CyberWire Daily - Chrome & Firefox squash the latest flaws.
Episode Date: April 2, 2025Google and Mozilla patch nearly two dozen security flaws. The UK’s Royal Mail Group sees 144GB of data stolen and leaked. A bizarre campaign looks to recruit cybersecurity professionals to hack Chin...ese websites. PostgreSQL servers with weak credentials have been compromised for cryptojacking. Google Cloud patches a vulnerability affecting its Cloud Run platform. Oracle faces a class-action lawsuit over alleged cloud services data breaches. CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation and Hitachi Energy products. General Paul Nakasone offers a candid assessment of America’s evolving cyber threats. On today’s CertByte segment, a look at the Cisco Enterprise Network Core Technologies exam. Are AI LLMs more like minds or mirrors? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, this week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Enterprise Network Core Technologies (350-401 ENCOR) v1.1 exam. Today’s question comes from N2K’s Cisco CCNP Implementing and Operating Cisco Enterprise Network Core Technologies ENCOR (350-401) Practice Test. The ENCOR exam enables candidates to earn the Cisco Certified Specialist - Enterprise Core certification, which can also be used to meet exam requirements for several other Cisco certifications. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/exams/encor.html Selected Reading Chrome 135, Firefox 137 Patch High-Severity Vulnerabilities (SecurityWeek) Royal Mail Group Loses 144GB to Infostealers: Same Samsung Hacker, Same 2021 Infostealer Log (Infostealers) Someone is trying to recruit security researchers in bizarre hacking campaign (TechCrunch) Ongoing cryptomining campaign hits over 1.5K PostgreSQL servers (SC Media) ImageRunner Flaw Exposed Sensitive Information in Google Cloud (SecurityWeek) Google Brings End-to-End Encrypted Emails to All Enterprise Gmail Users (SecurityWeek) Oracle now faces class action amid alleged data breaches (The Register) CISA Releases Two ICS Advisories for Vulnerabilities, & Exploits Surrounding ICS (Cyber Security News) Exclusive: Gen. Paul Nakasone says China is now our biggest cyber threat (The Record) Large AI models are cultural and social technologies (Science) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Looking for a career where innovation meets impact?
Vanguard's technology team is shaping the future of financial services by solving complex
challenges with cutting-edge solutions.
Whether you're passionate about AI, cybersecurity,
or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas
drive change. With career growth opportunities and a focus on work-life balance, you'll have
the flexibility to thrive both professionally and personally. Explore open cybersecurity
and technology roles today at VanguardJobs.com.
Google and Mozilla patch nearly two dozen security flaws.
The UK's Royal Mail Group sees 144 gigabytes of data stolen and leaked.
A bizarre campaign looks to recruit cybersecurity professionals to hack Chinese websites.
Post-gresql servers with weak credentials have been compromised for crypto-jacking.
Google Cloud patches a vulnerability affecting its Cloud Run platform.
Oracle faces a class-action lawsuit over alleged cloud services data breaches.
CISA releases ICS advisories detailing vulnerabilities in Rockwell Automation
and Hitachi Energy products.
General Paul Nakasone offers a candid assessment of America's evolving cyber threats.
On today's CertBytes segment, a look at the Cisco Enterprise Network Core Technologies exam. And are AI LLMs more like minds or mirrors?
It's Wednesday, April 2nd, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It's great to have you with us.
Google and Mozilla released updates on Tuesday
to patch nearly two dozen security
flaws in Chrome 135 and Firefox 137.
Chrome 135 includes 14 fixes with a high severity use
after free bug in navigations, topping the list.
Google paid $18,000 in bug bounties, including $10,000
to Philip Beer for a custom tabs issue. Firefox 137 addresses eight flaws, including three
high severity memory bugs that could allow code execution. Mozilla also rolled out updates
for Firefox ESR and Thunderbird, covering many of the same vulnerabilities.
While there's no evidence these bugs are being exploited in the wild, both companies
urge users to update promptly.
Chrome 135 is now available for Linux, Windows, and Mac OS, while Firefox 137 is live for
all supported platforms. A threat actor known as GHNA has leaked 144 gigabytes of data stolen from Royal Mail Group,
a UK postal service and courier company, on breach forums following a similar Samsung
breach.
