1 00:00:00,753 --> 00:00:01,983 Cybersecurity today. 2 00:00:01,983 --> 00:00:04,533 Would like to thank Meter for their support in bringing you. 3 00:00:04,533 --> 00:00:10,503 This podcast Meter delivers a complete networking stack with wired, wireless and 4 00:00:10,503 --> 00:00:15,483 cellular, all in one integrated solution that's built for performance and scale. 5 00:00:15,813 --> 00:00:19,683 You can find them at meter.com/cst. 6 00:00:21,673 --> 00:00:23,443 Massive patch list. 7 00:00:23,503 --> 00:00:25,543 Zero day flaw in Cisco. 8 00:00:25,543 --> 00:00:28,213 Email gateways being actively exploited. 9 00:00:29,143 --> 00:00:35,413 Latvian arrested trying to install rat in Italian ferry in a Hollywood style hack. 10 00:00:36,223 --> 00:00:40,783 This is cybersecurity today, and I'm your host, David Shipley. 11 00:00:41,263 --> 00:00:42,223 Let's get started. 12 00:00:43,243 --> 00:00:47,773 Today's first story comes via Hacker News and involves a known exploited 13 00:00:47,773 --> 00:00:51,763 vulnerability affecting Cisco's email security infrastructure. 14 00:00:52,543 --> 00:00:56,443 Cisco is warning customers about active attacks, exploiting a 15 00:00:56,443 --> 00:00:59,593 zero day flaw in Cisco Async os. 16 00:00:59,803 --> 00:01:04,303 The operating system used by Cisco Secure email gateway and secure 17 00:01:04,303 --> 00:01:06,853 email and web manager appliances. 18 00:01:07,963 --> 00:01:08,923 Cisco attributes. 19 00:01:08,923 --> 00:01:15,433 The activity to a China Nexus advanced persistent threat Tracked is UAT 96 86. 20 00:01:16,618 --> 00:01:25,108 The vulnerability CVE 20 25 2 0 3 93 carries A-C-V-S-S score of 10. 21 00:01:25,318 --> 00:01:31,738 The maximum It allows attackers to execute an arbitrary command with root 22 00:01:31,738 --> 00:01:34,113 level privileges on affected appliances. 23 00:01:35,118 --> 00:01:39,978 Cisco has confirmed that attackers are not just gaining access, but also 24 00:01:39,978 --> 00:01:44,688 deploying persistence mechanisms, allowing them to maintain long-term 25 00:01:44,688 --> 00:01:46,668 control of compromised devices. 26 00:01:47,878 --> 00:01:51,298 All versions of Async OS are affected. 27 00:01:51,868 --> 00:01:55,258 Exploitation requires one specific condition. 28 00:01:55,738 --> 00:02:01,258 The spam quarantine feature must be enabled and reachable from the internet. 29 00:02:01,798 --> 00:02:07,228 While this feature is not enabled by default, Cisco has identified a limited 30 00:02:07,228 --> 00:02:12,538 number of exposed appliances that were accessible externally to the internet. 31 00:02:13,588 --> 00:02:17,968 Cisco's investigation shows attackers deploying tunneling tools such as 32 00:02:17,968 --> 00:02:24,088 Reverse SSH, and Chisel, along with a Python based backdoor called Aqua Shell. 33 00:02:24,838 --> 00:02:30,118 The backdoor listens for specifically crafted HTTP requests and executes 34 00:02:30,118 --> 00:02:34,798 attacker commands directly on the system shell giving threat actors 35 00:02:34,798 --> 00:02:39,028 durable covert access inside email security infrastructure. 36 00:02:40,468 --> 00:02:44,548 There is no patch available at this time. 37 00:02:45,283 --> 00:02:49,723 Cisco is advising customers to immediately restrict internet exposure, 38 00:02:49,813 --> 00:02:55,393 place appliances behind firewalls, disable unnecessary services, monitor 39 00:02:55,393 --> 00:03:00,343 logs for suspicious activity, and separate mail and management interfaces. 40 00:03:01,003 --> 00:03:06,073 Cisco also warns that if compromise is confirmed, rebuilding the 41 00:03:06,073 --> 00:03:10,753 appliance is currently the only way to fully remove attacker persistence. 42 00:03:12,163 --> 00:03:15,673 Not exactly great news a couple of days out from the holidays. 43 00:03:16,663 --> 00:03:24,173 Importantly, A has added CVE 20 25 2 0 3 93 to its known exploited vulnerabilities 44 00:03:24,173 --> 00:03:30,863 catalog with US federal agencies required to apply mitigations by December 24th. 45 00:03:31,913 --> 00:03:34,733 Merry Christmas to you from China. 46 00:03:37,298 --> 00:03:41,468 Our second story today comes via France 24, and it highlights a cyber 47 00:03:41,468 --> 00:03:45,068 risk that crosses cleanly from the digital world and into physical safety. 48 00:03:46,418 --> 00:03:48,338 French authorities are investigated. 49 00:03:48,338 --> 00:03:53,078 Suspected foreign interference after malware capable of remote control 50 00:03:53,228 --> 00:03:57,848 was discovered aboard a passenger ferry docked in southern France. 51 00:03:58,208 --> 00:04:04,028 The vessel, the fantastic is operated by Italian shipping company GNV and 52 00:04:04,028 --> 00:04:07,028 can carry more than 2000 passengers. 