Risky Business Weekly (789): Apple's AirPlay vulns are surprisingly awful

Presented by

Patrick Gray
Patrick Gray

CEO and Publisher

Adam Boileau
Adam Boileau

Technology Editor

On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:

  • British retail stalwart Marks & Spencer gets cybered
  • South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat
  • It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups
  • Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then)
  • Anti-DOGE whistleblower sure sounds like he has a point

This week’s episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc’s CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems.

Editors Note: Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don’t look at how fresh that AAAA record in the DNS is, friends 😉

Show Notes:

British retailer M&S confirms being hit by ‘cyber incident’ amid store delays https://therecord.media/british-retailer-MS-confirms-cyber-incident-store-delays

M&S cyber-attack linked to hacking group Scattered Spider https://www.theguardian.com/business/2025/apr/29/m-and-s-cyber-attack-linked-to-hacking-group-scattered-spider

Bina Puri, Pos Malaysia tumble following hacking incident https://www.freemalaysiatoday.com/category/highlight/2025/04/25/bina-puri-pos-malaysia-tumble-following-hacking-incident

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts https://therecord.media/japan-warns-of-unauthorized-trades-hacked-accounts

US conducts cyberattacks against major Chinese commercial encryption provider: report https://www.globaltimes.cn/page/202504/1333032.shtml

Iran says major cyberattack on infrastructure repelled https://www.iranintl.com/en/202504289343

Spain rules out cyber attack - but what could have caused power cut? https://www.bbc.com/news/articles/c209yrl3258o

South Korea’s SK Telecom begins SIM card replacement after data breach https://www.france24.com/en/live-news/20250428-south-korea-s-sk-telecom-begins-sim-card-replacement-after-data-breach

AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk https://www.oligo.security/blog/airborne

iOS and Android juice jacking defenses have been trivial to bypass for years https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/

How Android 16’s new security mode will stop USB-based attacks https://www.androidauthority.com/android-16-usb-data-advanced-protection-3548018/

Researchers warn of critical flaw found in Erlang OTP SSH https://www.cybersecuritydive.com/news/researchers-warn-of-critical-flaw-found-in-erlang-otp-ssh/745900/

Critical vulnerability in SAP NetWeaver under threat of active exploitation https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-exploitation/746383/

CVE-2025-31324: Critical SAP Flaw Explained https://strobes.co/blog/cve-2025-31324-critical-sap-flaw-explained/

Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/

Risky Bulletin: NFC card malware keeps evolving in Russia, a bad omen for the future https://risky.biz/risky-bulletin-nfc-card-malware-keeps-evolving-in-russia-a-bad-omen-for-the-future/

Hegseth had unsecured internet line in Pentagon for Signal, sources say https://apnews.com/article/hegseth-signal-chat-dirty-internet-line-6a64707f10ca553eb905e5a70e10bd9d

Whistleblower: DOGE Siphoned NLRB Case Data https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/

2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf

CISA gets a deputy director as it braces for major layoffs https://www.cybersecuritydive.com/news/cisa-deputy-director-madhu-gottumukkala/746371/

Two top cyber officials resign from CISA https://therecord.media/two-top-cyber-officials-resign-from-cisa

Ex-CISA chief Chris Krebs leaving SentinelOne following Trump pressure https://www.reuters.com/technology/ex-cisa-chief-chris-krebs-leaving-sentinelone-following-trump-pressure-sources-2025-04-16/