Both incidents trace back to a 2021 InfoStealer malware infection at Spectos, a third-party
data service provider.
The leaked files include customer PII, internal Zoom recordings, mailing lists, delivery data,
and a WordPress SQL database.
Hackers are increasingly using AI to extract value from such large data dumps, enabling
faster, more targeted attacks.
The breach exposes deep flaws in supply chain security, showing how old stolen credentials
can lead to major breaches years later.
The Royal Mail incident underscores the urgent need for better third-party risk management,
ongoing monitoring, and AI-aware defenses in cybersecurity strategies.
A mysterious figure named Jack is offering up to $100,000 a month to cybersecurity professionals
to hack Chinese websites using web shells.
This recruitment campaign, spread via sockpuppet accounts on ex-Twitter, features AI-generated avatars
and vague promises.
The job?
Hack any website registered in China, no specific targets, just volume.
Jack claims to want China's traffic, but offers little explanation, even contradicting himself
about working for the Indian government. Security experts are baffled. Some think it's trolling.
Others suspect a bizarre attempt to infect Chinese users with malware.
Despite its sketchiness, no one has reported phishing or malware links yet.
In the words of one expert, the campaign is
persistent, widespread, and bizarre with no clear motive or endgame.
Over 1,500 PostgreSQL servers with weak credentials have been compromised by the Jinx 0.1.2.6
campaign, a new wave of cryptojacking linked to earlier PG-MEM malware.
Attackers exploit a PostgreSQL SQL command to run system commands, kill competing
miners, and deploy a binary that installs XM rig mining software. A spoofed Postmaster binary
ensures persistence and escalates privileges. According to Wiz, the campaign uses unique hashes
and fileless execution to bypass detection,
marking a sophisticated evolution in cloud-targeted attacks.
Google Cloud has patched a vulnerability called Image Runner,
which affected its cloud-run platform.
Discovered by Tenable, the flaw allowed users with certain permissions
to modify cloud-run services and potentially
access private container images. In the worst case, attackers could extract secrets and
exfiltrate sensitive data. Google says they alerted customers in November of last year
and fully deployed a fix by January 28th of this year. The update now enforces stricter
IAM checks during deployments to prevent unauthorized
image access. Elsewhere, Google has launched a beta feature allowing enterprise users to send
end-to-end encrypted emails within their organization with plans to expand it to all Gmail inboxes by
year's end. Google's approach doesn't require certificate management
or key sharing, simplifying secure communications.
Organizations retain control of encryption keys,
keeping messages secure and compliant with regulations.
External recipients can access messages via a restricted
interface, or SMIME, if supported.
Additional Gmail security features, including data loss
prevention and AI threat protection, are also now available.
Oracle is facing a class action lawsuit in Texas over alleged data breaches tied to its
cloud services. Filed by Floridian Michael Toycock and law firm Seamus & Genteel, the suit accuses Oracle of violating
Texas data breach notification laws by failing to alert victims within 60 days.
The case alleges that Oracle's poor security practices led to the exposure of personal
and health data and that the company has remained silent about the breach.
Toycock claims Oracle didn't inform him of the incident,
explain how it occurred, or confirm data security.
He and others expect to face ongoing risks
of identity theft and financial loss.
The plaintiffs seek compensation
and demand Oracle improve its cybersecurity practices.
Oracle has yet to respond to the allegations.
On April 1st, CISA released two ICS advisories detailing major vulnerabilities in Rockwell
Automation and Hitachi Energy products, posing risks to critical infrastructure. The Rockwell
advisory warns of a deserialization flaw in systems using Veeam backup and replication, allowing remote
code execution with admin access.
Patches are available.
The Hitachi advisory highlights several flaws, including a critical injection vulnerability
in Microscata Pro X Sys 600.
Multiple versions are affected and there are fixes provided.
These issues could impact manufacturing, energy, water, and chemical sectors.
CISA urges immediate action, patching systems, limiting ICS exposure, and applying secure
configurations.
No exploitation has been reported yet, but the agency stresses urgency due to the potential
for severe disruption.
In an exclusive interview with The Record, former NSA and U.S. Cyber Command Chief General
Paul Nakasone offered a candid assessment of America's evolving cyber threats.
