Broadcom, LastPass, SEO Poisoning, QR codes, H1B visas, Distributed Computing… – PSW #893

Bill Swearingen

1. That Secret Service SIM farm story is bogus

   The story is bogus.

   What they discovered was just normal criminal enterprise, banks of thousands of cell “phones” (sic) used to send spam or forward international calls using local phone numbers. Technically, it may even be legitimate enterprise, being simply a gateway between a legitimate VoIP provider and the mobile phone network.

2. iPhone 17 Introduces ‘Groundbreaking’ New Memory Security Feature

   Apple has added a "groundbreaking" new memory security feature to its new iPhone 17 lineup called Memory Integrity Enforcement (MIE), which the company describes as "the most significant upgrade to memory safety in the history of consumer operating systems."

3. The Ultimate iOS Hardening Guide

   This guide is designed to enhance the security and privacy of iPhones and iPads for users at all levels, from beginners to advanced. We explore and explain Apple's security features, their limitations, and provide alternative solutions for robust privacy and security within the Apple ecosystem.

4. I Was a Weird Kid’: Jailhouse Confessions of a Teen Hacker

   Bloomberg’s article profiles Noah Urban, an 18-year-old Florida native, and his role in the cybercrime group Scattered Spider. The gang has carried out major attacks in the U.S. and U.K., including the MGM Resorts ransomware incident and a costly breach of Marks & Spencer.

5. Want to piss off your IT department? Are your links not malicious looking enough?

   This is a tool that takes any link and makes it look malicious. It works on the idea of a redirect. Much like https://tinyurl.com/ for example. Where tinyurl makes an url shorter, this site makes it look malicious.

6. Ifixit iPhone Air Teardown

   Thinner usually means flimsier, harder to fix, and more glued-down parts. But the iPhone Air proves otherwise. Apple has somehow built its thinnest iPhone ever without tanking repairability.

Doug White

1. LastPass: Fake password managers infect Mac users with malware
2. Google: Brickstone malware used to steal U.S. orgs’ data for over a year
3. SEO Poisoning Campaign Tied to Chinese Actor
4. Malicious npm package hides payload in QR code
5. Threat actors turning to MFA bypass, USB malware and supply chain attacks
6. European Airport Cyberattack Linked to Obscure Ransomware, Suspect Arrested
7. India’s IT minister moves to Zoho’s productivity tools
8. AI coding hype overblown, Bain shrugs
9. A $100,000 Per Worker Visa Fee Tips the Balance to Big Tech
10. Broadcom’s prohibitive VMware prices create a learning “barrier,” IT pro says
11. A history of the Internet, part 3: The rise of the user

Lee Neely

1. CISA: Attacker exploited Ivanti bugs, dropped snoopy malware

   The US Cybersecurity and Infrastructure Security Agency (CISA) has published an analysis report detailing "two sets of malware from an organization compromised by cyber threat actors exploiting CVE-2025-4427 and CVE-2025-4428 in Ivanti Endpoint Manager Mobile (Ivanti EPMM)." The vulnerabilities, both rated high severity, affects Ivanti EPMM, versions 11.12.0.4 and earlier, 12.3.0.1 and earlier, 12.4.0.1 and earlier, and 12.5.0.0 and earlier. Ivanti disclosed the vulnerabilities on May 13, 2025, and CISA added both to the Known Exploited Vulnerabilities (KEV) catalog on May 19. CISA's analysis includes a description of how the malware is delivered, as well as indicators of compromise (IoCs), and suggested mitigations.

   These are the zero-day flaws patched by Ivanti back on May 13th. Make sure that you're running the latest Ivanti EPMM, with the latest security guidance implemented. Also make sure that your threat hunters have the IOC's published in CISA analysis report ar25-261a. It's a good idea to consider your mobile device management platform a critical or high value asset with corresponding security contols and monitoring for nefarious activity. https://www.cisa.gov/news-events/analysis-reports/ar25-261a

2. FBI warns of cybercriminals using fake FBI crime reporting portals

   In a September 19 Public Service Announcement (PSA), the US Federal Bureau of Investigation (FBI) warns that "threat actors are spoofing the FBI Internet Crime Complaint Center (IC3) government website." The FBI recommends that people wishing to visit the IC3 website type "type www.ic3.gov" in the address bar instead of using a search engine; avoid clicking on sponsored results from search engines; never share sensitive information if they have doubts about a site's legitimacy; and report incidents to www.ic3.gov. They also remind users that "IC3 does not maintain any social media presence."

