CyberWire Daily - Media server mayday.
Episode Date: August 15, 2025Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software....Rockwell Automation discloses multiple critical and high-severity flaws. Hackers breached a Canadian House of Commons database. Active law enforcement and government email accounts are sold online for as little as $40. Telecom giant Colt Technology Services suffers a cyber incident disrupting its customer portal. Taiwan launches new measures to boost hospital cybersecurity after ransomware attacks. NIST has released a concept paper proposing control overlays for securing AI systems. A date with an AI chatbot ends in tragedy. Our guest is Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Dutch speed cameras are stuck in a cyber-induced siesta. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Randall Degges, Snyk's Head of Developer and Security Relations, to discuss how underqualified or outsourced coding support can open doors for nation-state threats. Selected Reading Plex warns users to patch security vulnerability immediately (Bleeping Computer) Cisco Discloses Critical RCE Flaw in Firewall Management Software (Infosecurity Magazine) Critical Flaws Patched in Rockwell FactoryTalk, Micro800, ControlLogix Products (SecurityWeek) CISA Releases Thirty-Two Industrial Control Systems Advisories (CISA.gov) Hackers Breach Canadian Government Via Microsoft Exploit (Bank Infosecurity) Compromised Government and Police Email Accounts on the Dark Web (Abnormal.AI) Telco giant Colt suffers attack, takes systems offline (The Register) Taiwan announces measures to protect hospitals from hackers (Focus Taiwan) New NIST Concept Paper Outlines AI-Specific Cybersecurity Framework (Hack Read) A flirty Meta AI bot invited a retiree to meet. He never made it home. (Reuters) Dutch prosecution service attack keeps speed cameras offline (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
Plex urges users to immediately update their media servers due to an undisclosed security flaw.
Cisco warns of a critical remote code execution flaw in their secure firewall management center software.
Rockwell Automation discloses multiple critical and high severity flaws.
Packers breach a Canadian House of Commons database.
Active law enforcement and government email accounts are sold online for as little as 40 bucks.
Telecom giant cult technology services suffers a cyber incident disrupting its customer portal.
Taiwan launches new measures to boost hospital cybersecurity.
NIST has released a concept paper proposing control overlays for securing AI systems.
A date with an AI chatbot ends in tragedy.
Our guest is Randall Degg's
Sneaks Head of Developer and Security Relations
discussing how underqualified or outsourced coding support
put open doors for nation-state threats.
And Dutch speed cameras are stuck in a cyber-induced siesta.
It's Friday, August 15th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel Briefing.
Thanks for joining us here today.
Happy Friday.
It's great to have you with us.
Plex has urged certain users to immediately update their Plex
media server due to a recently fixed but undisclosed security flaw. The issue affects multiple
versions and was reported via Plex's bug bounty program. Four days after releasing a patch,
Plex emailed affected users, warning them that their servers were outdated and recommending
an urgent upgrade to the latest version, available via the management or downloads page.
While the company hasn't shared technical details or assigned a CVE
ID, the concern is that attackers could reverse engineer the patch to exploit unpatched systems.
Plex rarely sends such direct vulnerability alerts, making this warning notable.
Users are strongly advised to update immediately to protect their systems.
Cisco has warned of a critical remote code execution flaw in secure firewall management center
software with a CVSS rating of 10.
The bug in the Radius Authentication System allows unauthenticated remote attackers to run arbitrary commands with high privileges.
It affects multiple versions when Radius is enabled.
Cisco urges immediate updates as no direct workarounds exist.
Disabling radius and using local L-DAP or SAML authentication can mitigate risk.
The flaw is part of a broader advisory covering 29 Cisco security issues.
Rockwell Automation has disclosed multiple critical and high severity flaws in Factory
Talk, Micro-800, and Control Logics products.
One vulnerability could let attackers bypass FTSP token validation, and another enables remote
code execution in Control Logics.
