Risky Bulletin: White House rejects nominee for NSA & CyberCom leader - Risky Bulletin

Summary7 min read

Risky Bulletin: White House Rejects Nominee for NSA & CyberCom Leader

Episode Release Date: June 23, 2025 | Host: Claire Aird | Presented by Risky.biz

1. White House Rejects Pentagon's Nominee for NSA & Cyber Command Leader

Timestamp: [00:04]

The episode opens with a significant development in U.S. cybersecurity leadership. The White House has officially rejected the Pentagon's nominee, Army Lt. Gen. Richard Angle, for the positions of National Security Agency (NSA) and Cyber Command (CyberCom) leader, replacing Gen. Timothy Haug.

Claire Aird reports, "The White House has rejected the Pentagon's choice for the head of NSA and Cyber Command" (00:04). This decision comes despite Angle having notable support from key Defense figures. In April, Politico highlighted that Defense Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard backed Angle's nomination. However, the White House has yet to provide a reason for the rejection, leaving the cybersecurity community speculating about the underlying motivations.

2. FCC Investigates U.S. Cyber Trust Mark Program

Timestamp: [00:04]

In related news, the Federal Communications Commission (FCC) is scrutinizing the U.S. Cyber TrustMark program, which was launched earlier this year to assess and assign safety labels to Internet of Things (IoT) devices based on their cybersecurity features.

Claire Aird states, "The FCC is investigating the company that manages the U.S. cyber trustmart program" (00:04). An internal FCC document revealed by Fox News raises alarms about UL Solutions, the managing entity, highlighting their "deep ties to China, including testing labs in the country." This revelation has sparked concerns over the integrity and security implications of the Cyber TrustMark program.

3. Massive Data Breaches and Ransomware Attacks

a. Paraguay Data Breach

Timestamp: [00:04]

A significant breach has affected Paraguay, where hackers leaked data of 7.4 million citizens following the government's refusal to pay a $7.4 million ransom demanded by the hacking group Brigada Cyber. Notably, Paraguay's population is approximately 6.8 million, suggesting exhaustive data coverage.

Claire Aird notes, "Hackers have leaked the data of 7.4 million citizens in Paraguay" (00:04). Security firm Re Security attributes the data theft to breaches in at least two government agencies, raising serious concerns about national data security protocols.

b. Russian Animal Products Industry Disruption

Timestamp: [00:04]

A cyber attack has targeted Russia's Vetis system, which manages animal health and veterinary documents. The disruption has far-reaching impacts on industries reliant on Vetis, including the dairy sector. The attack has forced companies to revert to paper documentation, hampering production efficiency.

Claire Aird explains, "The attack on the Vetis system has impacted several industries, including the dairy" (00:04).

c. Tonga's National Healthcare System Hit by Ransomware

Timestamp: [00:04]

Tonga's national healthcare infrastructure has suffered another ransomware attack, crippling its public website and multiple internal systems. This incident marks the second major ransomware assault on Tonga, with the first occurring in 2023 when the Medusa Group targeted the state-owned telecommunications company. The current attack prompted Australian cybersecurity experts to assist with recovery efforts.

Claire Aird reports, "This is Tonga's second major ransomware attack" (00:04), highlighting the ongoing vulnerability of small island nations to sophisticated cyber threats.

d. Iranian Hackers Breach Tirana's Municipal Government

Timestamp: [00:04]

The Homeland Justice Group, linked to Iranian intelligence, has carried out a cyber attack on Tirana's municipal government. The breach disabled the city's website and the Kindergarten enrollment system. This group has a history of cyber skirmishes, previously targeting Albania in 2022, motivated by political tensions involving Iran's opposition party, MEK, based in Albania.

Claire Aird states, "The Homeland Justice Group, which is affiliated with Iranian intelligence, has taken credit for the attack" (00:04).

e. Oxford City Employee Data Breach

Timestamp: [00:04]

In the UK, hackers have accessed personal data of employees from Oxford City, particularly those involved in local elections from 2001 to 2022. The breach occurred on June 6th, and the city has since secured and restored its systems, with affected employees being notified.

Claire Aird mentions, "Hackers have stolen employees' personal data from the UK city of Oxford" (00:04).

f. Aflac and Coin Market Cap Targeted by Cybercriminals

Timestamp: [00:04]

American insurance firm Aflac has fallen victim to a sophisticated cybercrime group employing social engineering tactics to infiltrate the company's internal network and steal customer data. Concurrently, nearly $50,000 in assets were siphoned from over 100 users of the cryptocurrency portal Coin Market Cap through a phishing scheme that manipulated users into connecting their crypto wallets to malicious code.

