Hacker Null Bulge pleads guilty to stealing Disney's Slack data. Open source version of signal used by former National Security advisor had hardcoded credentials. Millions of Apple airplay enabled devices can be hacked via wifi and a 2024 employee benefits administration provider breach is more than 3000% larger than last reported hitting 4 million Americans. This is Cybersecurity today, and I'm your host, David Shipley.
Bleeping computer reports that a California man who used the Alias Null Bulge pled guilty last week to illegally accessing Disney's internal Slack channels and stealing over 1.1 terabytes of internal company data. According to the US Department of Justice, a 25-year-old named Ryan Kramer created a malicious program in early 2024 that was promoted as an AI image generation tool on GitHub and other platforms.
However, the DOJ says this program was actually malware that allowed Kramer to access the computers of those who installed it in order to steal data and passwords from those devices. According to the Wall Street Journal, a Disney employee downloaded and executed the malware on his computer. This gave Kramer access to password stored in his one password, password manager. Using the stolen credentials, Kramer gave an access to Disney Slack channels. where he downloaded the data.
The Department of Justice says the Kramer then contacted the employee posing as a Russian hacktivist group called Null Bulge warning that the personal information of the employee and Disney stolen Slack data would be published if the employee didn't cooperate. When Kramer heard nothing back from the employee, he released the data. There were at least two other people who downloaded Kramer's malware and the FBI is following up with those victims.
Just when you thought signal gate couldn't be worse, it did. Late last week, a photograph of now former National Security advisor, Mike Waltz, showed he was using an open source signal derivative app called TM Signal. Mackay Lee, an information security engineer, software engineer, investigative data journalist and author, says in several blog posts that there are a number of security concerns with TM Signal.
He points out that the company that provides it Telem message is headed by a former leader in the Israeli Defense Force's Elite Intelligence unit. Lee says The TM signal app works by using signal servers, making it possible for waltz to send end-to-end encrypted messages to normal signal users like Jeffrey Goldberg from the Atlantic, for example.
However, unlike the signal end-to-end encrypted conversation, TM signal automatically archives a copy of the plain text messages, even ones with disappearing messages somewhere else that may or may not be secure. One optional destination, a Gmail account. Lee was also able to get access to the source code for TM Signal and his analysis. He found hard coded credentials. A big security. No-No.
As well as other vulnerabilities Researchers have revealed a collection of bugs known as Airborne that would allow any hacker on the same wifi network as airplay enabled devices to covertly run their own code on those devices. Apple's airplay enables iPhones, iPads, and Macs to seamlessly play music or show photos and videos on other Apple devices or third party speakers and TVs that integrate the protocol.
The uncovered security flaws in airplay means those same wireless connections can allow hackers to move within a network just as easily spreading malicious code from one infected device to another. Airborne, and for those of you like me, who had hoped for or thought we had moved past the era of branded vulnerabilities is particularly dangerous because many smart home devices, including third party TVs, are not regularly updated by owners or sometimes even by device makers.
The bugs in Apple's airplay software development kit or SDK for third party devices would allow hijackers to hijack gadgets like speakers, receivers set top boxes, or smart TVs if they're on the same wifi network as a hacker's machine. Apple told wired that those bugs could only have been exploited when users change default airplay settings.
Bottom line, make sure you patch all your Apple devices and any third party devices that use airplay and make sure you educate employees, particularly ones with privilege access about smart home security through your cybersecurity awareness education efforts. Vari Source Services, an employee benefits administration service provider has determined that a previously announced data breach was far worse than initially thought and affects up to 4 million individuals.
I. The Houston Texas based company detected a hacking incident on February 28th, 2024 that disrupted access to some of its systems. Third party cybersecurity and incident response Experts were engaged to investigate the incident and determine the nature and scope of the unauthorized activity. The forensic investigation confirmed that hackers had access to Vera Sources network and had exfiltrated files on February 27th, 2024.
At the time of the initial announcement, vari Source services said names, dates of birth, genders, and social security numbers had been stolen. The affected individuals included employees, independents of clients who used its services, which included HR outsourcing, benefits, enrollment, billing, and administrative services.
The data breach was initially reported as affecting 1,382 individuals, but as the investigation progressed, it became clear the breach was far worse than initially thought, and this is not uncommon. In August of 2024, the data breach was reported to the Office for Civil Rights as it involved the protected health information of 112,000 individuals.
The most recent notification to the main attorney general's office indicates now that 4 million individuals may have been affected a sizable increase from previous estimates. The OCR Breach Portal still lists the incidence as affecting 112,000 patients and plan members of its HIPAA regulated entity clients, although the total may be updated in the coming days.
Resource services explained in the breach notice that the data review was not completed until April 17th, 2025, almost 14 months after the security incident was detected. We are always interested in your opinion and you can contact us at [email protected] or leave a comment under the YouTube video. I've been your host, David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening.