybersecurity efforts.
A significant personnel update is reported with Brett Leatherman being appointed to lead the FBI's cyber division. Leatherman brings over two decades of experience, having been involved in major investigations including those against LockBit, Salt Typhoon, and Vault Typhoon. He succeeds Brian Vondren, who has transitioned to Microsoft's role as deputy chief information security officer (00:04).
The episode details a concerning data breach at the Texas Department of Transportation, where hackers stole over 300,000 crash reports on May 12. The breach was executed by compromising an employee account, leading to the theft of sensitive information such as names, addresses, vehicle registration details, and insurance information. The department is actively notifying those affected (00:04).
Paragon Solutions, an Israeli spyware manufacturer, has terminated its contract with the Italian government. The decision came after reports emerged that Italy had used Paragon’s platform to target journalists and activists. Despite a February release date, Paragon cited Italy's refusal to assist in investigating the alleged abuses as the primary reason for ending the partnership. Consequently, Italian company NEG has been contracted to provide alternative surveillance capabilities (00:04).
In a significant crackdown, Kazakhstan authorities have detained 140 individuals accused of selling citizens' personal data on Telegram. The group allegedly extracted this information from government databases, with some data being shared with debt collection agencies. This operation underscores the increasing scrutiny on data privacy and the illicit trade of personal information (00:04).
Russian border authorities have been denying entry to Ukrainian travelers whose phones have been "wiped clean," including deletions of image galleries, messages, chats, or YouTube watch history. Some affected individuals have unsuccessfully attempted to challenge these decisions in court, highlighting the intersection of cybersecurity and immigration policies (00:04).
A cyber espionage group linked to the Middle Eastern APT group Stealth Falcon has been utilizing a Windows WebDAV zero-day vulnerability in phishing attacks. Users who engaged with malicious WebDAV links inadvertently installed malware on their systems. Check Point Security has associated these attacks with Stealth Falcon, and Microsoft has since released patches addressing the zero-day vulnerability during the latest Patch Tuesday. Additionally, Microsoft plans to block two more file extensions in Outlook—Library Ms. and Search Ms.—starting in July to mitigate further abuse (00:04).
A critical vulnerability in Danabot malware’s command and control servers led to the inadvertent exposure of operator information. Zscaler, a security firm, identified that a memory leak allowed unauthorized access to details such as threat actor names, IP addresses, and cryptographic keys over a three-year period. This breach facilitated the collection of sensitive data, ultimately resulting in authorities seizing Danabot’s infrastructure in May and charging 16 suspects (00:04).
Human Security reports a dramatic increase in mass Internet scanning, accounting for nearly 70% of all bot traffic. A significant portion of online reconnaissance activities stems from mass scans targeting git secrets and environment files, which often contain credentials that can be leveraged for further intrusions. This trend underscores the evolving tactics of cyber attackers in seeking exploitable vulnerabilities (00:04).
One of the most notable sources of Internet scams this year has been identified as the hacked network of a major Romanian distillery. Google intervened by patching a vulnerability in its Looker Studio data visualization product, which was exploited to expose user account details, including real names and phone numbers. The breach allowed attackers to extract information from the no JavaScript version of the password recovery interface. Security researcher Brute Cat, who discovered the bug, received a $5,000 reward from Google for this significant contribution (00:04).
Concluding the episode, a security researcher has leveled accusations against Apple for quietly addressing a zero-click iMessage exploit. Joseph Goydish claims that the exploit had the potential for remote code execution attacks and could facilitate the theft of secure enclave keys and cryptocurrency wallet data. He contends that Apple patched two bugs related to the exploit chain in April without providing credit or acknowledgment, despite following responsible disclosure protocols (00:04). This situation raises questions about transparency and recognition in cybersecurity practices.
This episode of Risky Bulletin provides a comprehensive overview of recent cybersecurity threats, breaches, and strategic responses within various sectors. From thwarted Chinese APT attacks on SentinelOne to significant data breaches and strategic shifts in U.S. intelligence operations, the bulletin underscores the ever-evolving landscape of cyber threats and the critical measures being undertaken to combat them.