Micro-800 PLCs received patches for Azure RTOS vulnerabilities, allowing RCE and privilege
escalation, plus a denial of service flaw. Other high-severity issues affect Flex 500,
Studio 5,000, Armor Block 5,000, Factory Talk Viewpoint, and Factory Talk Action Manager. No in-the-wild
exploitation has been reported. Yesterday, SISA issued 32 new industrial control system
advisories covering current security issues, vulnerabilities and exploits affecting automation
platforms. The alerts span products from Siemens, including components like Sematic RTLS, engineering
platforms, rugged comm, CinecOS, and others. SISA urges system operators and administrators to review
these advisories promptly for detailed technical information and recommended mitigations.
Hackers breached a House of Commons database containing office locations and personal details of
Canadian elected officials and staff. The attack, exploiting a recent Microsoft SharePoint vulnerability,
expose names, titles, emails, and device details. Authorities have not attributed the incident,
and the investigation is ongoing with national security partners. The flaw, known as ToolShell allows
full SharePoint access and has been exploited by Chinese-linked groups, Linen Typhoon, Violet Typhoon, and Storm 2603.
Experts warn patching alone is insufficient, urging immediate mitigations alongside updates.
Research from abnormal security reveals cybercriminals are selling active law enforcement
and government email accounts from countries including the U.S., UK, Germany, India, and Brazil
for as little as $40.
Unlike spoofed addresses, these are fully compromised accounts with complete login credentials,
enabling impersonation, fraudulent legal requests, access to restricted portals, and intelligence
gathering. Accounts are breached via credential stuffing, info-stealer malware, and fishing. Sellers market them
as toolkits for exploiting institutional trust, bypassing verification, and accessing sensitive
systems. The commoditization of government authority elevates the risk far beyond fishing,
enabling direct abuse of privileged law enforcement capabilities.
Telecom giant Colt Technology Services has suffered a cyber incident
disrupting its customer portal, Colt Online, and its voice API platform since August 12th.
The London-based Telecom says the attack targeted an internal system
separate from customer infrastructure with no evidence of data theft.
Protective measures, including taking systems offline,
caused service outages. Colt is working with third-party experts to restore operations and advises
customers to use phone or email support. The cause remains unclear, though scans suggest possible
targeting of Colt's SharePoint servers. Taiwan's Ministry of Digital Affairs and Ministry of
Health and Welfare are launching new measures to boost hospital cybersecurity after ransomware attacks
on two top-tier hospitals earlier this year linked to a Chinese hacker known as Crazy Hunter.
The plan includes cyber defense drills, talent development, institutional guidance, and enhanced inspections.
A major 2025 drill will involve domestic and foreign white hat hackers testing defenses at 11 hospitals.
Following the February and March attacks, the Ministry of Health and Welfare issued ransomware response guidelines
and deployed endpoint detection and response across all medical centers.
While officials stress resilience over invulnerability,
the goal is rapid recovery if systems are breached,
minimizing disruption and protecting sensitive patient data.
NIST has released a concept paper proposing control overlays for securing AI systems
built on its SP-800-53 cybersecurity framework.
These overlays tailor-sexuals.
security controls for specific AI types, such as generative, predictive, and agentic AI,
and include guidance for AI developers. While experts welcome the move, some, like App Omni's Melissa
Ruzi, say the use cases lack sufficient detail, particularly around AI types and data sensitivity,
such as personal or medical information. She urges more specific controls in monitoring. NIST seeks
public feedback via a Slack channel to refine the framework, aiming for a flexible yet practical
standard to safeguard AI's confidentiality, integrity, and availability in diverse real-world applications.
Back in March, a 76-year-old man died after rushing to meet Big Sis Billy, a generative AI chatbot
on Facebook Messenger that had convinced him she was a real woman.
The man who had cognitive decline from a past stroke fell on route and later died from his
injuries. The chatbot, created by Meta in collaboration with Kendall Jenner, had invited
him to her apartment and initiated romantic exchanges. Reuters obtained Meta's internal AI content
standards, which previously allowed romantic roleplay, even with minors, and permitted bots to
present themselves as real. Following inquiries, meta-removed examples involving minors, but still
permits romantic role play with adults and inaccurate advice. Critics, including the man's family,
warn that such bots can exploit vulnerable users, prioritizing engagement over safety.
Coming up after the break, my conversation with Randall Deggs.
