In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episode discusses a researcher’s proof of concept showing how ransomware can be embedded directly into a CPU, bypassing traditional security measures. Listeners are urged to stay vigilant and implement necessary security patches and updates.
00:00 Breaking News: Marks and Spencer Data Breach
01:37 FBI Alert: Outdated Routers at Risk
03:43 Fortinet Zero-Day Vulnerability
05:46 Ransomware Embedded in CPUs: A New Threat
08:13 Conclusion and Contact Information
Episode Transcript
Mark's and Spencer confirmsthat customer personal data
was accessed in a recent hack.
The FBI warns of 13 outdated routershijacked by hackers, Fortinet patches a
zero day and Fortivoice actively exploitedin targeted attacks and joy or rapture,
unforeseen ransomware reaches the CPU.
(00:23):
Welcome to Cybersecurity.
Today, I'm your host, Jim Love
Marks and Spencer has confirmed thathackers accessed personal customer
data during a cyber attack that hasdisrupted its operations since late April.
The breach, which occurred over theEaster weekend, compromised information,
including names, dates of birth, home andemail addresses, phone numbers, household
(00:45):
details, and even online order histories.
But importantly, Mars and Spencer statedthat no usable payment card details
or account passwords were accessed.
The attack has been linked to thecyber crime group, Dragon Force, known
for ransomware and extortion tactics.
Marks and Spencer's onlineordering systems remain offline
(01:07):
and the company is not specified.
When services will resume, , customersare being prompted to reset
their passwords as a precaution.
And Marks and Spencer's advisesvigilance against potential phishing
attempts and emphasizes it will neverrequest personal account information
via unsolicited communications.
The UK's National Cybersecurity Center iscollaborating with Mark Spencer and law
(01:32):
enforcement to investigate the incident.
The old saying, if itain't broke, don't fix.
It might not apply to routers.
I. It turns out that some of thoseold reliable Linksys routers might
be a significant security risk.
The FBI has issued an urgent alertregarding 13 older router models being
(01:54):
actively exploited by cyber criminals.
These devices primarily from Linksys,Cradlepoint, and Cisco have reached
their end of life and are no longerreceiving security updates, making
them vulnerable to malware attacks.
For many larger companies, we wouldhope this wouldn't be an issue.
Replacement should be done for any networkdevice that is no longer supported.
(02:18):
But for smaller companies or homeoffices, this could be a real threat.
I. So the Linksys E 1200, E 2,500, E1000, E 4,200 E, 1500 E 300 E 3,200 E,
1550 WRT three 20 NWRT three 10 n and WRTsix 10 N are affected from Cradlepoint.
(02:41):
The E 100 series is and from Cisco,the M 10 series . Hackers are
exploiting these outdated routersusing variants of the moon malware.
The malware allows attackers togain unauthorized access, turning
compromised routers into proxynodes for malicious activities such
as data theft and cyber attacks.
(03:02):
Once infected, these routers canbe controlled remotely, often
without the owner's knowledge.
Some signs of compromise might include.
Unusual overheating, frequent internetdisconnections, unexpected changes
in router settings or appearanceof unknown devices on your network.
If you own one of the affectedmodels, the FBI is strongly advising
(03:24):
replacing it with a newer model thatregularly receives security updates.
But if not, at least ensure that youdisable remote administration, access
your router settings, and turn offremote management features to at least
try to prevent unauthorized access.
Fortinet has issued a criticalfix for a zero day vulnerability
(03:47):
CVE 20 25 32 7 5 6, affecting itsFortiVoice enterprise phone systems.
After confirming the flaw was activelyexploited in real world attacks,
the vulnerability is a stack based bufferoverflow that allows unauthenticated
attackers to remotely execute codeby sending specially crafted HTTP
(04:10):
requests, Fortinets product securityteam discovered the issue following the
attacker's activities including networkscans, system crash log deletions to
cover their tracks and FCGI debuggingbeing toggled on to log credentials
from the system or SSH login attempts.
