Transcript
A (0:04)
Palo Alto Networks patches a firewall Zero day Google patches an Android remote takeover bug. Avanti also patches one and a leak exposes Russia's spy and hacker school. This is the risky bulletin prepared by Katalin Kimpanu and read by me, Claire aird. Today is the 8th of May and this podcast episode is brought to you by Portswigger. In today's top story, a state sponsored group is exploiting a zero day vulnerability in Palo Alto network's firewalls. The zero day is in the device's web login interface and no authentication is required. It allows threat actors to run malicious code on the firewalls with root privileges. Affected devices include PA and VM series firewalls. Palo Alto networks advise customers to restrict logins to internal IP addresses and until a patch is available. In other news, Google has patched a vulnerability that granted remote access to Android devices. The bug allowed attackers to bypass authentication in the Android debug Bridge or ADB. The issue impacts devices running Android 11 or later where ADB has been enabled and used at least once. Android 11 was released in September 2020. Google released patches for the bug in its May security updates. This week, Ivanti has patched an actively exploited zero day in its EPMM mobile management platform. It's connected to two zero days the company patched in January, but which have continued to be exploited. The vulnerability requires attackers to be authenticated on an admin account. It was most likely used to maintain persistence after the January patches. The zero day is one of five vulnerabilities Avanti patched on Thursday. The Trump administration is preparing a long term reauthorisation of the Cybersecurity Information Sharing Act. The act allows the private sector to share cyber intelligence with the government without legal liability. It temporarily expired last year for a few months for the first time since it was approved. It was later extended until September this year. National cyber Director Shawn Cancross says he expects Congress to do the right thing. Meantime, the US government will use offensive cyber operations as part of its counterterrorism response. The new provision was included in the White House's new counterterrorism strategy, published this week. The document listed Islamist terrorists, drug cartels, transnational gangs and anti fascists as potential targets. It didn't list extreme right groups as one, though. EU officials are preparing new regulations that would exclude US tech giants from EU clouds. The EU Cloud and AI Development act is one of the several packages the EU is preparing to ensure its tech sovereignty. EU officials say they're seeing very effective lobbying from US companies claiming that moving away from their services would be too expensive. The new regulation is scheduled for debate at the end of May. 5 Water treatment facilities were hacked last year across Poland. Attackers gained access to industrial control systems in some facilities. Poland's intelligence service did not attribute the attacks to any group or foreign state. A major Moscow university has been exposed as a primary training centre for Russia's military hacking units. Students at a special department at the Baumann State Technical University in Moscow are are thought to hack, spread disinformation and sabotage operations. A leak of more than 2,000 internal documents has traced former students to multiple GRU cyber units. The leak includes curricula contracts, photos from classes and lists of students and teachers from 2022 to 2024. The Baumann Technical University was founded in 1830 and is generally considered Russia's MIT equivalent. AI startup BrainTrust has urged its customers to rotate their API keys following a security incident. The company says hackers gained access to its AWS infrastructure and may have accessed its API key database. BrainTrust provides AI observability tools for companies to monitor their AI models. The company's customers include Cloudflare, Vercel, Stripe and other tech giants. A DoD contractor has leaked US service member records and sensitive military training documents. The leak took place via an API exposed online without authentication. According to security firm Strix, AI virtual training platform Schemata took 150 days to secure the leaky API. A California man has been sentenced to six and a half years in prison for stealing cryptocurrency wallets. Marlon Ferro worked as hired muscle for a group of cryptocurrency hackers. When phishing and social engineering attempts failed to hack a victim, Ferro would be sent to break into a target's home and steal their crypto wallets. The group made more than $250 million from cryptocurrency thefts. The US has sentenced two more Americans to prison for running laptop farms for North Korean remote IT workers. Matthew Isaac Newt of Nashville, Tennessee and Eric Entekeretse Prince of New York were both sent sentenced to 18 months in prison. The two ran two separate laptop farms that allowed North Koreans to pose as Americans and obtain employment at U.S. companies. The workers made more than $1.2 million in salaries from their employment. Hungarian police have arrested a 20 year old suspect for swatting Americans. The suspect was a member of a discord group that streamed their swatting attempts to members of the community. Other members of the same community were also arrested earlier this year. A new hacking group is breaking into cloud servers previously breached by the TeamPCP group and replacing their malware with their own tools. The hack and replace campaign began last month. The attackers are replacing Team PCP backdoors with their own credential stealers and self propagating worms. SentinelOne tracks the group as PCP Jack. Google has removed 28 apps from the official Android Play Store for defrauding users. The the apps promised access to the call records, SMS data and WhatsApp call history of any phone number, but charged users and returned randomly generated data. They were downloaded more than 7.3 million times, primarily from India and the Asia Pacific region. North Korean hackers are using a new method to hide malware in GitHub repositories. Malicious loaders are hidden inside githooks, which are shell scripts that execute automatically when users interact with a repo. The new technique has been used in a North Korean campaign that targets developers with fake job offers. Individuals who clone a GitHub code assignment will end up infecting themselves with malware. And finally, Salesforce has overhauled its marketing cloud platform to address a swathe of vulnerabilities. The bugs would have allowed attackers to leak contacts and send emails from any of the company's tenants. The issue was reported in early January and patched after eight days. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Portswigger. Find them@portswigger.net thanks to your company.