Robin’s Newsletter #353

23 March 2025. Volume 8, Issue 12
Alphabet to buy Wiz for $32B. Oracle denies cloud platform compromise. Clearview AI class action lawsuit grants plaintiffs company stake.
Join hundreds of subscribers who get this first, every Sunday. Subscribe

This week

Need to Know, 23rd March 2025

  • Alphabet’s $32 billion deal to buy Wiz
  • Oracle deny cloud platform compromise
  • Clearview settlement gives plaintiffs company stake
  • Ofcom seeking OSA assurances from file-sharing firms
  • 10 years to migrate to post-quantum cryptography

“Imagine a government telling a car company to secretly weaken the effectiveness of the brakes on all the cars it sells, recklessly endangering the safety of millions. It would be an unthinkable undermining of public safety.” — Meredith Whittaker, Signal president, in an OpEd for the Financial Times. LINK

Interesting stats

2.1 billion credentials were scooped up by infostealer malware in 2024, according to Flashpoint. Infostealers are typically stealthy malware that quietly harvests usernames and passwords from infected computers. LINK

Five things

  1. Alphabet is to acquire Wiz for $32 billion. It’s Google parent company Alphbet’s largest-ever acquisition and a $9 billion premium on the previous offer made by Google in July 2024. Since its founding five years ago, Wiz has reportedly grown to $700 million in annual recurring revenue. Alphabet has sought to reassure Wiz’s customers, many of whom operate hybrid cloud models, that Wiz will remain a multi-cloud proposition. Clearly, part of the acquisition is the hope of buying customers for Google Cloud Platform, which lags behind AWS and Azure. On top of the purchase price, a further $1 billion is allocated towards staff retention. Before the deal closes, it must gain approval from US officials, which will pose a key antitrust test for the Trump administration. Terms of the deal mean that, even if the deal is blocked, Alphabet will pay Wiz $3.2 billion. LINK, MORE, MULTICLOUD

  2. Oracle denies that its cloud platform has been compromised. An attacker using the pseudonym rose87168 claims to have stolen details on 6 million customers of Oracle’s cloud single sign-on platform. The threat actor claims to have obtained encrypted SSO passwords, Java Keystore (JKS), and other credentials and ‘proved’ their access by pointing to a txt file on Oracle’s servers that contained the attacker’s ProtonMail email address. If you’re an Oracle cloud customer, rotating all SSO, LDAP, JKS, JPS, and other Oracle credentials and keys may be prudent. LINK

  3. A Chicago judge has approved a novel settlement in the Clearview AI class-action lawsuit. The company did not have the cash to pay plaintiffs and their lawyers, who will gain a 23% stake in the firm. The case stems from Clearview’s scraping images from social media and analysing and selling them for facial recognition purposes without obtaining the user’s consent. LINK

  4. The UK’s Online Safety Act provisions to crack down on illegal content came into force this week. Regulator Ofcom says that file-sharing and file-storage services will be a focus for its enforcement as these are (rather obviously) used to share files, including child sexual abuse material (CSAM). It’s written to “a number” of these providers and asked for details on how they identify and tackle CSAM on their platforms. In the long term, these providers will have to conduct risk assessments. One hundred thirty offences across 17 categories are defined. Penalties for non-compliance can be up to 10% of global annual turnover. LINK, MORE

  5. Post-quantum cryptography: NCSC says you have 10 years to migrate to post-quantum cryptography (PQC). The suggested timelines are to have a plan by 2028, carry out high-priority migrations by 2031, and complete migration by 2035. Quantum computing will make breaking the common encryption algorithms that protect data in transit and at rest much easier. Targets for espionage — think government, defence, etc — will want to upgrade sooner, as intelligence agencies may collect data to process and decrypt later. There’s also more work to do for vendors to make PQC options available in their products and services. Start building a list of crypto assets in your organisation, starting with things where you bring your own key. LINK

In brief

  • ⚠️ Incidents: Sperm bank California Cryobank is notifying customers of a breach that occurred a year ago, in April 2024. The unknown number of affected users by this ‘sticky situation’ [classic El Reg] includes names, Social Security, identity, financial, and health insurance information. Spyware vendor SpyX was breached in June 2024; now, more information has surfaced, and the breach may have impacted almost 2 million people. CRYOBANK, SPYX

  • 🕵️ Threat Intel: Russian firm F6 says Ukraine’s IT Army conducted a sharp increase in attacks last year, with a focus on telcos in border regions. The IT Army is a loosely affiliated hacktivist group that favours using distributed denial-of-service (DDOS) techniques to overwhelm target infrastructure. The new Arcane infostealer targets YouTube and Discord users looking for computer game cheat codes. While games may not seem like a threat to businesses, IT admin’s credentials may be exposed if they’re logging in from their personal equipment to provide support out-of-hours. Cybercriminals are abusing Microsoft’s Trusted Signing platform to generate certificates for malware because many security tools afford greater trust to these signed executables. IT ARMY, ARCANE, MICROSOFT

  • 🪲 Vulnerabilities: Threat actors are exploiting a remote code execution vulnerability in Apache Tomcat. CVE-2025-24813 is triggered by a PUT request containing the payload saved in session storage, and subsequently executed by making a GET request with the same JSESSIONID cookie. Users of the IBM AIX operating system are “strongly recommended” to patch a pair of critical vulnerabilities. CVE-2024-56346 (10/10) and CVE-2024-56347 (9.6/10) allow remote attackers to execute arbitrary commands. Criticism for Veeam over their handling of a critical remote code execution vulnerability, CVE-2025-23120 (9.9/10), for blaming users for not abiding by ‘unknown’ good practice. TOMCAT (ADVISORY), AIX (ADVISORY), VEEAM (ADVISORY)

  • 🧿 Privacy: New York Police Department has been using drones as first responders (DFR) since July 2024, but critics say policies around their use and data collected are unclear. DFR

  • 👮 Law Enforcement: A federal court has overruled the sentence for Paige Thompson who stole data on over 100 million Capital One customers in 2019. The district court judge’s original sentence was for five years plus time served and considered Thompson’s transgender and autism status. Appealing the sentence, prosecutors argued that the original judge gave too much weight to Thompson’s history and personal characteristics. THOMPSON

And finally

  • Scam baiter Kitboga has developed an artificial intelligence bot to tie up and impose costs on operators in scam call centres. VIDEO
Robin
  Alphabet Wiz Google Cloud Platform Oracle Clearview AI Online Safety Act Post-Quantum Cryptography (PQC) Cryptography Ukraine IT Army Arcane (infostealer) Apache Tomcat IBM AIX Veeam New York Police Department (NYPD) Drones as First Responders (DFR) Drones Capital One Paige Thompson Scam baiting Artificial Intelligence (AI) Robin's Newsletter - Volume 8
Next:
Robin’s Newsletter #354
Previous:
Robin’s Newsletter #352