Claire Aird reports, "Hackers have stolen almost $50,000 in assets from users of the popular crypto portal Coin Market Cap" (00:04), linking the attack to the same underground community behind Scattered Spider, which Google has identified as targeting the insurance sector.

g. Bitapro Cryptocurrency Exchange Compromised

Timestamp: [00:04]

Taiwanese cryptocurrency exchange Bitapro has accused North Korea's Lazarus Group of stealing $11 million in crypto assets. The attack involved social engineering to obtain AWS session tokens, bypassing multi-factor authentication (MFA) and exploiting a window during a wallet upgrade to execute the theft.

Claire Aird states, "The company says the Lazarus group stole 11 million worth of crypto assets from the exchange in late May" (00:04).

4. Cyber Espionage and State-Sponsored Attacks

a. Chinese Group Salt Typhoon Targets Canadian Telco

Timestamp: [00:04]

Salt Typhoon, a Chinese cyber espionage group, has breached a Canadian telecommunications company by exploiting a vulnerability in Cisco's Dev Assault from 2023. This marks Salt Typhoon's first known victim outside the United States, broadening the geographical scope of their cyber activities.

Claire Aird reports, "Salt Typhoon's telco hacking spree was discovered last year" (00:04), emphasizing the group's expanding reach.

b. Iranian Tactics in Israeli Security Cameras

Timestamp: [00:04]

The Israeli government has issued warnings to its citizens to disable security cameras, citing Iranian hacking attempts aiming to manipulate live feeds for missile targeting adjustments. This cyber tactic mirrors strategies employed by Russia during the Ukraine conflict and underscores the persistent cyber threats faced by national infrastructures.

Claire Aird notes, "Officials say Iran is hacking security cameras and using live feeds to adjust missile targeting" (00:04).

5. Government Initiatives and Investments in Cybersecurity

Timestamp: [00:04]

In a proactive move, the UK government has committed £16 million to bolster domestic cybersecurity startups through the Cyber Growth Action Plan program. A newly established board will oversee the allocation of funds, aiming to support the UK's robust cybersecurity industry, which boasts over 2,100 firms and generates more than £13.2 billion annually.

Claire Aird states, "The UK government will invest 16 million pounds in domestic cybersecurity start-ups this year" (00:04), highlighting the nation's commitment to enhancing its cyber defense capabilities.

6. Notable Cybercrime Cases and Vulnerabilities

a. Australian Man's Wi-Fi Phishing Scheme

Timestamp: [00:04]

Michael Clapsis, a 43-year-old Australian, has pleaded guilty to orchestrating fake Wi-Fi networks across various locations, including domestic flights and major Australian cities. These networks redirected users to phishing sites, capturing credentials and personal media, leading to unauthorized account access and privacy invasions.

Claire Aird reports, "An Australian man has pleaded guilty to setting up fake wifi networks and stealing personal data" (00:04).

b. Paragon Solutions' Zero-Day Exploits

Timestamp: [00:04]

Israeli spyware manufacturer Paragon Solutions has been implicated in deploying zero-day exploits to disseminate its graphite spyware on Android devices. The exploitation involved a vulnerability in the Font rendering library, delivered via PDF files through WhatsApp. Although Prophet Meta patched this zero-day in March, similar vulnerabilities continue to pose threats, with recent links to iOS attacks.

Claire Aird states, "Israeli spyware maker Paragon Solutions used a zero day to deploy its graphite spyware on Android devices" (00:04).

c. Asus Removes Vulnerable API Credentials

Timestamp: [00:04]

Asus has addressed a critical security flaw by removing hard-coded API credentials from its MyASUS support application. Discovered by a New Zealand software engineer known as Mr. Brah, the credentials granted administrator-level access, posing significant security risks since the app's 2022 release.

Claire Aird mentions, "Asus has removed hard coded API credentials from its myasis support app" (00:04).

d. IBM and Microsoft Address System Vulnerabilities

Timestamp: [00:04]

IBM has released a security update for its Storage Protect backup system to fix a vulnerability that allowed attackers to bypass authentication using a built-in admin account. Simultaneously, Microsoft announced plans to remove legacy drivers from the Windows Update system to mitigate security and compatibility risks, prioritizing the removal of outdated drivers with newer versions available.

Claire Aird reports, "IBM has released a security update to fix a vulnerability in its Storage Protect backup system" (00:04), and adds, "Microsoft will remove legacy drivers from the Windows Update system" (00:04).

Conclusion

This episode of Risky Bulletin delivered a comprehensive overview of significant cybersecurity developments, ranging from high-level governmental decisions to intricate cyber attacks affecting various sectors globally. The rejection of the Pentagon's nominee underscores the complexities in cybersecurity leadership, while ongoing data breaches and state-sponsored attacks highlight the relentless nature of cyber threats. Concurrently, government initiatives and corporate responses demonstrate a multifaceted approach to enhancing cybersecurity resilience.

