Risky Bulletin

A major APT breached F5, stealing source code and vulnerability reports over nearly a year. In Europe, a politician filed a criminal complaint against Hungary's PM for alleged spyware deployment. Hijacked airport PA systems in Canada and the U.S. aired political messages, causing chaos. Meanwhile, a hacker behind the PowerSchool breach received prison time for compromising data on 70 million individuals. Also, Microsoft revoked numerous malware-signing certificates to combat rising threats.

A Jakarta-based firm is selling surveillance-as-a-service, raising alarms about unregulated sales practices. While big spyware vendors face scrutiny, smaller companies navigate under the radar, catering to questionable clients. The Chinese government capitalizes on hacking contests to bolster its cyber capabilities, further complicating the global surveillance landscape. Discussions dive into the impact of media and government on the spyware market, and the fallout for investors entangled with controversial firms like NSO.

Windows 10 has officially reached its end-of-life, pushing users to consider upgrades. Meanwhile, cybersecurity staff at CISA dodged layoffs, while the US seized a staggering $15 billion from a notorious cyber-scam operator. Significant cybersecurity threats loom, including a Secure Boot bypass affecting 200,000 Framework computers and rampant phishing techniques evolving on established domains. Plus, 4chan faces a hefty fine for user age verification violations, and a problematic Jeep firmware update left some hybrids powerless!

Delve into the shadowy world of cybercrime, where insider recruitment is the new frontier. Discover how groups like Scattered Spider are enticing insiders with offers for network access. Explore whether Telegram can serve as a recruitment hub and if paying insiders signals enhanced security measures. Hear about the historical parallels of insider payoffs and why language skills are crucial for social engineering. Join the debate on the chaotic dynamics of different criminal organizations and whether Scattered Spider can scale up into a more disciplined enterprise.

Microsoft's response to zero-day attacks in Edge's IE mode signals a significant security overhaul. The FBI's recent seizure of an extortion site targeting Salesforce showcases ongoing battles against cybercrime. In a surprising twist, Apple doubles its bug bounty rewards to enhance security measures. Tensions rise as CISA faces layoffs while U.S. cyber leadership reshapes. Furthermore, the expansion of the Isaru botnet threatens thousands of systems, revealing the relentless nature of cyber threats and defenses.

In this insightful discussion, Damien Lewke, the founder and CEO of Nebulock, shares his expertise in building AI-driven agents for cybersecurity. He reveals how quickly threat actors are embracing AI and highlights the lagging response from defenders. Damien emphasizes the need for a phased approach to AI implementation in organizations, focusing on specific use cases. He also talks about the importance of human reasoning in threat detection and how AI can help democratize defense strategies, making them accessible for all.

The EU has scrapped its chat control vote due to lack of support and opposition. Ukraine is taking cyber security seriously by establishing a national Cyber Force. In a surprising move, CISA is reallocating staff to immigration enforcement. Two teens have been arrested in connection with the hacking of a London nursery, while Salesforce stands firm, refusing to pay a ransom over a massive data breach. Meanwhile, the FCC's telecom breach reporting rules are on hold amid legal battles.

Tom Uren, a policy and intelligence editor, dives into the intriguing tactics of the Clop ransomware gang. He explains how Clop’s strategy of mass exploitation yields significant profits while being the least harmful form of ransomware. Additionally, Tom discusses the importance of the U.S. government addressing foreign influence operations, providing insights into recent activities by adversarial states. His perspective on steering ransomware behaviors towards less damaging tactics is particularly thought-provoking.

Redis faces a critical vulnerability after 13 years, leaving many deployments open to remote code execution. Oracle rushes to fix an urgent zero-day that enabled unauthorized access in their eBusiness Suite. The Medusa group is linked to data theft from Fortra, marking a shift in their tactics. Meanwhile, India addresses flaws in its tax portal that exposed sensitive information. The conversation also touches on cybersecurity training cuts by the Pentagon and the international collaboration of Estonia and Ukraine to train cyber specialists.

Experts discuss the alarming trend of mass exploitation of platforms like SharePoint and Exchange. They analyze Google's time-to-exploit metric, revealing a troubling shift towards zero-day exploits. Notably, they explore why many vulnerabilities exploited today are years old and argue that attackers prioritize targets that yield quick gains. The conversation highlights how the announcement of patches triggers rapid exploitation and the impact of better detection methods on perceived trends in cyber incidents. A must-listen for cybersecurity enthusiasts!