Head of developer and security relations at Sneak,
we're discussing how underqualified or outsourced coding support
could lead to open doors for nation-state threats.
And Dutch speed cameras are stuck in a cyber-induced siesta.
Stick around.
I'm Ben Yellen, co-host of the caveat podcast.
Each Thursday, we sit down and talk about the biggest legal and policy developments affecting technology that are shaping our world.
Whether it be sitting down with experts or government officials or breaking down the latest political developments,
we talk about the stories that will have tangible impacts on businesses and people around the world.
If you are looking to stay informed on what is happening and how it can impact you,
make sure to listen to the caveat podcast.
Compliance regulations, third-party risk, and customer security demands are all growing and changing fast.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient than spreadsheets, screenshots, screenshots, and all those
manual processes. You're right. GRC can be so much easier. And it can strengthen your security posture
while actually driving revenue for your business. You know, one of the things I really like about
Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform
automates those key areas, compliance, internal and third-party risk, and even customer
trust, so you're not buried under spreadsheets and endless manual tasks.
Vanta really streamlines the way you gather and manage information across your entire business.
And this isn't just theoretical.
A recent IDC analysis found that compliance teams using Vanta are 129% more productive.
It's a pretty impressive number.
So what does it mean for you?
It means you get back more time and energy to focus on what actually matters,
like strengthening your security posture and scaling your business.
Vanta, G-R-C, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free demo.
That's V-A-N-T-A.com slash cyber.
Randall Deggs is head of developer and security.
relations at Sneak. I recently caught up with him to learn how underqualified or outsourced
coding support could open doors for nation state threats. Any company that has actual paying
customers, security ends up becoming a concern, either early or a little bit later. And definitely
when you're talking about big companies, security is a really big deal. You know, I don't have
to tell your audience how important it is that if you have a product, you're not leaking people,
sensitive payment information or personal address or any sort of identification stuff.
So there's always a concern around like data being leaked or problems being caused.
And fundamentally all those problems lead back to code.
If the applications that your company is deploying like your website, maybe it's like a user portal
or a payments portal, a healthcare portal, whatever the heck it is that you're building,
if the code that powers those systems has vulnerabilities in it, that means it's accurate.
can take advantage of those vulnerabilities.
So that's really the bottom line.
And is it the reality that quite often the security side of things
comes after the initial round of coding
that in some ways it gets maybe bolted on?
A million percent, yes.
So my background is I've been a developer for about 25 years.
Even in my role leading the developer and security relations team here at Sneak,
I mean, I still spend at least 20 percent of my time.
on software engineering related tasks.
And so I feel like I'm kind of a perfect example
of like your average developer, let's say.
And one of the things any developer will tell you
is that security is always an afterthought.
If they tell you that it's not an afterthought,
they're straight up lying to you.
And the reason why is really simple.
So if you put yourself in the shoes of an engineer
who's working on a product at a company, right,
your KPIs have nothing to do with security.
I mean really they don't
like what you are judged against
as an engineer isn't how many security
vulnerabilities during your code or anything like that
you are judged against
did you get this bug fixed
did you get this feature launched on time
those are the main things that engineers
care about and so speed
and developer experiences the priority
everything else is an afterthought
including security
and so what happens
in most situations then
do the initial round of
coders hand something off to someone else,
maybe someone outside of the organization?
I mean, you're asking a very good question.
So it looks a little bit differently at different companies.
So a really big company is what ends up happening is after developers write their code
and get their feature done, a security team within the company will scan the code,
find security issues, and then reach out to various engineering teams to see if they can go in
and fix it.
So it's a collaborative process.
If you're lucky, you'll have some developers internally at your company who are more security-minded.
Maybe people who are even really passionate about the topic, which is rare, but definitely happens.
And in those cases, security teams will often try to leverage those people to kind of be like a security champion or an advocate for the rest of the engineers that they work with.
I'm not sure if you've heard of the phrase security champions programs, but the concept of a security champions program is really widespread at organizations.
And so that's like a very common thing.
As a security person, you try to find the developers who are the most security focused
and then try to amplify their work across the organization.
Now, you make the case that there are particular perils that can come into play
if you're relying on this type of security management here.