   The spoofed sites, such as icc3[.]live, look very convincing, reflecting current FBI warnings on the legitimate IC3 site. The FBI recommended mitigations against spoofed websites, such as caution clicking sponsored results in a search engine amd checking the URL visited to make sure it's what was expected, are worth reminding your users of. Make sure that your DNS service is set to block/disable known spoofed sites.

3. Stellantis Media – Third-Party Platform Data Incident

   Multinational automobile manufacturer Stellantis says that a data security breach of a third-party service provider has compromised basic customer data for the company's North American customer service operations. Stellantis is parent company to more than a dozen automobile brands, including Alfa Romeo, Chrysler, Citroën, Dodge, Fiat, Jeep, Opel, Peugeot; they operate manufacturing facilities around the works and have operations in more than 130 countries. They plan to notify affected customers directly. The company has not said how many individuals are affected by the breach.

   Another third-party breach. Time to re-consider what your response will be, sitting back while they investigate may not be the message you wish to send to users. If nothing else, make sure that you have current and validated incident reporting and response contacts for both parties, as well as a clear understanding of their notification process. For example, in a past life, a provider said they would notify US-CERT, and expected us to pick up notification from there. This necessitated clarifying discussions to establish a path forward with acceptable risk.

4. Patch Now: Max-Severity Fortra GoAnywhere Bug Allows Command Injection

   Fortra has published a security advisory describing "a deserialization vulnerability (CVE-2025-10035) in the License Servlet of Fortra's GoAnywhere MFT [that] allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection." Fortra urges customers "to monitor their Admin Audit logs for suspicious activity and the log files for errors containing SignedObject.getObject: If this string is present in an exception stack trace ..., then the instance was likely affected by this vulnerability." Fortra has released updates to address the issue; users are advised to upgrade to the latest release 7.8.4, or the Sustain Release 7.6.3.

   CVE-2025-10035, deserialization flaw, has a CVSS score of 10.0. Make sure that you're both limiting access to the GoAnywhere Admin Console, e.g., not open to the public, as well as applying the update. Also have your threat hunters look for the IOCs in the logs to see if further actions are necessary.

5. HIPAA Journal Healthcare Data Breach Report for August

   The HIPAA Journal's Healthcare Breach Report for August 2025 found "a 13.7% month-over-month increase in large healthcare data breaches." The US Department of Health and Human Services Office for Civil Rights (HHS OCR) received 58 reports for breached affecting 500 or more individuals during the month of August 2025, just below the average of 63.5 breaches affecting 500 people or more over the past 12 months.

   Of interest is the causes of the breaches, hacking/IT Incident and location of breached data Network Server, then Email, which you may wish to consider when prioritizing and justifying your preventative measures. The tricky part is, even when you've got those measures imlpemented, making sure that new services and devices are incorporated in those protections rather than introducing a new "weakest link."

6. European airport disruption continues after weekend cyber-attack

   The European Union Agency for Cybersecurity (ENISA) has communicated to news sources that ongoing disruptions to major airline operations in Europe are the result of a ransomware attack. Starting on Friday, September 19, 2025, and continuing over the weekend, London's Heathrow Airport, Berlin Brandenburg Airport, and Brussels Airport, and Dublin Airport were forced to delay and cancel flights and switch to manual check-in and boarding, with Brussels reportedly cancelling more than half of all outbound flights for Monday. The attack targeted and disabled the third-party ARINC cMUSE software (Aeronautical Radio Incorporated, Multi User System Environment) used for passenger processing.

   couple of take-aways here. First, third-party risk is tricky and common/best of breed soltions can result in multi-site outages.  Second, when remediating, make sure the adversary is truly out of your system(s). That the holes are closed. Third, (network) path diversity still matters, that cable cuts can still happen. Make sure to include these scenarios in your table-top, and identify how you can mitigate them, if at all, and where you cannot, what your communication/action plan will be when they occur.

