ICS Flaws, Rapper Bot Arrest, and Japan Ransomware Trends

Oregon Man Charged Over Rapper Bot DDoS Service Probe

🔒 Federal agents arrested 22‑year‑old Ethan J. Foltz of Springfield, Ore., on Aug. 6, 2025, on suspicion of operating Rapper Bot, a global IoT botnet rented to extortionists for DDoS attacks. The complaint alleges Rapper Bot routinely generated attacks exceeding 2 terabits per second and at times surpassed 6 Tbps, including an attack tied to intermittent outages on Twitter/X. Investigators traced control infrastructure and payments through an ISP subpoena, PayPal records and Google data, recovered Telegram chats with a co‑conspirator known as 'Slaykings,' and say Foltz wiped logs regularly to hinder attribution. He faces one count of aiding and abetting computer intrusions, carrying a maximum statutory term of 10 years.

Siemens Mendix SAML Module: Signature Verification Flaw

⚠️ The Siemens Mendix SAML module contains an improper verification of cryptographic signature that can be exploited remotely and has been assigned CVE-2025-40758 with a CVSS v3.1 base score of 8.7. Affected versions prior to V3.6.21, V4.0.3, and V4.1.2 (depending on Mendix compatibility) may allow unauthenticated attackers to hijack accounts in specific SSO configurations. Siemens recommends updating to the fixed versions, enabling UseEncryption, and reducing network exposure using firewalls and secure VPNs.

Ransomware Incidents in Japan: H1 2025 Trends and Analysis

🔒 Cisco Talos identified a roughly 1.4× rise in ransomware incidents in Japan during H1 2025, with 68 confirmed cases versus 48 in the same period last year. Attacks continued to focus on small and medium-sized enterprises, with manufacturing the most affected sector. The report highlights active groups such as Qilin, RansomHub and Hunters International and spotlights the emerging Kawa4096/KaWaLocker family. Talos recommends layered defenses including Cisco Secure Endpoint, Secure Email and Secure Malware Analytics, and publishes IOCs for responders.

Siemens CodeMeter Privilege Escalation in Desigo CC

🔒 Siemens has disclosed a Least Privilege Violation in the Wibu CodeMeter runtime that affects the Desigo CC product family and SENTRON Powermanager series. The issue (CVE-2025-47809) can allow local privilege escalation immediately after installation if the CodeMeter Control Center is present and not restarted. A CVSS v3.1 base score of 8.2 has been assigned. Siemens and WIBU recommend updating to CodeMeter v8.30a and restarting systems; CISA advises network segmentation and minimizing exposure.

PerfektBlue: Bluetooth Vulnerabilities in Car Infotainment

🔒 Researchers have identified a chain of four Bluetooth vulnerabilities collectively named PerfektBlue in the OpenSynergy Blue SDK, used in millions of vehicles. An attacker that pairs via Bluetooth can exploit AVRCP flaws to execute code on the head unit and inherit its Bluetooth privileges, potentially accessing microphones, location data, and personal information. Vehicle owners should update head-unit firmware when patches are available and disable Bluetooth when not in use.

CISA Issues Four New Industrial Control Systems Advisories

🛡️ CISA released four Industrial Control Systems (ICS) advisories on August 19, 2025, highlighting vulnerabilities and potential exploits that could affect operational technology environments. The advisories—ICSA-25-231-01 (Siemens Desigo CC Product Family and SENTRON Powermanager), ICSA-25-231-02 (Siemens Mendix SAML Module), ICSA-25-217-02 (Tigo Energy Cloud Connect Advanced, Update A), and ICSA-25-219-07 (EG4 Electronics EG4 Inverters, Update A)—include technical details and recommended mitigations. Users and administrators are urged to review the advisories and apply vendor guidance and mitigations promptly to reduce exposure.