A year out of government, Nakasone reflected on China's growing cyber-aggression, describing the Volt and Salt Typhoon campaigns as clear signs that Beijing has
surpassed Russia in capability and intent.
This is nothing like we've seen before, he warned, pointing to Chinese
intrusions in critical U.S. infrastructure.
Naccasone emphasized the urgent need for better cyber deterrence, faster
defense and stronger
partnerships across government, industry, and academia.
Now on the OpenAI board, he also discussed AI's dual-use future, powerful for both offense
and defense, and called for a national strategy around data, energy, semiconductors, and
talent. From AI ethics to Taiwan tensions and offensive cyber policy,
Nakasone's message was clear. The U.S. must move faster or fall behind.
Coming up after the break on today's CertBytes segment, a look at the Cisco Enterprise Network
Core Technologies exam and our AI LLMs more like minds or mirrors.
Stay with us. Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up,
they started removing my personal information
from hundreds of data brokers.
I finally have peace of mind,
knowing my data privacy is protected.
DeleteMe's team does all the work for you
with detailed reports,
so you know exactly what's been done.
Take control of your data
and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when
you go to joindeleteme.com slash n2k and use promo code n2k at checkout.
The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. to Are you frustrated with cyber risk scores backed by mysterious data, zero context and
cloudy reasoning?
Typical cyber ratings are ineffective and the true risk story is begging to be told.
It's time to cut the BS.
BlackKite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third-party cyber risk using reliable,
quantitative data.
Make better decisions.
Reduce your uncertainty.
Trust BlackKite. On today's CertBytes segment, the CertBytes team looks at the Cisco Enterprise Network
Core Technologies exam.
Hi everyone, it's Chris.
I'm a content developer and project management specialist here at N2K Networks. Today's question targets the Cisco Enterprise
Network Core Technologies 350-401 Encore version 1.1, which was updated on
September 20th, 2023. This exam enables candidates to earn the Cisco Certified
Specialist Enterprise Core Certification, which can also be used to meet exam
requirements for several other Cisco certifications.
I've enlisted Troy once again as our new guest host. He's a specialist in all things Cisco,
ISACA, and EC Council. Welcome Troy, how are you today?
I'm doing great, Chris. Thank you for having me.
Absolutely. Now, before we get into it, be sure to stick around after our question for our special
study bit for this test, as well as for the latest news on upcoming N2K practice tests.
Okay, we're going to be turning the tables and Troy, you're going to be asking me today's
question.
Troy, let me have it.
Okay, Chris, here's a question.
It's a multiple choice, but only one answer is correct.
Which of the following is not a packet type used by Enhanced Interior Gateway Routing Protocol, or EIGRP?
Your choices are A. Query, B. Reply, C. Response, or D. Act.
Right. So before I answer, Troy, I understand this is under the infrastructure objective and
the layer three sub-objective, correct?
That is correct.
Okay.
And since I have no idea what an EIGRP is, can you please take a moment to explain that
to me?
EIGRP is a routing protocol, and routing protocols are used by the routers to communicate with one another
to exchange what they know, the information they know about routes to various destinations.
The beauty of a routing protocol is if we didn't have them,
we'd have to manually program all the routes into the routers,
and any time a route changed, we'd have to make the change in the router.
So it's sort of a language that they use to exchange information.
Great.
And I know that this usually sounds like a stall tactic, and it kind of is, so I'm going
to ask another question before I answer.
Are there any other routing protocols that have the same or similar packet types used
as the EIGRP?
Yes. All of these routing protocols use different packet types to communicate.
For example, OSPF, or Open Shortest Path First, uses about four or five different packet types
with completely different names than what EIGRP has, but it is common
that routing protocols would have similar packet types used by EIGRP.
Okay, and I'm going to try a different tactic than I usually use, and I'm going to guess
one of the R answers because I think there may be a distractor strategy with having two
answer choices that start with the same letter, and there also may be a distractor strategy with having two answer
choices that start with the same letter, and there also may be something with the fact
that this is a negative question as well.
So I'm going to guess that the correct answer is B, reply.
How did I do?
Good try, Chris, but unfortunately that is incorrect.