What are some of the things that people need to be concerned about?
I mean, it's everything from really obvious mistakes that can be very,
costly to really sophisticated mistakes that can be really costly. And I think the part that most
people don't realize is that all vulnerabilities fundamentally come down to a coding issue. You
know, like it means that something wasn't properly sanitized or something wasn't done correctly
on the back end somewhere. And because of that, there's this potential exploit that can can take
place. I know we're talking about nation states and actors and the difference between private
attackers or people who are doing it for fun or monetary gain and nation states, the main
difference is resourcing. Like nation states have an incredible amount of resources and they actually
hire programmers on a nine to five schedule to go look up popular vulnerabilities and test them out
on lots of different company websites and platforms and things like that to see what types of things
they can abuse at scale.
And so when you're talking about nation states, you basically just think, whatever types of
vulnerabilities are out there, nation states have the resourcing to abuse them.
And so that's kind of a scary part and the part that I think people sometimes don't really
understand.
It's just how much resourcing they allocate and dedicate to this type of thing.
Well, then how does an organization go about balancing the practical realities of this?
I mean, you still have to ship software, but you,
want it to be as secure as possible, how do you meet in the middle there?
So I'm going to answer your question, but I'm going to kind of just give you a little bit of
what I think is happening for the most part right now. So how do you balance this? Well, first
of all, generative AI in the last three plus years, however long it's been, right, has really
enabled developers to speed up their programming. Even if your company doesn't allow the
usage of AI tools, a lot of developers are going around.
you know, IT backs, security backs to kind of use these things anyways. So you have kind of a shadow IT
situation. But the reality is generative AI is making life for developers a lot better right now in the
sense that instead of spending, you know, a full day trying to debug an issue, they can go have a
conversation with their favorite AI tool and figure out the problem. Maybe they're even more on the
bleeding edge and they're using things like cursor or windsurf or Claude Code or whatever the latest AI
coding tool is to write a lot of the code for them. But fundamentally, the security problem still
needs to be addressed. If you're in the minor, like, if you're very conscious about your security
footprint and you're trying to do a good job of deploying secure software, what almost anyone
will tell you is that the important part is making sure you're not introducing new vulnerabilities
into your application, that when your developers are writing code, whether it's them writing code
directly, like by literally typing on the keyboard, or whether it's one of their AI tools generating
code on their behalf. In either scenario, you need to make sure that the code that's being generated
is secure by default. And so how do you do that? Well, there's a lot of tools out there. I mean,
I work at Sneak. This is pretty much what we're known for. Our tool basically is a developer tool.
It analyzes your code as you're writing it in real time and helps find and fix the vulnerabilities
that you are generating. And so using some sort of security tool to iterate on this code in real time,
is basically like the best thing you can do.
Now, there's also a secondary concern,
which is, well, what about security issues
that are already in a code base
or that are already in a project?
How do you go about resolving these things
that might have been there for a long period of time?
And the answer there, I mean,
I don't think there's a foolproof answer right now,
to be honest with you,
but the main answer today is prioritization.
So there's lots of tools.
Sneak provides tools,
but there's tons of other companies to do as well,
where they will analyze your code base
analyze your runtime environment and tell you this particular vulnerability or these five vulnerabilities
are the most critical for you to fix because we know they can be abused right now. They're user
facing. They are highly exploitable. Right. And so we have the technology today to understand a lot of
these things better. Maybe if your code base has 10,000 vulnerabilities, only 75 of them are actually
important to fix. And so understanding that is important. In the future, I feel pretty confident we're going to
have autonomous tools that can go in there, look through your security backlog, and just
get the entire thing done in a day. But I don't think as an industry, we're quite there yet.
Well, you mentioned AI being used to help speed up the coding process. Are there applications
where folks can use those same AI tools to try to hunt down some of these security gaps?
Totally. I mean, I do that all the time. As a matter of fact, I would say there's a couple different
patterns you can approach this
with. So let's say
you're a developer, you're using
cursor to help you write code
quickly. At a
very basic level, if you don't have a lot
of security understanding, what you
can do is after you generate some code,
you can go in and type a message
to cursor and say, hey, can you check my code for
security issues and fix
them? Right? That's kind of like
level one of this scheme.