53 00:04:07,898 --> 00:04:12,188 According to French prosecutors, the ship's operating system was infected with 54 00:04:12,188 --> 00:04:17,438 what appears to be a remote access Trojan or rat malware that allows an attacker 55 00:04:17,438 --> 00:04:19,748 to take control of a system from a fire. 56 00:04:20,408 --> 00:04:25,388 Italian authorities had warned France in advance triggering an emergency 57 00:04:25,388 --> 00:04:27,848 inspection once the ship reached port. 58 00:04:29,168 --> 00:04:33,578 A Latvian National has been arrested and charged while a 59 00:04:33,578 --> 00:04:36,068 second crew member was released. 60 00:04:36,458 --> 00:04:39,518 investigators are examining whether the attack involved 61 00:04:39,728 --> 00:04:41,798 complicity with in the crew. 62 00:04:43,603 --> 00:04:46,993 Investigators are examining whether the attack involved 63 00:04:47,023 --> 00:04:48,763 complicity within the crew. 64 00:04:49,033 --> 00:04:52,153 As experts say, installing this type of malware would likely 65 00:04:52,153 --> 00:04:57,433 require physical access, potentially via removable media like A USB 66 00:04:57,463 --> 00:05:00,493 device, France's domestic Intel. 67 00:05:02,423 --> 00:05:04,523 France's Domestic Intelligence Service. 68 00:05:04,523 --> 00:05:10,133 The DGSI is leading the investigation, underscoring the seriousness of the case. 69 00:05:10,613 --> 00:05:15,083 Prosecutors say they're looking into whether an organized group acted in the 70 00:05:15,083 --> 00:05:19,583 interest of a foreign power attempting to compromise the ship's systems. 71 00:05:21,348 --> 00:05:25,913 Officials have stopped short of naming a country, but France and other European 72 00:05:25,913 --> 00:05:30,173 governments have warned of escalating interference campaigns linked to Russia. 73 00:05:31,343 --> 00:05:34,643 Maritime cybersecurity experts are clear on the stakes. 74 00:05:35,063 --> 00:05:39,803 Any attempt to interfere with ship control systems represents a critical 75 00:05:39,803 --> 00:05:45,323 risk with potentially severe physical consequences for passengers and crew. 76 00:05:46,448 --> 00:05:50,738 The ship was ultimately cleared to sail after inspectors confirmed no 77 00:05:50,738 --> 00:05:55,178 ongoing danger, and the operator says the intrusion attempt was identified 78 00:05:55,178 --> 00:05:57,188 and neutralized without impact. 79 00:05:57,578 --> 00:06:02,528 Still the case has triggered international cooperation including searches in 80 00:06:02,528 --> 00:06:04,388 Latvia with support from Euro just. 81 00:06:05,933 --> 00:06:08,393 The broader takeaway here is hard to miss. 82 00:06:08,813 --> 00:06:14,513 Cybersecurity failures and transportation systems are no longer just IT incidents. 83 00:06:14,993 --> 00:06:18,203 They are safety issues, national security issues, and 84 00:06:18,203 --> 00:06:20,693 increasingly geopolitical ones. 85 00:06:21,473 --> 00:06:25,553 When software controls physical systems, the consequences of compromise 86 00:06:25,583 --> 00:06:28,163 extend far beyond the digital screen. 87 00:06:31,568 --> 00:06:33,308 I've been your host, David Shipley. 88 00:06:33,728 --> 00:06:38,468 I'll be back on Monday covering the latest news as holiday 2025. 89 00:06:38,468 --> 00:06:43,268 Looks sadly to be just as busy for security teams as previous years, 90 00:06:43,358 --> 00:06:47,258 and we'll do our best to keep you informed on the latest threats and 91 00:06:47,258 --> 00:06:51,908 what you can do about them so you can enjoy as much of the break as you can. 92 00:06:53,018 --> 00:06:56,258 I'll be joining Jim and our regular panel guests for a special year in 93 00:06:56,258 --> 00:07:00,188 review episode this weekend, and also. 94 00:07:00,803 --> 00:07:02,483 One of our final reminders of the year. 95 00:07:03,143 --> 00:07:07,703 If you enjoy the show, please help us spread the word, like, subscribe. 96 00:07:07,853 --> 00:07:12,563 Consider leaving a review and if you enjoy the show, please tell others. 97 00:07:12,833 --> 00:07:16,223 We'd love to grow our audience next year and we need your help. 98 00:07:16,733 --> 00:07:18,653 I've been your host, David Chipley. 99 00:07:18,863 --> 00:07:22,223 Jim Love will be back on the regular news desk in the new year. 100 00:07:22,879 --> 00:07:26,149 We'd like to thank Meter for their support in bringing you this podcast 101 00:07:26,419 --> 00:07:31,369 Meter delivers full stack networking infrastructure, wired, wireless, and 102 00:07:31,369 --> 00:07:36,829 cellular to leading enterprises working with their partners Meter designs. 103 00:07:37,069 --> 00:07:41,599 Deploys and manages everything required to get performant, 104 00:07:41,809 --> 00:07:44,479 reliable, and secure connectivity. 105 00:07:44,989 --> 00:07:48,559 They design the hardware, the firmware, build the software, 106 00:07:48,709 --> 00:07:51,229 manage deployments, and run support. 107 00:07:51,559 --> 00:07:55,759 It's a single integrated solution that scales from branch offices. 108 00:07:56,054 --> 00:08:04,364 To warehouses and large campuses to data centers, book a demo at me.com/cst. 109 00:08:04,694 --> 00:08:09,014 That's METE r.com/cst.