Risky Bulletin

Chinese APTs wasted no time exploiting the recently disclosed React2Shell vulnerability. The US response to telco hacking by China remains stalled, prioritizing trade over security. The hunt for a CISA director continues as the NSA faces significant staff reductions. Meanwhile, India has scrapped its mandatory cybersecurity app after backlash. In other news, unauthorized transactions linked to Gmarket and a significant data leak from Nonsec raise alarms, while a teen's hacking exploits using AI showcase the evolving threat landscape.

Tom Uren, a cyber policy analyst and author of the Seriously Risky Business newsletter, joins to discuss a new framework outlining seven 'red flags' for assessing cyber operations. They explore Iran's use of cyber intelligence for missile strikes and the implications of political interference in elections. The conversation dives into the significance of corporate disclosure amid evolving state cyber activities, and they express skepticism about China's claims of being a responsible cyber actor. This engaging dialogue sheds light on the complexities of modern cyber warfare.

Tom Uren and The Grugq dive into the fascinating world of state cyber espionage. The Grugq, a savvy operational security commentator, discusses the impact of the recent Charming Kitten document leak and debates whether such disclosures can effectively deter espionage. They explore how leaks force adversaries like Iran to adapt swiftly and restructure their operations. The conversation also highlights the strategic implications of targeting high-value groups and how unique vulnerabilities within ecosystems can be exploited, making for a captivating discussion.

In this insightful discussion, Mike Lashley, Chief Security Officer at Mastercard, dives into the strategic motivations behind Mastercard's acquisition of Recorded Future. He emphasizes the power of merging payment data with threat intelligence to enhance fraud detection. Mike discusses the competitive edge of superior data and AI in the cyber arms race, as well as the importance of global collaboration with law enforcement to disrupt cybercrime. Furthermore, he explains the rationale for holding both the CSO and CISO roles within Mastercard.

Tom Uren, a policy and intelligence editor specializing in cybersecurity, dives into the concerns around the DeepSeek-R1 AI model, revealing how it produces insecure code when prompted with topics sensitive to the Chinese Communist Party. He explains emergent misalignment in AI and emphasizes that biases are not unique to China, citing Musk's Grok as an example. Additionally, he discusses the doxxing of Iran's APT35 group, detailing their structure and operations, while predicting their resilience after the leak. Uren underscores the need for rigorous review of AI-generated outputs.

Dive into the contrasting worlds of telcos and cloud services as experts discuss the ongoing debate about security practices. Explore how recent cyber incidents like Salt Typhoon prompted regulators to scrutinize telco vulnerabilities. Discover why cloud companies may excel at security through innovative chaos engineering methods. The conversation also touches on the potential risks of national sabotage, the effectiveness of encryption, and the unique leverage small teams gain in cyber warfare. Regulation’s role is critically examined, as is the promise and peril of critical infrastructure.

Tom Uren, a policy and intelligence editor specializing in cybersecurity, joins Amberleigh Jack to explore the recent revelations about AI-driven cyber espionage campaigns. They discuss how this innovation aids opportunistic attackers, while offering little advantage to Western intelligence. The conversation shifts to Google's legal victory over the Lighthouse phishing operation, which has had unexpected success in disrupting their activities. Lastly, Uren highlights the benefits of adopting the memory-safe Rust programming language in Android, showing its impact on security and performance.

Dive into the intriguing world of cyber warfare as experts dissect Russia's strategic focus on Ukraine's grain sector. They question whether these wiper attacks are planned or opportunistic. The discussion shifts to lessons learned by Russia, emphasizing intelligence integration over pure disruption. Curious insights emerge on how Western militaries might handle similar cyber operations. The role of volunteer hackers in Ukraine's defense also takes center stage, illustrating the complex landscape of modern warfare and the evolving nature of cyber tactics.

Europol successfully dismantles critical infrastructures behind Elysium, VenomRAT, and Rhadamanthys malware operations. Checkout.com makes waves by donating ransom money to cybercrime research instead of paying hackers. Cyberattacks disrupt radio broadcasts in Germany and the Netherlands. Google takes legal action against a phishing platform and makes significant changes to Android developer verification rules. Meanwhile, U.S. sanctions a military-linked scam group in Myanmar, and China disputes the origins of seized cryptocurrency.

Tom Uren, a policy and intelligence editor, dives into Meta's alarming $16 billion profit from scam ads, revealing the internal incentives that keep fraud thriving. He discusses how Meta's high denial threshold and algorithmic engagement create perverse incentives for scammers. The conversation shifts to restrained state-backed supply chain attacks and why some intrusions weren't weaponized. Lastly, Uren highlights the UK's pause on intelligence sharing with the US over concerns regarding legality in operations against suspected drug boats.