CyberWire Daily: Patch Tuesday, North Korean APT, Apple Security, and Project Franklin
N2K NetworksSeptember 10, 202529 min616 views
19 connectionsΒ·40 entities in this videoβPatch Tuesday Updates
- π» Microsoft released fixes for 86 vulnerabilities, including two publicly disclosed zero-day flaws, one enabling SMB relay attacks.
- π Adobe addressed nearly two dozen vulnerabilities, with critical flaws in Cold Fusion and Commerce.
- π Industrial sector updates included eight high security advisories from Rockwell Automation, alongside advisories from Siemens, Schneider Electric, and Phoenix Contact.
- βοΈ Fortinet, Ivanti, and Nvidia also issued updates for high-severity issues.
North Korean APT Kimsuky and Mac Malware
- π°π΅ A 9 GB data leak revealed North Korean APT Kimsuky's development of interactive malware, a Linux rootkit, and phishing infrastructure.
- π― The group, also known as APT43, targeted South Korea and Taiwan with GPKI and credential theft campaigns, with suspected Chinese support.
- π Apple introduced Memory Integrity Enforcement (MIE) for iPhones to combat advanced spyware attacks exploiting memory safety flaws.
- π» ChillyHell, a sophisticated modular backdoor targeting macOS, has been active since 2021 and evades antivirus detection.
Ransomware Trends and Critical Infrastructure Security
- π Ransomware demands and payments in the education sector have dropped sharply in 2025, with average demands falling 74% and payments by 80-90%.
- β‘ US critical infrastructure security lags behind modern smartphones, with the energy sector and water systems being particularly vulnerable.
- β οΈ Senator Angus King described US cybersecurity as a βhellscapeβ exacerbated by government cuts, especially at CISA.
- πΊπ¦ A Ukrainian national faces federal charges and an $11 million bounty for allegedly running ransomware operations causing an estimated $18 billion in global damages.
Project Franklin and Wi-Fi Spying
- π€ Project Franklin, co-founded by Jake Braun and Jeff Moss, aims to recruit DEF CON community volunteers to provide free cybersecurity support to water utilities.
- π§ The initiative has successfully assigned volunteers to several water utilities, assisting with basic security measures like password changes and MFA, to more advanced tasks like asset inventory and incident response planning.
- π Researchers developed WhoFi, a system that can identify and re-identify people based on how their bodies distort Wi-Fi signals, achieving 95.5% accuracy.
- π WhoFi's ability to see through walls and operate without a phone raises new privacy concerns.
Knowledge graph40 entities Β· 19 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover Β· drag to explore
40 entities
Chapters11 moments
Key Moments
Transcript103 segments
Full Transcript
Topics16 themes
Whatβs Discussed
Patch TuesdayVulnerabilitiesZero-Day ExploitsNorth Korean APTKimsukyApple SecurityMemory Integrity EnforcementRansomwareEducation Sector SecurityCritical Infrastructure SecurityICS SecurityProject FranklinDEF CONWater Systems SecurityWhoFiWi-Fi Security
Smart Objects40 Β· 19 links
ConceptsΒ· 21
CompaniesΒ· 7
ProductsΒ· 2
PeopleΒ· 6
EventΒ· 1
MediasΒ· 2
LocationΒ· 1