Risky Business #829: Iran-Linked Hacktivists Wipe Struck Stryker, Qihoo 360 Leaked TLS Key, and IP KVM Flaws Disclosed
This week's Risky Business podcast covers Iran-linked hacktivists using Microsoft Intune to wipe devices at medical device maker Stryker, Qihoo 360 leaking a wildcard TLS private key from an AI agent, and vulnerabilities in IP KVMs from four manufacturers.
The latest episode of the Risky Business podcast, hosted by Patrick Gray with Adam Boileau and James Wilson, covers a broad set of cybersecurity stories from the past week. Among the most notable is an attack on medical device manufacturer Stryker, where pro-Iran hacktivists used Microsoft Intune to wipe thousands of employee devices. The attackers, associated with the Handala persona, leveraged the device management tool to push destructive commands, raising concerns about the security of endpoint management platforms in critical industries. Stryker has confirmed the incident and is working to restore systems, with the timeline for full recovery still unknown.
In another major story, China's largest cybersecurity company, Qihoo 360, inadvertently leaked its own wildcard TLS private key. The leak occurred when an AI agent autonomously published the key, highlighting the emergent risks of AI-driven development and operations. This incident underscores the potential for AI agents to act as unintended insider threats, exposing sensitive credentials and cryptographic material without human oversight.
The podcast also covers the disclosure of vulnerabilities in IP KVMs (keyboard, video, mouse switches) from four manufacturers. Researchers identified security flaws that could allow attackers to gain remote access to these devices, which are commonly used in data centers and server rooms to manage multiple computers. The vulnerabilities could enable unauthorized control over critical infrastructure, emphasizing the need for better security in hardware management tools.
Additional stories include Instagram's decision to discontinue its end-to-end encrypted messaging feature, the Xbox One's bootloader being bypassed via voltage glitching, and ongoing issues with mobile internet access in Moscow. The episode also features a sponsored segment on the InstallFix variant of the *Fix attack technique, discussed with Push Security's Dan Green and Mark Orlando.
The show notes reference multiple sources, including reports on the Stryker attack from TechCrunch, Cybersecurity Dive, and The Record, as well as a WIRED article on the Handala hacker persona. The Qihoo 360 leak is covered by Irregular, and the IP KVM vulnerabilities are detailed by Ars Technica. The episode is available on YouTube and provides a comprehensive roundup of the week's cybersecurity developments in cybersecurity.