We hit a milestone today as this is our 50th Podcast Episode! A Big thank you to You, our listeners for your continued support!
Kali Linux Users Face Update Issues After Repository Signing Key Loss
CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Risks
WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversations
Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwords
Former Disney Menu Manager Sentenced to 3 Years for Malicious System Attacks
Kali Linux Users Face Update Issues After Repository Signing Key Loss
https://www.kali.org/blog/new-kali-archive-signing-key/
Offensive Security has announced that Kali Linux users will need to manually install a new repository signing key following the loss of the previous key. Without this update, users will experience system update failures.
The company recently lost access to the old repository signing key (ED444FF07D8D0BF6) and had to create a new one (ED65462EC8D5E4C5), which has been signed by Kali Linux developers using signatures on the Ubuntu OpenPGP key server. OffSec emphasized that the key wasn't compromised, so the old one remains in the keyring.
Users attempting to update their systems with the old key will encounter error messages stating "Missing key 827C8569F2518CC677FECA1AED65462EC8D5E4C5, which is needed to verify signature."
To address this issue, the Kali Linux repository was frozen on February 18th. "In the coming day(s), pretty much every Kali system out there will fail to update," OffSec warned. "This is not only you, this is for everyone, and this is entirely our fault."
To avoid update failures, users are advised to manually download and install the new repository signing key by running the command: sudo wget https://archive.kali.org/archive-keyring.gpg -O /usr/share/keyrings/kali-archive-keyring.gpg
For users unwilling to manually update the keyring, OffSec recommends reinstalling Kali using images that include the updated keyring.
This isn't the first time Kali Linux users have faced such issues. A similar incident occurred in February 2018 when developers allowed the GPG key to expire, also requiring manual updates from users.
CISOs Advised to Secure Personal Protections Against Scapegoating and Whistleblowing Risks
https://path.rsaconference.com/flow/rsac/us25/FullAgenda/page/catalog/session/1727392520218001o5wv
https://www.theregister.com/2025/04/28/ciso_rsa_whistleblowing/
Chief Information Security Officers should negotiate personal liability insurance and golden parachute agreements when starting new roles to protect themselves in case of organizational conflicts, according to a panel of security experts at the RSA Conference.
During a session on CISO whistleblowing, experienced security leaders shared cautionary tales and strategic advice for navigating the increasingly precarious position that has earned the role the nickname "chief scapegoat officer" in some organizations.
Dd Budiharto, former CISO at Marathon Oil and Philips 66, revealed she was once fired for refusing to approve fraudulent invoices for work that wasn't delivered. "I'm proud to say I've been fired for not being willing to compromise my integrity," she stated. Despite losing her position, Budiharto chose not to pursue legal action against her former employer, a decision the panel unanimously supported as wise to avoid industry blacklisting.
Andrew Wilder, CISO of veterinarian network Vetcor, emphasized that security executives should insist on two critical insurance policies before accepting new positions: directors and officers insurance (D&O) and personal legal liability insurance (PLLI). "You want to have personal legal liability insurance that covers you, not while you are an officer of an organization, but after you leave the organization as well," Wilder advised.
Wilder referenced the case of former Uber CISO Joe Sullivan, noting that Sullivan's Uber-provided PLLI covered PR costs during his legal proceedings following a data breach cover-up. He also stressed the importance of negotiating severance packages to ensure whistleblowing decisions can be made on ethical rather than financial grounds.
The panelists agreed that thorough documentation is essential for CISOs. Herman Brown, CIO for San Francisco's District Attorney's Office, recommended documenting all conversations and decisions. "Email is a great form of documentation that doesn't just stand for 'electronic mail,' it also stands for 'evidential mail,'" he noted.
Security leaders were warned to be particularly careful about going to the press with complaints, which the panel suggested could result in even worse professional consequences than legal action. Similarly, Budiharto cautioned against trusting internal human resources departments or ethics panels, reminding attendees that HR ultimately works to protect the company, not individual employees.
The panel underscored that proper governance, documentation, and clear communication with leadership about shared security responsibilities are essential practices for CISOs navigating the complex political and ethical challenges of their role.
WhatsApp Launches Advanced Chat Privacy to Safeguard Sensitive Conversations
https://blog.whatsapp.com/introducing-advanced-chat-privacy
WhatsApp has rolled out a new "Advanced Chat Privacy" feature designed to provide users with enhanced protection for sensitive information shared in both private and group conversations.
The new privacy option, accessible by tapping on a chat name, aims to prevent the unauthorized extraction of media and conversation content. "Today we're introducing our latest layer for privacy called 'Advanced Chat Privacy.' This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp announced in its release.
When enabled, the feature blocks other users from exporting chat histories, automatically downloading media to their devices, and using messages for AI features. According to WhatsApp, this ensures "everyone in the chat has greater confidence that no one can take what is being said outside the chat."
