Summary of Risky Bulletin: Windows Update Will Patch Third-Party Apps
Host: Caitlin Sorey
Prepared by: Catalyn Campanu
Release Date: May 30, 2025
1. Microsoft Enhances Windows Update for Third-Party Applications
Caitlin Sorey [00:04]: "Microsoft will allow third parties to distribute patches via Windows Update app and driver."
Microsoft is set to revolutionize its Windows Update system by enabling third-party developers to distribute updates for their applications and drivers directly through the Windows Update interface. This initiative aims to streamline the update process, ensuring users receive timely patches without the need to rely solely on individual software providers. Developers are being encouraged to register and participate in testing this new update mechanism, which is slated for inclusion in a future release of Windows 11.
2. Massive Leak Exposes Russia's Nuclear Secrets
A significant breach has led to the exposure of Russia's nuclear secrets through an internet-accessible database containing over 2 million documents. The leaked information includes detailed blueprints of nuclear missile sites, specifics on recent repairs, and plans for new facilities and bases. This alarming disclosure was uncovered by Danish journalists collaborating with reporters from Der Spiegel, raising concerns about national security and the potential implications for global stability.
3. Czech Republic Accuses China of Cyber Espionage
In a severe allegation, the Czech Republic has accused China of orchestrating a cyberattack against its Ministry of Foreign Affairs in 2022. The breach targeted an unclassified network connected to the ministry, potentially linked to telecommunications infrastructure. Officials have identified APT31, a cyber espionage group associated with China's Ministry of State Security, as the perpetrator. In response, NATO and the European Union have publicly supported the Czech Republic, emphasizing the importance of collective cybersecurity measures.
4. United Kingdom Establishes New Cyber Command
The UK government has announced the creation of the Cyber and Electromagnetic Command, a new military division tasked with coordinating both defensive and offensive cyber operations to support national security missions. General Sir James Hockenhull will lead this initiative, which underscores the UK's commitment to enhancing its cyber defense capabilities in an increasingly digital battleground.
5. US Banks Challenge SEC's Cyber Breach Disclosure Rule
Five major US banking associations have formally requested the Securities and Exchange Commission (SEC) to repeal its Cyber Incident Disclosure Rule. Adopted last year, the rule mandates that businesses disclose data breaches within four business days of determining their material impact. The banks argue that this requirement complicates incident management and introduces additional risks. They also highlight that certain ransomware groups exploit the SEC's disclosure timelines to exert greater pressure on victims.
6. NATO Integrates Cybersecurity into Defense Spending Targets
NATO is pushing to include cybersecurity, alongside border and coastal security, in its new defense spending framework. The proposed target allocates 5% of GDP to defense, with 3.5% designated for "hard" defense expenditures and the remaining 1.5% covering defense-related initiatives, including cybersecurity. Member states are scheduled to vote on this revised spending target in June, reflecting the growing recognition of cyber threats in international security strategies.
7. India Implements Strict Regulations on Foreign Surveillance Cameras
India has enacted legislation requiring all foreign-manufactured surveillance cameras to undergo mandatory testing in government laboratories before being introduced to the market. This law mandates that companies submit the source code for all camera firmware and permit Indian officials to audit their factory processes. While aimed at enhancing national security, several manufacturers have raised concerns regarding the invasiveness of factory inspections and the slow pace of the approval process.
8. ConnectWise Reports APT Breach in Remote Access Platform
IT software company ConnectWise has disclosed a breach in its ScreenConnect remote access platform, attributing the incident to a state-sponsored Advanced Persistent Threat (APT) group. Although the company states that only a small number of customers were affected, it has proactively notified those impacted and is conducting a thorough investigation to assess the extent and implications of the breach.
9. Victoria's Secret Suffers Cyber Attack, US Website Taken Down
Lingerie giant Victoria's Secret has temporarily taken down its US website following a cyberattack. While physical stores remain operational, certain in-store services have been suspended as the company works to restore its IT systems. Victoria's Secret manages over 1,300 retail locations across 70 countries, and the attack underscores the vulnerabilities faced by global retail operations in the digital age.
10. International Crackdown on Phishing Operations
-
Pakistan: Authorities have arrested 21 individuals in connection with the Heart Sender phishing group. Dutch and US authorities had previously seized the group's servers in January, revealing that they sold phishing kits and templates and operated a marketplace for stolen credentials. The Heart Sender group is implicated in phishing scams resulting in over $50 million in losses within the United States.
-
India: In the city of Visakhapatnam, Indian authorities raided a cyber scam operation compound, detaining over 100 suspects. The group ran call centers targeting English-speaking victims, similar to operations seen in Cambodia and Myanmar.
-
Philippines: The US has sanctioned Funnel Technologies and its administrator, Lou Liz, for providing internet infrastructure to scam operations. Funnel servers have been linked to more than $200 million in reported losses, with the FBI releasing numerous Indicators of Compromise (IOCs) tied to Funnel-hosted scam infrastructures over the past three years.
In the UK, online fraud has resulted in nearly £1.2 billion in losses across over 3 million reported cases, with investment scams being the most detrimental. According to the Organized Crime and Corruption Reporting Project, fraud constitutes 41% of all reported crimes in the UK.
11. New Botnet Targets Asus, Cisco, D-Link, and Linksys Devices
A newly identified botnet named "Asish" has compromised over 9,000 Asus routers by exploiting a vulnerable Trend Micro security feature. Additionally, a smaller number of Cisco, D-Link, and Linksys devices have been infected. Active since March, Asish appears to be part of a larger botnet operation known as "Vicious Trap." Security firm Sequoia Grainoy suggests that the botnet's complexity points to the involvement of an APT group, indicating a sophisticated level of cyber threat.
12. Vulnerability in OneDrive File Picker Component Exposes User Accounts
A security flaw in the OneDrive file picker component has been identified, allowing attackers to access entire OneDrive accounts. The vulnerability stems from improperly defined OAuth permissions within the OneDrive service. Security firm Oasis reported the bug to Microsoft, and it affects applications such as Slack, Trello, and ChatGPT. Microsoft is currently addressing the issue to secure affected systems.
13. Texas Enacts Age Verification Requirements for Mobile App Downloads
Texas has passed a new law mandating that mobile app stores verify the ages of users before allowing them to download applications. Governor Greg Abbott signed the bill, which is set to take effect next year and primarily impacts major platforms like Apple and Google. Both companies have publicly criticized the law, highlighting potential challenges in implementation. A similar regulation was previously enacted in Utah earlier this year.
Conclusion
The Risky Bulletin delivered a comprehensive overview of recent cybersecurity developments, highlighting significant breaches, regulatory changes, and evolving threats. From Microsoft's initiative to streamline third-party updates via Windows Update to the international crackdown on sophisticated phishing operations, the episode underscored the dynamic and multifaceted nature of the cybersecurity landscape. Listeners are encouraged to stay informed and vigilant in navigating these complex challenges.
This summary was prepared based on the podcast episode "Risky Bulletin: Windows Update will patch third party apps" released on May 30, 2025.
