This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Cyrus Tibbs, CISO, Pennymac
Missed the live show? Check it out on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
Pentagon welcomes Chinese engineers into its environment
In an unfortunate case of the fox guarding the henhouse, U.S. military systems are receiving backend support from engineers based in China. That may sound like a security risk, and that’s because it is. ProPublica reports that while these foreign engineers work through “digital escorts” in the U.S., the escorts often lack the technical skills to detect malicious code or misuse. The arrangement was approved by the Pentagon despite serious internal warnings from Microsoft staff about national security risks.
Google Gemini flaw hijacks email summaries for phishing
As posted in BleepingComputer. “Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links.” As a reinvention of the white font, zero-point size technique, this attack leverages indirect prompt injections that are invisible to humans but obeyed by Gemini when generating the message summary. The model disclosed by a researcher at Mozilla as part of that company’s bug bounty program for generative AI tools, shows how an attacker can hide malicious instructions in the body text at the end of the message using HTML and CSS that literally sets the font size to zero and its color to white. Lacking any links or attachments allows the email to slip through, at which point, the “if the recipient opens the email and asks Gemini to generate a summary of the email, Google’s AI tool will parse the invisible directive and obey it.”
AAR pledges to start fixing 20-year old vulnerability next year
Modern trains use an End-of-Train device to transmit status data from… you guessed it the end of the train to the Head-of-Train, or HoT device. It can also receive breaking instructions from the HoT. CISA issued a new advisory warning that the protocol that links these two devices is not secure, with no authentication or encryption, allowing a threat actor to send rogue brake control commands to the EoT. Researcher Neil Smith discovered the vulnerability back in 2012 while doing research for ICS-CERT. Still, that agency failed to reach a consensus with the Association of American Railroads to get it fixed. Then in 2018, Eric Reuter disclosed technical details of the vulnerability at DEF CON. Smith claims that another researcher published details of the flaw as far back as 2005. In response to CISA’s advisory, the AAR said it is “pursuing new equipment and protocols which should replace traditional End-of-Train and Head-of-Train devices,” with the process expected to begin in 2026. Don’t worry, only about 70,000 total devices need to be upgraded. Fortunately for a 20-year-old vulnerability, there’s no evidence of exploitation in the wild.
Huge thanks to our sponsor, ThreatLocker
WeTransfer says WeApologize
WeTransfer—a popular cloud service used to send large files—wreaked havoc when it updated its terms in July with language like: “You grant us a license to use, reproduce, modify, create derivative works of… and publicly display your content.” These phrases, often tied to AI training, received criticism from artists, writers, and voice actors who use the service. Another clause said they could use content to quote promote the service end-quote. Creators pushed back wanting to know if that gave WeTransfer the ability to use their work in ads, While denying that they meant that at all, WeTransfer revised the language, removing the AI-adjacent terms and limiting usage to what’s “strictly necessary” to run the platform.
(BBC news)
Google says ‘Big Sleep’ AI tool found bug hackers planned to use
Google says its AI agent “Big Sleep” discovered and thwarted a critical SQLite vulnerability before hackers could exploit it—marking what it claims is the first time AI has actively blocked a zero-day attack in the wild. The tool was developed with Project Zero and DeepMind and found multiple real-world bugs since its November debut and is now being used to secure open-source projects.
Salt Typhoon breached National Guard and steal network configurations
The Chinese state-sponsored hacking group “breached and remained undetected in a U.S. Army National Guard network for nine months in 2024, stealing network configuration files and administrator credentials.” These could be used to compromise other government networks. The method by which the group penetrated the National Guard network was not disclosed, but BleepingComputer states that “Salt Typhoon is known for targeting old vulnerabilities in networking devices, such as Cisco routers.”