SN 1014: FREEDOM Administration Login - Apple's UK Privacy Showdown, $1.5 Billion Crypto Heist
2Digest
This podcast covers a range of pressing cybersecurity issues. It begins with Apple's controversial decision to disable advanced data protection (ADP) in the UK, sparking debate about government access to encrypted data and user privacy. The discussion then expands to the illegality of paying ransomware demands and the rise of Ransomware as a Service (RaaS). Recent cybersecurity news is covered, including vulnerabilities in OpenSSH, China's persistent cyberattacks (Salt Typhoon) targeting US telecoms, and a massive cryptocurrency heist from Bybit ($1.5 billion, attributed to the Lazarus Group). The podcast also examines X (formerly Twitter)'s blocking of Signal links, the Spanish soccer league's misguided attempt to block Cloudflare IPs (affecting legitimate websites due to SNI), and a critical vulnerability in Hirsch building access systems with default credentials. Experts discuss the need for stronger US cyber offense against China, the increasing threat of AI-powered cyberattacks, and the importance of updating software and securing management interfaces. Finally, updates on the DNS benchmark project and the proposed replacement of "backdoor" with "master key" in cybersecurity discussions are presented.
Outlines
Apple's UK Data Protection Decision & Cybersecurity Threats
The podcast introduces Apple's decision to disable advanced data protection in the UK, raising privacy concerns. It also discusses the illegality of paying ransomware and recent cybersecurity news, including OpenSSH vulnerabilities and a massive cryptocurrency heist.
X Censorship, Cloudflare Blocking, and the Implications
This section analyzes X's blocking of Signal links, the Spanish soccer league's unsuccessful attempt to block Cloudflare IPs (affecting legitimate sites due to SNI), and the resulting discussion on net neutrality and the challenges of centralized communication platforms.
OpenSSH Vulnerabilities and the US Cyber Defense Strategy
The podcast details newly discovered OpenSSH vulnerabilities, highlighting the need for software updates. It also discusses Senator Warner's call for a stronger US cyber offense against China (Salt Typhoon), focusing on the exploited vulnerabilities in Cisco's IOS XE and the complexities of remediation.
The Bybit Heist, AI-Powered Threats, and Future Cybersecurity Concerns
A deep dive into the $1.5 billion Bybit cryptocurrency heist by the Lazarus Group, detailing their sophisticated techniques. The podcast also explores the growing threat of AI-powered cyberattacks, including autonomous drones, and the concerns of the US falling behind in cyberspace.
DNS Benchmark Updates, Hirsch Building Vulnerability, and Terminology Changes
This section covers updates to the DNS benchmark project, the replacement of "backdoor" with "master key" in cybersecurity discussions, and a critical vulnerability discovered in Hirsch building access systems, highlighting the importance of eliminating default credentials and securing management interfaces.
Keywords
Advanced Data Protection (ADP)
Apple's security feature; its disabling in the UK raises privacy concerns.
Ransomware as a Service (RaaS)
A business model where cybercriminals offer ransomware tools and services.
OpenSSH Vulnerabilities
Newly discovered vulnerabilities in OpenSSH, highlighting the need for software updates.
Salt Typhoon
A Chinese state-sponsored hacking group targeting US telecommunications networks.
Lazarus Group
A North Korean APT group responsible for significant cyberattacks, including the Bybit heist.
Net Neutrality
The principle that ISPs should treat all data equally.
Server Name Indication (SNI)
A TLS extension that allows a client to specify the hostname, complicating website blocking efforts.
AI-Powered Cyberattacks
The increasing threat of AI-enhanced cyberattacks, including autonomous drones.
CVE-2025-26793
Critical vulnerability in Hirsch building access systems.
Q&A
What are the potential long-term consequences of Apple disabling Advanced Data Protection in the UK?
This could set a dangerous precedent, weakening encryption and privacy protections globally.
Why is paying ransomware often illegal?
Paying ransoms can violate sanctions and encourages further criminal activity.
What are the key vulnerabilities discovered in OpenSSH, and how can they be mitigated?
Two vulnerabilities were found; updating to OpenSSH 9.9p2 is recommended.
What are the key vulnerabilities exploited by the Salt Typhoon hacking group?
Salt Typhoon exploited known, patched vulnerabilities in Cisco's IOS XE web UI, highlighting the importance of timely software updates and secure configuration.
How did the Lazarus Group successfully steal $1.5 billion from Bybit?
The Lazarus Group used malware to manipulate the user interface of the cryptocurrency wallet software, bypassing security measures.
What is the significance of Senator Warner's call for a more aggressive US cyber offense against China?
It reflects a growing recognition of the need for a more assertive approach to deter state-sponsored hacking.
What are the key takeaways from the Hirsch building access system vulnerability?
The vulnerability highlights the critical need to eliminate default credentials and implement robust password policies.
What are the potential dangers of AI-powered cyberattacks?
AI could significantly enhance the potency of cyberattacks, enabling autonomous systems to identify and exploit vulnerabilities and conduct physical attacks.
Show Notes
- Apple disables Advanced Data Protection for new UK users.
- Paying ransoms is not as cut and dried as we might imagine.
- Elon Musk's "X" social media blocks "Signal.me" links.
- Spain's soccer league blocks Cloudflare and causes a mess.
- Two new (and rare) vulnerabilities discovered in OpenSSH.
- The U.S. seems unable to evict Chinese attackers from its Telecom systems.
- What are those Chinese "Salt Typhoon" hackers doing to get in?
- The largest (by far) cryptocurrency heist in history occurred Friday.
- Ex-NSA head says the U.S. is falling behind on the cyber front lines.
- We have the winner (and a good one) replacement term for "backdoor".
- A look at a pathetic access control system that begs to be hacked (and will be).
Show Notes - https://www.grc.com/sn/SN-1014-Notes.pdf
Hosts: Steve Gibson and Leo Laporte
Download or subscribe to Security Now at https://twit.tv/shows/security-now.
You can submit a question to Security Now at the GRC Feedback Page.
For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.
Join Club TWiT for Ad-Free Podcasts!
Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit
Sponsors:
Table of contents
United States