7. Governors, mayors, CIOs sign letter supporting state and local cyber grant reauthorization

   Multiple groups representing US state and local governments have signed a letter to legislators calling for the reauthorization of the State and Local Cybersecurity Grant Program (SLCGP). Earlier this month, the US House Homeland Security Committee voted to extend the program for a decade through the Protecting Information by Local Leaders for Agency Resilience, or PILLAR, Act, but did not address the amount of funding SLCGP should receive. The initial iteration of SLCGP allocated $1 billion over four years with matching funds requires from state and local government, increasing with each year.

   estoring the initial funding for SLGCP would be of high value to to State and Tribal agencies who need every advantage with cyber security initatives. Five industry groups lead by the Alliance for Digital Innovation also filed a request for reauthorization, suggesting $2.25 billion annually in funding for the SLGCP. The timing is unfortunate, with focus on a possible government shutdown October 1st, this request may be lost in the noise. While that plays out, the best move, and there is little time for this, is to apply immediately in hopes of getting a piece of what remains, or possibly be in the queue in the event it is reauthorized.

8. ChatGPT Agent Prompted into Server-Side Exfiltration of User Email

   Researchers at Radware discovered and disclosed an indirect prompt injection vulnerability in the ChatGPT Deep Research agent when integrated with Gmail, allowing the agent to directly exfiltrate a user's inbox data without user interaction. When the agent crawls a user's inbox, it reads malicious instructions hidden in the body of an email and executes them. Notably the prompts cause the agent to exfiltrate the data using its built-in browsing tool; because the agent transmits the data directly from OpenAI servers rather than through the client-side interface, this bypasses "Traditional enterprise defenses — such as secure web gateway, endpoint monitoring, or browser security policies," and is not visible to the user.

   This is a new class of attack, codenamed ShadowLeak by Radware. The attack is triggered by AI prompts in data, typically hidden, in the connected services, Gmail, Outlook, GitHub, Google Drive, Teams, etc. The attack still requires the user to initiate the Deep Research, a new feature which was introduced in February, it's likely your users are leveraging this feature regularly. It's important to understand this attack involves exfiltrating data via the OpenAI servers, bypassing your traditional security controls, making detection essentially impossible. Beyond the fix from OpenAI on September 3rd, consider your AI agents as a privileged users and restrict what they can access.

9. Alleged Scattered Spider member turns self in to Las Vegas police

   A teenaged individual surrendered authorities in Las Vegas, Nevada, to face charges related to a series of cyberattacks targeting casinos in that city between August and October 2023. The unnamed individual was "booked on three counts of obtaining and using personal identifying information of another person to harm or impersonate, one count of extortion, one count of conspiracy to commit extortion, and one count of unlawful acts regarding computers." The arrest follows the arrest of two teenaged Scattered Spider suspects in the UK last week.

   Even though he turned themself in, he is going to be tried as an adult in this case, and may have also been involved in the 2023 attacks on Ceasars Entertainment and MGM Resorts as well as the more recent attack on Jaguar Land Rover. Make sure that you're implementing protections from Scattered Spider, or similar, attacks, which include: phishing resistant MFA; protections against Social Engineering such as in-person or video requirements for password resets; ensuring third party security is fully implemented and current; and verifying your monitoring and response capabilities cover all your services equally.

Sam Bowne

1. Cache of Devices Capable of Crashing Cell Network Is Found Near U.N.

   The Secret Service discovered more than 100,000 SIM cards and 300 servers, which could disable cellular towers or be used to conduct surveillance.

2. UK manufacturing sector falters amid Jaguar Land Rover cyber-attack

   Britain’s biggest carmaker, Jaguar Land Rover, suffered a cyber-attack and has paused production for a month so far, harming a large portion of the UK economy. It's analagous to the Colonial Oil pipeline attack in the USA, and raises issues of security posture, backups, and outsourcing.

3. Verified Steam game steals streamer’s cancer treatment donations

   A gamer lost $32,000 after downloading from Steam a verified game named BlockBlasters that drained his cryptocurrency wallet. Two words, people: COLD WALLET. Buy a damn Ledger already.

4. New EDR-Freeze tool uses Windows WER to suspend security software

   Unlike BYOVD attacks, this method uses only Microsoft's Windows Error Reporting (WER) system, which is already included in Windows. It requires no kernel driver and works entirely from user mode. EDR-Freeze uses WerFaultSecure to trigger MiniDumpWriteDump, which temporarily suspends all threads in the target process while the dump is written. During this process, the attacker suspends the WerFaultSecure process itself, so the dumper never resumes the target, leaving the AV process in a “coma” state. A tool to perform this attack has been published, and a tool to detect it, but Microsoft hasn't even commented yet.