AWS auto-enables OpenAI open-weight models in Bedrock

🔓 AWS has made two OpenAI models with open weights — gpt-oss-120b and gpt-oss-20b — automatically available to all Amazon Bedrock users as of August 5, 2025. Users can access them immediately via the Amazon Bedrock console playground or the unified Bedrock API in supported regions. Administrators retain full control and can restrict usage with AWS IAM policies and Service Control Policies.

Amazon Connect Adds Multi-User Web, In-App and Video Calling

📞 Amazon Connect now supports multi-user web, in-app, and video calling, allowing multiple participants to join the same session with an agent via browser or mobile app. Agents can dynamically add participants during live calls or host scheduled multi-party sessions, and attendees can use audio, video, and screen sharing. This feature enables richer, more inclusive interactions for scenarios such as joint financial planning, family medical consultations, and meetings with legal representatives or translators.

Dutch prosecution hack disables multiple speed cameras

⚠️ The Netherlands' Public Prosecution Service (Openbaar Ministerie) disconnected its networks on July 17 after suspecting attackers had exploited Citrix device vulnerabilities, leaving several fixed, average and portable speed cameras unable to record offences. Internal email remained available, but external communications and documents required printing and postal delivery. Regulators including the National Cybersecurity Centre were informed, and prosecutors warned that ongoing downtime will delay cases and hamper road-safety enforcement while systems remain offline.

Amazon MSK Expands Graviton3 M7g Support to 8 Regions

🚀 Amazon MSK now supports Graviton3-based M7g instances for Standard brokers on MSK Provisioned clusters across eight additional AWS Regions, including both AWS GovCloud regions and several Asia Pacific and European locations. M7g instances offer up to 24% lower compute costs and up to 29% higher write and read throughput versus comparable M5-based clusters. The expansion helps customers optimize performance and reduce operational expenses for production Kafka workloads.

AWS Expands EC2 I7i Storage Instances to Europe, APAC

🔔 Amazon Web Services has made EC2 I7i storage-optimized instances available in AWS Europe (Frankfurt, London) and Asia Pacific (Malaysia, Sydney, Tokyo). Powered by 5th generation Intel Xeon Scalable processors and 3rd generation AWS Nitro SSDs, I7i delivers up to 23% better compute and >10% improved price performance versus I4i, plus up to 45TB NVMe and significant latency and IOPS gains. Eleven sizes (including two bare metal) offer up to 100 Gbps network and 60 Gbps EBS bandwidth, and a torn write prevention feature supporting 16 KB blocks helps remove database bottlenecks.

AWS launches memory-optimized EC2 R8i and R8i-flex

🔔 AWS announced general availability of new memory-optimized Amazon EC2 R8i and R8i‑flex instances powered by custom Intel Xeon 6 processors. AWS says these instances deliver up to 15% better price-performance and 2.5x the memory bandwidth of prior Intel-based generations, with up to 20–60% faster results on targeted workloads. R8i provides 13 sizes including a new 96xlarge and SAP certification, while R8i‑flex offers common, cost-efficient sizes from large to 16xlarge. Instances are initially available in N. Virginia, Ohio, Oregon, and Spain and can be purchased via On‑Demand, Spot, or Savings Plans.

GenAI-Enabled Phishing: Risks from AI Web Services

🚨 Unit 42 analyzes how rapid adoption of web-based generative AI is creating new phishing attack surfaces. Attackers are leveraging AI-powered website builders, writing assistants and chatbots to generate convincing phishing pages, clone brands and automate large-scale campaigns. Unit 42 observed real-world credential-stealing pages and misuse of trial accounts lacking guardrails. Customers are advised to use Advanced URL Filtering and Advanced DNS Security and report incidents to Unit 42 Incident Response.

Amazon RDS for SQL Server: Kerberos via Self-Managed AD

🔐 Amazon Relational Database Service (RDS) for SQL Server now supports Kerberos authentication when instances are joined to a self-managed Microsoft Active Directory. Previously, Kerberos integration required AWS Managed Microsoft AD; customers can now enable Kerberos authentication with their existing on-premises or self-managed AD environments. This change simplifies migrations and preserves enterprise identity configurations while continuing to support existing integrations with AWS Managed AD. The feature is available in all AWS Commercial and AWS GovCloud (US) Regions.