For those keen on staying informed about the evolving cybersecurity landscape, this episode provides valuable insights into the challenges and responses shaping the field today.

Prepared by Catalyn Kim Panu and read by Claire Aird.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
The White House rejects the Pentagon's nominee for NSA and CyberCom leader. The FCC probes the US cyber trust mark program A cyber attack disrupts Russia's animal products industry and hackers leak data about everyone in Paraguay. This is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 23rd of June and this podcast episode is brought you to Brought to you by Authentic the White House has rejected the Pentagon's choice for the head of NSA and Cyber Command. The Department of Defence had proposed Army Lt. Gen. Richard Angle to replace Gen. Timothy Hawg. President Donald Trump dismissed Haug. In April, Politico reported that Angle had the support of Defence Secretary Pete Hegseth and Director of National Intelligence Tulsi Gabbard. The White House has not said why the nomination was rejected. In other news, the FCC is investigating the company that manages the U.S. cyber trustmart program. The program launched earlier this year and assigns safety labels to IoT devices based on their cybersecurity features. According to Fox News, an FCC internal document raises concerns that UL Solutions has deep ties to China, including testing labs in the country. Hackers have leaked the data of 7.4 million citizens in Paraguay. The data was leaked after the government declined to pay a $7.4 million ransom to the hacking group Brigada Cyber. The group claims the data covers every citizen in the country, which has a population of 6.8 million. Security firm Re Security believes the data was taken from at least two government agencies. A cyber attack has taken down a Russian government system that manages animal health and veterinary documents. The attack on the Vetis system has impacted several industries, including the dairy. Raw milk can only be accepted for processing with a Vetis digital certification. Companies have been forced to fall back to paper documentation, which is impacting production. A ransomware attack has hit Tonga's national healthcare system. The incident took down its public website and several internal systems. A team of Australian cyber experts flew to the small Pacific island last week to assist its recovery efforts. This is Tonga's second major ransomware attack. In 2023, the Medusa Group targeted the country' state owned telecommunications company. Micronesia, Palau and Vanuatu have also been victims of major ransomware attacks in recent years. Iranian hackers have breached the municipal government of Albania's capital, Tirana. The attack took down the city's website and the Kindergarten enrolment system. The Homeland Justice Group, which is affiliated with Iranian intelligence, has taken credit for the attack. The group previously claimed credit for attacks in Albania in 2022 and 20. Iran's opposition party MEK, operates out of Albania, leading to regular cyber skirmishes. Hackers have stolen employees personal data from the UK city of Oxford. The impacted staff members worked on local elections between 2001 and 2022. The affected employees are being notified. The breach occurred on June 6th. The city says it secured and restored its systems. A cybercrime group has breached the American insurance firm Aflac. The intruders allegedly used social engineering to gain access to the company's internal network and steal customer data. The company described the hackers as a sophisticated cybercrime group. Earlier this month, Google warned that Scattered Spider had begun targeting the insurance sector. Hackers have stolen almost $50,000 in assets from users of the popular crypto portal Coin Market Cap. Attackers replaced the company's animated website logo with malicious code. It prompted users to connect their crypto wallets to a phishing kit that emptied their accounts. The hackers stole assets from more than 100 users. Reports suggest the hackers are connected to the COM, which is the same underground community that Scattered Spider originated from. Taiwanese cryptocurrency exchange Bitapro has blamed North Korea for its recent compromise. The company says the Lazarus group stole 11 million worth of crypto assets from the exchange in late May. The group allegedly socially engineered an employee and stole AWS session tokens to bypass MFA and access its cloud infrastructure. The group timed their attack to coincide with a wallet upgrade procedure when exchange employees were expecting funds to move. Chinese cyber espionage group Salt Typhoon hacked a Canadian telco in February. The hackers exploited a 2023 vulnerability in Cisco dev assault. Typhoon's telco hacking spree was discovered last year. This is the group's first known victim outside the US the company hasn't been named. The Israeli government has told its citizens to turn off security cameras. Officials say Iran is hacking security cameras and using live feeds to adjust missile targeting. The same tactic has been used by Russia during the Ukraine invasion. Ukraine has issued similar warnings to its citizens since 2022. The UK government will invest 16 million pounds in domestic cybersecurity start ups this year. The funding will be available through the government's Cyber Growth Action Plan program. A new board has been established to help allocate the funds. The UK has more than 2,100 cybersecurity firms and the industry generates more than £13.2 billion in annual revenue. An Australian man has pleaded guilty to setting up fake wifi networks and stealing personal data. 43 year old Michael Clapsis ran fake public Wi fi access points at his workplace on domestic flights and at airports in Perth, Melbourne and Adelaide. The WI FI networks redirected users to phishing pages and captured their credentials. Clapsus then accessed victims accounts and collected photos and videos of women. Clapsus also hacked his employer after his arrest and accessed emails between his boss and police. Israeli spyware maker Paragon Solutions used a zero day to deploy its graphite spyware on Android devices, according to Security Week. The exploit in the free Font font rendering library was used with PDF files sent via WhatsApp. The zero day was patched in March after Meta spotted the attacks. A similar zero day in iOS was linked to Paragon last week. Asus has removed hard coded API credentials from its myasis support app. The credentials had administrator level permissions that could have allowed attackers access to any Asus account. A software engineer from New Zealand known as Mr. Brah discovered the credentials inside DLL files within the app. The flaw has likely been present since the app's release in 2022. IBM has released a security update to fix a vulnerability in its Storage Protect backup system. The company says attackers bypass authentication by using a built in admin account. The issue impacts all versions released since April 2021. And finally, Microsoft will remove legacy drivers from the Windows Update system. The OS marker says the move is to mitigate security and compatibility risks. Microsoft will remove drivers that have newer versions before removing drivers that are no longer used. And that is all for this podcast edition. Today's show was brought to you by Authentic. Find them at GoAuthentic IO. Thanks company.