The correct answer is B, response.
Response is not a packet type that EIGRP uses.
The following are packet types used by EIGRP.
There is a packet called Hello ACK,
which is used for them to establish neighbor relationships,
and the ACK is used to acknowledge receiving something.
The update packets are used to send a routing update to another router.
Query packets are used to ask a neighboring router about a route.
Reply packets are used to respond to a query about routing information, and then request packets are when a router
asks another router specific information about a route.
So I was at least correct in using the logic that out of two similar sounding answer choices,
one may be the correct answer?
In this particular case, you were.
I hate to say that that works every time,
but if you were looking at an item
and you had nothing else to go on, you were clueless,
you might use that and not pick two that are very similar.
Okay, so that's interesting.
And I probably wouldn't use that tactic all the time,
but in this case, in the absence of everything else,
I just took my best guess.
So that's great info. Now, Troy,
can you please share what job level and
type the certification is aimed at?
Yes, this is on the CCMP level,
the professional level,
whereas the CCNA level,
the associate level is for those that are starting out,
and perhaps they would work under the direction of a CCMP.
So this is a higher level exam.
The job role that this cert would
probably prepare you for would be to become a network engineer.
Okay, great. Great information in question, Troy.
So now it's time to discuss the study bit for this test.
What do you have for us?
Okay. My study bit on this is that you're going to have to not only
answer multiple choice questions and drag and drop items,
those type of items on this exam,
you're also going to have to do some performance items.
You're going to have to actually configure some routers
and troubleshoot some issues.
So you need to get lots of hands on.
So find some sort of a network simulation tool
that allows you to practice working with routers and switches
so that you can complete those performance-based items.
As we wrap up today's episode, are there any upcoming practice tests you'd like to promote here?
Yes, we just released the CompTIA Tech+, the AWS Certified AI Practitioner,
and Azure AI Engineer Associate Practice Tests. And we'll also have more coming up for Comtea, Microsoft, and Oracle in the next month.
Great!
Thanks so much for being here with me today, Troy.
Thank you.
And thank you for joining me for this week's CertBite.
If you're actively studying for this certification and have any questions about study tips or
even future certification questions you'd like to see, please feel free to email me at certvite at n2k.com. That's C-E-R-T-B-Y-T-E
at n number 2k dot com. If you'd like to learn more about N2K's practice tests,
visit our website at n2k.com forward slash certify. For sources and citations
for this question, please check out our show notes. Happy certifying.
And don't forget, you can find out more about our Cisco Enterprise Network Core Technologies
practice exam on our website. Is your AppSec program actually reducing risk?
Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real
risk.
Why?
Traditional tools use generic prioritization and lack the ability to filter real threats from noise.
High impact threats slip through and surface in production,
costing 10 times more to fix.
Aux Security helps you focus on the 5% of issues
that truly matter before they reach the cloud.
Find out what risks deserve your attention in 2025.
Download the application security benchmark from Oxsecurity.
And finally, what if large AI models aren't on the verge of becoming sentient minds, but
something even more profound?
In a thought-provoking reflection published in Science, a team of scholars suggests these
systems are best seen not as artificial agents, but as revolutionary cultural and social technologies
akin to writing, markets, or bureaucracies.
Instead of mimicking human intelligence, these models absorb and remix the vast, messy, beautiful
sprawl of human expression.
Like economic prices or library catalogs, they compress and reorganize knowledge at
a massive scale, letting us do something astonishing, interact with the collective
mind of humanity.
But here's the twist.
They reflect not just our data, but our patterns, biases, and histories.
Their influence might rival that of the printing press.
So what happens next?
That depends not on AI alone, but on us, how we shape it, govern it, and use it to illuminate
or obscure what it means to be human.
It's an interesting article, well worth your time.
For me, it reflects the notion that as much as we hope that AI will reflect an idealized
version of who we aspire to be, all too often it reveals the cold, hard truth staring back at us, warts
and all. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Heltzman.
Our executive producer is Jennifer Iben. Peter Kilpey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to
give you total control, stopping unauthorized applications, securing
sensitive data, and ensuring your organization runs smoothly and securely.
Visit threatlocker.com today to see how a default deny approach can keep your
company safe and compliant.