TwelveLabs Pegasus 1.2 Now in AWS Virginia and Seoul

📹 TwelveLabs Pegasus 1.2 is now available in US East (N. Virginia) and Asia Pacific (Seoul) through Amazon Bedrock. The video-first language model is optimized for long-form content and combines visual, audio, and textual signals to deliver advanced video-to-text generation and temporal understanding. Regional availability reduces latency and simplifies architecture for enterprise video-intelligence applications. To begin, request model access via the Amazon Bedrock console.

Why Speed and Trust Matter in Modern MDR Services Now

⚡ Top-tier managed detection and response (MDR) gives organisations 24/7 expert monitoring to detect, contain and remediate threats before they escalate. With adversaries reducing breakout times to minutes, rapid detection and containment are essential to minimise dwell time, limit blast radius and reduce breach costs. Choose MDR with AI-driven detection, proactive threat hunting and a trusted SOC team for speedy, tailored protection.

Fortinet at Black Hat USA 2025: Innovation & Community

🔒 Fortinet played a central role at Black Hat USA 2025, engaging thousands of attendees through demos, theater sessions, and partner presentations. At Booth #2446 and the Security Fabric Theater, Fortinet highlighted integrated capabilities across secure networking, SOC transformation, endpoint protection, and CNAPP, and showcased research on adversarial AI. The program extended into DEF CON 33, reinforcing the urgency of attack surface management and rapid threat detection.

Value Exchange in Cybersecurity: Aligning Vendors & Partners

🤝 Strong vendor–partner alignment drives faster resolution, tailored deployments and sustained security outcomes for customers. Palo Alto Networks frames this mutual commitment as the value exchange and supports it with investments such as a refreshed Learning Center for Partners to build role-based expertise. When vendors and partners operate as a unified ecosystem, platformization reduces silos, lowers total cost of ownership and enables unified visibility and faster remediation. Weak collaboration, conversely, increases downtime, cost and risk.

AWS Achieves Standards Exceeded in NHS DSPT 2024-25

🔒 Amazon Web Services (AWS) has completed the NHS Data Security and Protection Toolkit (NHS DSPT) assessment for 2024–25, achieving Standards Exceeded. The certification is valid until June 30, 2026 and is available via NHS England and AWS Artifact. NHS DSPT measures performance against the National Data Guardian’s 10 data security standards, covering Personal Confidential Data, Continuity Planning, and IT Protection. AWS emphasises that security is a shared responsibility and directs customers to its compliance resources.

The AI Fix Episode 64: AI, robots, and industry disputes

🎧 In episode 64 of The AI Fix, hosts Graham Cluley and Mark Stockley survey a lively mix of AI breakthroughs, quirky robotics, and high-profile industry rows. Highlights include machine-learning work that uncovers unexpected results in dusty plasmas, a mudflat robocrab contest, a laundry-folding robot demo, and a contentious public spat involving Elon Musk and Sam Altman. The episode also touches on Geoffrey Hinton’s warnings about superintelligence, UK government advice on old emails, and recent research from Anthropic and Figure AI. Listeners are invited to support the show and follow on podcast platforms and Bluesky.

JJ Cummings on Managing Sensitive Threat Intelligence

🔒 At Talos, JJ Cummings — leader of the Threat Intelligence and Interdiction team — discusses the delicate work of handling partner-provided, sensitive information while conducting nation‑state investigations. He outlines how analysts create unattributable or alternatively attributable reporting to preserve sources and still deliver operationally useful findings. JJ credits colleagues such as Matt Olney and Ryan Pentney and emphasizes his team's role as force multipliers in incident response, threat hunting, and deep analysis.