The problem with that, of course,
is large language models aren't
fully accurate. And so if you tell them to just find and fix security issues, a couple of things
might happen. Like, first of all, they may not find security issues that are there. So that's one
problem. Secondly, they might hallucinate issues and think there's something there when there really
isn't and do a lot of code breakage and things. And then finally, they might find a valid issue,
but they might fail to fix it because of a number of problems, whether it's hallucination or
accuracy or whatever. And so they're not super reliable as security partners. That's where
external tooling typically comes into
place. Like, it's sneak. The way that this works
is you would hook sneak into
your cursor environment, for example. And by
the way, for those of you listening, you
can sign up for a free sneak account.
It doesn't cost you anything.
You can use it and all the things we're about to describe
at no cost. You just
create a free account, basically. The way
it would work there is you plug sneak into cursor
and it will come with a set of
rules. And these rules
tell the cursor AI engine
that every time code is being
developed and outputted, all that code is going to be scanned with Sneak. And then Sneak is going
to provide the AI engine that Cursor is using with all of the intelligence and heuristics that it
needs to actually go in and make an accurate fix. And then once that's done, Sneak will re-scan
the code to make sure the issue was actually fixed and not hallucinated. So that is kind of like
the current state of the art in Bleeding Edge security for these applications.
No, that's interesting. What are your recommendations?
for folks who are just getting started
down this path. What's the best
way to begin?
So I would say a couple of things.
First of all, if you're listening to the show and your
developer, one thing I would
kind of challenge you is to change your
mindset about security. A lot of
developers kind of view security as like someone
else's problem. And I would actually
challenge you to think of security as a
code quality issue.
You know, like developers love
talking about code quality. You know, like we
love figuring out the best style for a code,
best architecture patterns, the best tools to use, all these different things. And I think security
is just one part of overall code quality. You know, if you're building a product and architecting
it well, but you're not shipping secure software, I would say that the overall quality of your code
is low. And so first of all, on the developer mindset side, understanding the security is a core
part of engineering work is really important. And then secondarily, in terms of what you should be
doing, I would just recommend that every developer have a go-to security tool. Like, for example,
For me, when I'm writing code, when I'm writing Python code, I always use the black formatter, which is free and open source, to format my code and maintain consistent styles.
Similarly, I use tools like GitHub actions to run all of my tests, and I try to maintain a high level of test coverage.
In that same regard, every developer should have a security tool.
So whenever they're writing code or reviewing code, the security tool is pointing out vulnerabilities.
And with the technology we have nowadays, ideally, it's just autonomously fixing them as well.
And so security should be a tool that every developer has in their toolkit that's just a standard part of their workflow.
And I can tell you this, if you do that, you're going to be ahead of 99% of your peers,
and you will be shipping far more, you know, reliable quality software than your peers in a lot of cases.
That's Randall Deggs from Sneak.
And finally, in the Netherlands, a lingering cyber attack has left dozens of speed cameras in a prolonged nap,
much to the delight of lead-footed motorists.
The Public Prosecution Service's Central Processing Office admits it knows exactly which cameras are snoozing,
but won't say where, because, well, they're not that generous.
The July 17th breach, courtesy of Citrix vulnerabilities, didn't break the cameras directly.
It just left the service unavailable to switch them back on.
Officials insist a phased relaunch is necessary, since their systems are tangled up with police, courts, and other agencies.
Email was restored on August 7th, though large files remain in limbo.
Until then, Dutch drivers might consider this their brief unofficial Autobahn moment.
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at the Cyberwire.com.
We'd love to hear from you.
We're conducting our annual audience survey to learn more about our listeners.
We're collecting your insights through the end of this month.
There's a link in the show notes.
Please take a moment and check it out.
Be sure to check out this weekend's Research Saturday
in my conversation with Bob Rudis,
VP of Data Science from Gray Noise.
The research we're discussing is titled Early Warning Signals
when attacker behavior precedes new vulnerabilities.
That's Research Saturday. Check it out.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original
music by Elliott Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher,
and I'm Gabe Bittner. Thanks for listening. We'll see you back here next week.