The company noted that this initial version is now available to all users who have updated to the latest version of the app, with plans to strengthen the feature with additional protections in the future. However, WhatsApp acknowledges that certain vulnerabilities remain, such as the possibility of someone photographing a conversation screen even when screenshots are blocked.
This latest privacy enhancement continues WhatsApp's long-standing commitment to user security, which began nearly seven years ago with the introduction of end-to-end encryption. The platform has steadily expanded its privacy capabilities since then, implementing end-to-end encrypted chat backups for iOS and Android in October 2021, followed by default disappearing messages for new chats in December of the same year.
More recent security updates include chat locking with password or fingerprint protection, a Secret Code feature to hide locked chats, and location hiding during calls by routing connections through WhatsApp's servers. Since October 2024, the platform has also encrypted contact databases for privacy-preserving synchronization.
Meta reported in early 2020 that WhatsApp serves more than two billion users across over 180 countries, making these privacy enhancements significant for a substantial portion of the global messaging community.
Samsung Confirms Security Vulnerability in Galaxy Devices That Could Expose Passwords
Samsung has acknowledged a significant security flaw in its Galaxy devices that potentially exposes user passwords and other sensitive information stored in the clipboard.
The issue was brought to light by a user identified as "OicitrapDraz" who posted concerns on Samsung's community forum on April 14. "I copy passwords from my password manager all the time," the user wrote. "How is it that Samsung's clipboard saves everything in plain text with no expiration? That's a huge security issue."
In response, Samsung confirmed the vulnerability, stating: "We understand your concerns regarding clipboard behavior and how it may affect sensitive content. Clipboard history in One UI is managed at the system level." The company added that the user's "suggestion for more control over clipboard data—such as auto-clear or exclusion options—has been noted and shared with the appropriate team for consideration."
One UI is Samsung's customized version of Android that runs on Galaxy smartphones and tablets. The security flaw means that sensitive information copied to the clipboard remains accessible in plain text without any automatic expiration or encryption.
As a temporary solution, Samsung recommended that users "manually clear clipboard history when needed and use secure input methods for sensitive information." This stopgap measure puts the burden of security on users rather than providing a system-level fix.
Security experts are particularly concerned now that this vulnerability has been publicly acknowledged, as it creates a potential "clipboard wormhole" that attackers could exploit to access passwords and other confidential information on affected devices. Users of Samsung Galaxy devices are advised to exercise extreme caution when copying sensitive information until a more comprehensive solution is implemented.
Former Disney Menu Manager Sentenced to 3 Years for Malicious System Attacks
https://www.theregister.com/2025/04/29/former_disney_employee_jailed/
A former Disney employee has received a 36-month prison sentence and been ordered to pay nearly $688,000 in fines after pleading guilty to sabotaging the entertainment giant's restaurant menu systems following his termination.
Michael Scheuer, a Winter Garden, Florida resident who previously served as Disney's Menu Production Manager, was arrested in October and charged with violating the Computer Fraud and Abuse Act (CFAA) and committing aggravated identity theft. He accepted a plea agreement in January, with sentencing finalized last week in federal court in Orlando.
According to court documents, Scheuer's June 13, 2024 termination from Disney for misconduct was described as "contentious and not amicable." In July, he retaliated by making unauthorized access to Disney's Menu Creator application, hosted by a third-party vendor in Minnesota, and implementing various destructive changes.
The attacks included replacing Disney's themed fonts with Wingdings, rendering menus unreadable, and altering menu images and background files to display as blank white pages. These changes propagated throughout the database, making the Menu Creator system inoperable for one to two weeks. The damage was so severe that Disney has since abandoned the application entirely.
Particularly concerning were Scheuer's alterations to allergen information, falsely indicating certain menu items were safe for people with specific allergies—changes that "could have had fatal consequences depending on the type and severity of a customer's allergy," according to the plea agreement. He also modified wine region labels to reference locations of mass shootings, added swastika graphics, and altered QR codes to direct customers to a website promoting a boycott of Israel.
Scheuer employed multiple methods to conduct his attacks, including using an administrative account via a Mullvad VPN, exploiting a URL-based contractor access mechanism, and targeting SFTP servers that stored menu files. He also conducted denial of service attacks that made over 100,000 incorrect login attempts, locking out fourteen Disney employees from their enterprise accounts.
The FBI executed a search warrant at Scheuer's residence on September 23, 2024, at which point the attacks immediately ceased. Agents discovered virtual machines used for the attacks and a "doxxing file" containing personal information on five Disney employees and a family member of one worker.
Following his prison term, Scheuer will undergo three years of supervised release with various conditions, including a prohibition on contacting Disney or any of the individual victims.
Share this post