Risky Bulletin: White House Rejects Nominee for NSA & CyberCom Leader

Episode Release Date: June 23, 2025 | Host: Claire Aird | Presented by Risky.biz

1. White House Rejects Pentagon's Nominee for NSA & Cyber Command Leader

Timestamp: [00:04]

2. FCC Investigates U.S. Cyber Trust Mark Program

Timestamp: [00:04]

3. Massive Data Breaches and Ransomware Attacks

a. Paraguay Data Breach

Timestamp: [00:04]

b. Russian Animal Products Industry Disruption

Timestamp: [00:04]

Claire Aird explains, "The attack on the Vetis system has impacted several industries, including the dairy" (00:04).

c. Tonga's National Healthcare System Hit by Ransomware

Timestamp: [00:04]

Claire Aird reports, "This is Tonga's second major ransomware attack" (00:04), highlighting the ongoing vulnerability of small island nations to sophisticated cyber threats.

d. Iranian Hackers Breach Tirana's Municipal Government

Timestamp: [00:04]

Claire Aird states, "The Homeland Justice Group, which is affiliated with Iranian intelligence, has taken credit for the attack" (00:04).

e. Oxford City Employee Data Breach

Timestamp: [00:04]

Claire Aird mentions, "Hackers have stolen employees' personal data from the UK city of Oxford" (00:04).

f. Aflac and Coin Market Cap Targeted by Cybercriminals

Timestamp: [00:04]

g. Bitapro Cryptocurrency Exchange Compromised

Timestamp: [00:04]

Claire Aird states, "The company says the Lazarus group stole 11 million worth of crypto assets from the exchange in late May" (00:04).

4. Cyber Espionage and State-Sponsored Attacks

a. Chinese Group Salt Typhoon Targets Canadian Telco

Timestamp: [00:04]

Claire Aird reports, "Salt Typhoon's telco hacking spree was discovered last year" (00:04), emphasizing the group's expanding reach.

b. Iranian Tactics in Israeli Security Cameras

Timestamp: [00:04]

Claire Aird notes, "Officials say Iran is hacking security cameras and using live feeds to adjust missile targeting" (00:04).

5. Government Initiatives and Investments in Cybersecurity

Timestamp: [00:04]

6. Notable Cybercrime Cases and Vulnerabilities

a. Australian Man's Wi-Fi Phishing Scheme

Timestamp: [00:04]

Claire Aird reports, "An Australian man has pleaded guilty to setting up fake wifi networks and stealing personal data" (00:04).

b. Paragon Solutions' Zero-Day Exploits

Timestamp: [00:04]

Claire Aird states, "Israeli spyware maker Paragon Solutions used a zero day to deploy its graphite spyware on Android devices" (00:04).

c. Asus Removes Vulnerable API Credentials

Timestamp: [00:04]

Claire Aird mentions, "Asus has removed hard coded API credentials from its myasis support app" (00:04).

d. IBM and Microsoft Address System Vulnerabilities

Timestamp: [00:04]

Conclusion

For those keen on staying informed about the evolving cybersecurity landscape, this episode provides valuable insights into the challenges and responses shaping the field today.

Prepared by Catalyn Kim Panu and read by Claire Aird.