In this episode of Storm Watch, the hosts discuss a variety of cybersecurity topics, starting with the discovery of an Android mobile botnet. They note that mobile traffic has been trending upward since the end of March, with a significant increase in April. The botnet is attributed to a banking Trojan, and the hosts emphasize the importance of keeping mobile devices updated and being cautious with app installations and link clicks.
The conversation then shifts to recent cyber incidents, including the VMware ARIA vulnerability and the Fortinet and Zyxel pre-auth injection vulnerabilities. The hosts stress the importance of staying on top of updates and considering additional security measures for these devices. They also mention the ongoing "MOVEit" campaign, which has impacted over 100 organizations and exposed over 5 million records.
Next, the hosts touch on the Apache Log4j vulnerability, noting a recent spike in activity that has since returned to its previous baseline. They also discuss an advisory on an ICS monitoring device with a hardcoded password vulnerability, emphasizing the potential high value for attackers targeting industrial control systems.
Finally, the hosts address a recent UPS data disclosure letter, which has been criticized for its lack of clarity. They emphasize the importance of transparency and straightforward communication when it comes to security incidents and data breach notifications.