Risky Business Video
April 30, 2025
Risky Business Weekly (789): Apple's AirPlay vulns are surprisingly awful
Presented by

CEO and Publisher

Technology Editor
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news:
- British retail stalwart Marks & Spencer gets cybered
- South Korean telco sets out to replace all its subscriber SIMs after (we assume) it lost the keymat
- It’s a good exploit week! Bugs in Apple Airplay, SAP webservers, Erlang SSH and CommVault backups
- Juice jacking! No, really! Some researchers actually did it (so still not in the wild, then)
- Anti-DOGE whistleblower sure sounds like he has a point
This week’s episode is sponsored by Knocknoc, who let you glue your firewalls to your single sign on. Knocknoc’s CEO Adam Pointon talks about the joy that having end-to-end IPv6 would bring for zero-trust access control. He also touches on people using Knocknoc inside their network to isolate critical systems.
Editors Note: Pat also gives Adam (Boileau) stick in the sponsor interview about the Risky Biz webserver not having IPv6 enabled, which fact-checking during the edit says is FAKE NEWS. Just uh, don’t look at how fresh that AAAA record in the DNS is, friends 😉
Show Notes:
British retailer M&S confirms being hit by ‘cyber incident’ amid store delays https://therecord.media/british-retailer-MS-confirms-cyber-incident-store-delays
M&S cyber-attack linked to hacking group Scattered Spider https://www.theguardian.com/business/2025/apr/29/m-and-s-cyber-attack-linked-to-hacking-group-scattered-spider
Bina Puri, Pos Malaysia tumble following hacking incident https://www.freemalaysiatoday.com/category/highlight/2025/04/25/bina-puri-pos-malaysia-tumble-following-hacking-incident
Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts https://therecord.media/japan-warns-of-unauthorized-trades-hacked-accounts
US conducts cyberattacks against major Chinese commercial encryption provider: report https://www.globaltimes.cn/page/202504/1333032.shtml
Iran says major cyberattack on infrastructure repelled https://www.iranintl.com/en/202504289343
Spain rules out cyber attack - but what could have caused power cut? https://www.bbc.com/news/articles/c209yrl3258o
South Korea’s SK Telecom begins SIM card replacement after data breach https://www.france24.com/en/live-news/20250428-south-korea-s-sk-telecom-begins-sim-card-replacement-after-data-breach
AirBorne: Wormable Zero-Click RCE in Apple AirPlay Puts Billions of Devices at Risk https://www.oligo.security/blog/airborne
iOS and Android juice jacking defenses have been trivial to bypass for years https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/
How Android 16’s new security mode will stop USB-based attacks https://www.androidauthority.com/android-16-usb-data-advanced-protection-3548018/
Researchers warn of critical flaw found in Erlang OTP SSH https://www.cybersecuritydive.com/news/researchers-warn-of-critical-flaw-found-in-erlang-otp-ssh/745900/
Critical vulnerability in SAP NetWeaver under threat of active exploitation https://www.cybersecuritydive.com/news/critical-vulnerability-sap-netweaver-exploitation/746383/
CVE-2025-31324: Critical SAP Flaw Explained https://strobes.co/blog/cve-2025-31324-critical-sap-flaw-explained/
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028) https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
Risky Bulletin: NFC card malware keeps evolving in Russia, a bad omen for the future https://risky.biz/risky-bulletin-nfc-card-malware-keeps-evolving-in-russia-a-bad-omen-for-the-future/
Hegseth had unsecured internet line in Pentagon for Signal, sources say https://apnews.com/article/hegseth-signal-chat-dirty-internet-line-6a64707f10ca553eb905e5a70e10bd9d
Whistleblower: DOGE Siphoned NLRB Case Data https://krebsonsecurity.com/2025/04/whistleblower-doge-siphoned-nlrb-case-data/
2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf https://whistlebloweraid.org/wp-content/uploads/2025/04/2025_0414_Berulis-Disclosure-with-Exhibits.s.pdf
CISA gets a deputy director as it braces for major layoffs https://www.cybersecuritydive.com/news/cisa-deputy-director-madhu-gottumukkala/746371/
Two top cyber officials resign from CISA https://therecord.media/two-top-cyber-officials-resign-from-cisa
Ex-CISA chief Chris Krebs leaving SentinelOne following Trump pressure https://www.reuters.com/technology/ex-cisa-chief-chris-krebs-leaving-sentinelone-following-trump-pressure-sources-2025-04-16/