(04:31):
The company has released patches andadvises administrators to disable
the HTTP or H-T-T-P-S administrativeinterfaces as a temporary mitigation.
This is the latest in a stringof critical security issues
affecting Fortinet products.
Last month, the Shadow Server Foundationreported on 16,000 internet exposed
(04:51):
Fortnite devices that were compromisedusing a new SIM link backdoor
that provides threat actors withread-only access to sensitive files.
On now patched deviceshacked in previous attacks
earlier this year, Fortinetpatched another vulnerability,
CVE 20 25 2 4 4 7 2.
An authentication bypass flaw inFort iOS and FortiProxy that allowed
(05:16):
attackers to gain superin access.
The company has urged all customers toaudit systems for signs of compromise
and apply patches immediately.
Organizations relying on Fortivoice or other impacted Fortinet
products, including Forti male,Forti NDR, Forti recorder, and
Forti camera should act quickly.
(05:36):
The nature of the exploit and itsconfirmed use in the wild makes
this vulnerability, especiallyhigh risk for unpatched systems.
And finally, a cybersecurityresearcher has developed a proof
of concept demonstrating thatransomware can be embedded directly
into a computer's CPU via microcode updates, potentially bypassing
(06:01):
all traditional security measures.
Christian Beek, a senior directorat cybersecurity firm, rapid seven
created the POC inspired by acritical flaw in AMD's Zen processors.
The flaw previously identified byGoogle researchers allows attackers
to modify the RDRAND instruction.
(06:21):
Enabling the injection of custom microcodebeaks approach involves weaponizing
microcode updates a low level layerbetween hardware and machine code.
Typically used by chip makers to fixbugs and improve CPU reliability,
to hide ransomware payloadswithin the processor itself.
(06:43):
While MICROCODE updates are generallyexclusive to CPU manufacturers,
Beek's research indicates thatinjecting custom microcode, although
challenging is actually feasible.
His POC, which he has no plans to releasepublicly, demonstrates how such an
attack could render traditional securitytechnologies ineffective as the malware
(07:04):
operates beneath the software layer.
The development underscores the evolvingsophistication of cyber threats.
Beek references the Black Lotus Boot Kitknown for compromising UEFI, firmware and
INFECTING systems protected by Secure Bootas a precedent for such low level attacks.
Additionally, leaked chat logs from theConti Ransomware Group in 2022 revealed
(07:29):
efforts to develop ransomware capableof installing directly into the UEFI.
Firmware highlighting a trend towardsmore persistent and stealthy malware.
The ability to embed ransomware at theCPU level would represent a significant
escalation in cyber attack capabilities,potentially allowing malware to survive,
(07:52):
system reboots, hardware replacements,and even software reinstalls.
This research serves as a warningto both chip manufacturers and
PC manufacturers about the needto address vulnerabilities at the
hardware level and to develop defensesagainst such deeply embedded threats.
(08:13):
And on that happy note, that's our show.
We're always interested in youropinion, and you can contact
us at editorial@technewsday.ca.
You can find me on LinkedIn,or if you're watching this on
YouTube, you know what to do.
Leave a comment under the video.
I'm your host, Jim Love.
Thanks for listening.
Popular Podcasts
Are You A Charlotte?
In 1997, actress Kristin Davis’ life was forever changed when she took on the role of Charlotte York in Sex and the City. As we watched Carrie, Samantha, Miranda and Charlotte navigate relationships in NYC, the show helped push once unacceptable conversation topics out of the shadows and altered the narrative around women and sex. We all saw ourselves in them as they searched for fulfillment in life, sex and friendships. Now, Kristin Davis wants to connect with you, the fans, and share untold stories and all the behind the scenes. Together, with Kristin and special guests, what will begin with Sex and the City will evolve into talks about themes that are still so relevant today. "Are you a Charlotte?" is much more than just rewatching this beloved show, it brings the past and the present together as we talk with heart, humor and of course some optimism.
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com