Cybersecurity Today: Teenage Ransomware Arrests, GoAnywhere Critical Flaw, and Google AI Vulnerability
In this episode of Cybersecurity Today, hosted by Jim Love, two teenagers were arrested in London for a ransomware attack on Kiddo International preschools, involving child data extortion. The show discusses a critical vulnerability in GoAnywhere MFT servers actively exploited by ransomware operators, emphasizing the need for immediate patching. It also highlights an urgent warning from CSA about a 2021 Windows flaw now under active attack. Additionally, researchers have found a new method to exploit Google's Gemini AI through invisible unicode characters, with Google declining to patch the issue. The episode concludes with security recommendations and a note on the show's upcoming special weekend edition for Canadian Thanksgiving.
00:00 Introduction and Headlines
00:28 Teenagers Arrested for Preschool Ransomware Attack
01:57 Critical Vulnerability in Go Anywhere MFT Servers
03:21 Urgent Alert for 2021 Windows Flaw
04:32 Google Gemini AI's Invisible Prompt Flaw
06:16 Conclusion and Sign-Off
Episode Transcript
London police arrest teens behindpreschool ransomware attack.
Ransomware groups exploitnew critical flaws in Go
Anywhere file transfer servers.
CSA issues.
An urgent warning on a 2021 Windows flaw.
Now under active attack and Google refusesto patch Gemini's Invisible, prompt flaw
users are left to defend themselves.
(00:23):
This is cybersecurity today,and I'm your host, Jim Love.
Two teenagers have been arrestedin London after what police
call a disgusting ransomwareattack on a chain of preschools.
The Metropolitan Police Cyber Crime Unitsaid the two 17 year olds were taken
into custody during raids in BishopStortford Herefordshire following a
(00:44):
September 25th report to action fraud,, the UK's Cyber Crime Reporting Center.
investigators say the attack targetedkiddo International, a preschool
and daycare organization withoperations in the UK, US and India
In an appalling attempt to extort money,the attackers posted the personal details
(01:04):
of 10 children, including photos, names,home addresses, and their parents'
contact information threatening torelease more if the ransom wasn't paid.
The gang calling itself.
The Radiant Group published thedata on its dark website, but later
deleted the children's information.
After other cyber criminal groupscondemned, the act It appears that
(01:27):
even in the criminal underworld, manyhackers drew a line calling the use
of children's data for extortion.
Unacceptable Kiddo welcomes theSwift police action and also said it
continues to support affected families.
Police described the arrests asa major step forward, but said
the investigation continues.
(01:48):
It's a chilling reminder that somecrimes are so vile that even other
hackers refuse to look the other way.
Microsoft and CSA are warning thata new critical vulnerability in
Go Anywhere MFT servers is beingactively exploited by ransomware.
Operators go anywhere.
MFT Short for Managed file Transfer isa secure data exchange platform used
(02:14):
by major organizations in finance,healthcare, and even government.
When exposed to the internet,though, it has become a prime
target for attackers The flaw.
Track is CVE 20 24 0 2 0 4 allowsunauthenticated remote code execution
through the products admin console.
(02:35):
Microsoft rated it critical andransomware groups including affiliates
linked to the LOP ransomware gang,are now exploiting it in the wild.
A similar zero day in 2023 led tobreaches at more than 130 companies.
The vendor released a patch inJanuary, 2024, but unpatched
(02:55):
systems are now being hijacked todeploy ransomware and steal data.
Administrators should immediatelyapply these updates, disable external
access to the admin portal, and reviewtheir logs for signs of compromise.
It's another example of howtrusted tools for secure transfer
can become the attacker's doorwayif they're left unpatched.
(03:21):
A 3-year-old Windows vulnerabilityhas come back to haunt us,
the US Cybersecurity andInfrastructure Security Agency.
CSA has issued an urgent alert forCVE 20 21 43 2 2 6 a Windows privilege
escalation flaw that was actuallypatched by Microsoft in December, 2021.
(03:44):
The bug sits in the Common Log FileSystem driver and allows attackers
with even limited local access togain full system level control.
CISA says the flaw is beingactively exploited right now and
has added it to its known exploitedvulnerabilities catalog with a
mandatory patch by date of October 27th.
(04:07):
Organizations should confirm that they've.
Put these patches in place andthey're running at least the
December, 2021 cumulative update.
KB 582 15 for Windows 11 and KB 582 23 forWindows Server 2022, and verify that those
systems haven't drifted out of compliance.
(04:32):
Researchers have discovered a newattack on Google's Gemini AI that hides
malicious prompts as normal looking text.
The so-called askie smuggling attackembeds invisible unicode characters
into emails or web pages, and Geminireads those hidden instructions.
Even though humans can't see them,it's shockingly easy to exploit.
(04:55):
Researcher Victor Markopoulos showedthat a phishing email could include
a prompt written in font zero, whiteon white, invisible to the reader,
but Gemini would still obey it whenasked to summarize the message.
He warns that for users who have Geminior even some other LLMs connected to
their inboxes, a simple email withhidden commands can instruct the LLM
(05:18):
to search the inbox for sensitiveitems or send contact details, turning
a standard phishing attempt intoan autonomous data extraction tool.
But we have to remember that LLMs,that browse the web could also stumble
onto hidden payloads inside productdescriptions or web text, feeding
users malicious links without realizingit, and amazingly Google says it
(05:44):
doesn't view this as a technicalflaw and has no plans to patch it.
Security experts recommend restrictingGemini's access to email and calendar
tools, sanitizing texts to removeinvisible characters, and treating
AI generated summaries with caution.
A few invisible characters are allit takes to turn a helpful assistant
(06:05):
into a data exfiltration agent, anduntil vendors fix it and they should,
defenders must close that gap themselves.
And that's our show.
If you like what we're doing,please share the program.
Give us a like, leave a commenton your favorite podcast app.
We're everywhere.
Apple, Spotify, YouTube, and justabout anywhere you can get podcasts.
(06:29):
a quick reminder, this isCanadian Thanksgiving, so
there'll be no Monday show.
We've got a special weekend editioncoming up, but we'll be back early
next week with more cybersecurity news.
We always love to hear from you.
You can reach me@technewsday.caor tech newsday.com.
Just use the contact us page.
If you're watching on YouTube,leave a note under the video.
(06:52):
We read every one.
I'm your host, Jim Love.
Thanks for listening, and if your alphabetends with a Z, happy Thanksgiving.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Breakfast Club
The World's Most Dangerous Morning Show, The Breakfast Club, With DJ Envy, Jess Hilarious, And Charlamagne Tha God!