5. Three crashes in the first day? Tesla’s robotaxi test in Austin.

   The Tesla crashed three times in just 7,000 miles of driving. Waymo's had 60 crashes logged over 50 million miles of driving; a rate less than 3000x smaller.

6. New attack on ChatGPT research agent pilfers secrets from Gmail inboxes

   Deep Research is a ChatGPT-integrated AI agent that performs complex, multi-step research on the Internet by tapping into a large array of resources, including a user’s email inbox, documents, and other resources. It can also autonomously browse websites and click on links. Researchers recently devised an attack that plucked confidential information out of a user’s Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration. "ShadowLeak" uses indirect prompt injection, inside content such as documents and emails sent by untrusted people.

7. ChatGPT Is Blowing Up Marriages as Spouses Use AI to Attack Their Partners

   When married couples argue, one partner sometimes has ChatGPT open and listening in, acting as some sort of marriage counselor. But it just takes the side of the person who's been chatting with it, frequently recommending divorce. This once again shows a fundamental misunderstanding of how LLMs work: they don't understand anything they are saying, they merely respond to questions in the same tone. Since they pass the Turing test, they fool people into believing they have human intelligence, but they have nothing close to it. They in no way replace a conversation with an actual human.

8. AI firm DeepSeek writes less-secure code for groups China disfavors

   DeepSeek often refuses to help programmers or gives them code with major security flaws when they say they are working for the banned spiritual movement Falun Gong or others considered sensitive by the Chinese government. This shows that bias in LLMs is a more subtle and pervasive problem than has been reported previously. The cause of bias, and solutions for it, are current research topics.

9. Russian State TV Launches AI-Generated News Satire Show

   A neural network picks the topics, then uses AI to generate that video. It includes putting French President Emmaneul Macron in hair curlers and a pink robe, making Trump talk about golden toilets, and showing EU Commission President Ursula von der Leyen singing a Soviet-era pop song while working in a factory.

10. Memory Integrity Enforcement: A complete vision for memory safety in Apple devices

    Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems. Each memory region is assigned a random secret tag when it is allocated, and every read or write request must provide the correct token. A request with an incorrect token halts the program. This prevents exploitation of buffer overflows, dangling pointers, etc.

11. Campaigners urge EU to mandate 15 years of OS updates

    Nothing says ‘circular economy’ like Microsoft stranding 400 million PCs on International E-waste Day.

12. Wireless Vulnerabilities in Practice | WPS Pixie-Dust Attack Explained

    Many routers are still vulnerable to this WPS attack, more than ten years after it was published. They don't use properly randomized nonces, often leaving them at zero, making an offline brute force attack fast and effective. The mitigation is to just disable WPS: who needs it, anyway?

13. New VMScape attack breaks guest-host isolation on AMD, Intel CPUs

    A new Spectre-like attack dubbed VMScape allows a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack breaks the isolation between VMs and the cloud hypervisor, bypassing existing Spectre mitigations and threatening to leak sensitive data by leveraging speculative execution. However, it is essential to emphasize that attacks like VMScape require advanced knowledge, deep technical expertise, and sustained execution time. Because of this, such attacks, even if possible, do not represent a threat to the larger userbase. Linux kernel developers released patches that mitigate VMScape, and they have minimal performance impact in common workloads.

14. Li-ion roars can predict early battery failure, MIT boffins say

    When lithium-ion batteries degrade, they emit acoustic signals that reveal what's going wrong inside. Those sounds can predict problems before things go up in smoke.

15. China’s internet watchdog mandates 1-hour reporting for serious cybersecurity incidents

    Network operators must report “particularly serious” cybersecurity incidents within one hour to relevant authorities.

16. One Token to rule them all – obtaining Global Admin in every Entra ID tenant via Actor tokens

    This is a big deal, exposing all Microsoft Entra networks to compromise as a Global Admin. The vulnerability consisted of two components: undocumented impersonation tokens, called “Actor tokens”, that Microsoft uses in their backend for service-to-service (S2S) communication. Additionally, there was a critical flaw in the (legacy) Azure AD Graph API that failed to properly validate the originating tenant, allowing these tokens to be used for cross-tenant access. Microsoft fixed this vulnerability on their side within days of the report being submitted and has rolled out further mitigations that block applications from requesting these Actor tokens for the Azure AD Graph API. Microsoft also issued CVE-2025-55241 for this vulnerability.