A

A study reveals how cheap satellite gear can eavesdrop on the world's data. A new botnet is scanning RDP services. A major Canadian retailer reports that customer data was exposed. An Android flaw lets hackers steal two FA codes. And two brothers present a unique defense for crypto theft. They claim it's not illegal. This is cybersecurity Today. I'm your host Jim Love. A team of researchers from the University of California, San Diego, and the University of Maryland have discovered that a staggering amount of the world's private data is being broadcast unencrypted from satellites. And Anyone with about $300 in equipment can listen in Consumer satellite dish and a TV tuner card. The team captured network traffic from over 400 satellite transponders across 39 geostationary satellites. What they found was shocking unencrypted phone calls, text messages, even encryption keys from cellular networks. They also picked up corporate emails, ATM network data, police and military communications, and control messages for power utilities and oil pipelines. Because these transmissions come from satellites that cover up to 40% of the planet, one exposed transponder can leak information across entire continents. And since eavesdropping is entirely passive, there's no way to detect who's listening. The researchers disclosed their findings to affected organizations, and some major names have confirmed fixes. But many others have yet to respond. VPNs, as the research puts it, encryption isn't an add on anymore it's mandatory. We put a full link to their paper in the show notes if you want to check it out. @technewsday.com A massive new botnet campaign is sweeping the Internet, targeting Remote desktop protocol, or RDP, services. Security firm Gray Noise reports that more than 100,000 unique IP addresses across over 100 countries are actively scanning for exposed RDP endpoints. RDP is widely used for both remote administration and work, which makes it a prime target. Attackers use automated tools to look for open connections, weak passwords, or unpatched systems. Once inside, they can steal data, install backdoors, or deploy ransomware across corporate networks. Gray Noise says this isn't just random background noise. It's a coordinated global campaign large enough to be tracked as a distinct botnet. The company has published a block list to help defenders cut off these sources. It's called Microsoft RDP Botnet October 25th. Fair warning. I only took a quick look at the rest of their site, but Gray Noise is in the business of selling blocking of suspicious sites. So caveat emptor. You or other vendors may have your own defense strategies for this, and I'd love to hear about them if you want to drop me a note, but the advice for organizations is simple. Be extremely careful with RDP access. Put it behind a vpn, enforce Multi Factor Authentication, monitor for login failures and apply patches promptly. And of course, segment and limit access to prevent horizontal movement on your network. Attackers know that RDP is still the easiest way into many corporate networks. The only question is how thorough a job you've done at locking that door. One of Canada's best known retailers, Canadian Tire Corporation, has confirmed a breach involving its e commerce and customer databases. The attack was discovered on October 2, and while the company says it's now contained, attackers apparently got away with significant amounts of information. The stolen data reportedly included names, addresses, emails, birth years along with encrypted passwords. Full birth dates were also exposed. Canadian Tires said there wasn't enough financial data stolen to make purchases directly, but the information taken is extensive and is plenty for phishing, identity theft or other fraud attempts. Affected customers will apparently be offered credit monitoring through TransUnion Canada. The company emphasized that its Canadian Tire bank and its popular Triangle Reward systems were not affected, and says it's fixed the vulnerability and brought in external cybersecurity experts to help strengthen its defenses. For our American listeners, this might sound like just another retail breach, but in Canada, Canadian Tire is everywhere. There are few Canadians who haven't shopped there or at one of its many stores like Sports Check or Mark's. So this is big news in the Great White North. But it's a warning to everyone in retail to review your own data protection for online purchases. Because these attacks tend to run through verticals now and from personal experience, I can tell you Canadian Tires have pretty well run it shop. If they can be hit, anybody can. Android phones are once again in the crosshairs. Researchers have discovered a new vulnerability dubbed pic snapping that lets malicious apps quietly capture two factor authentication codes, private messages and other sensitive data from other apps, all without special permissions. The attack works by exploiting the phone's graphics processor, reading pixels on the screen one at a time and reconstructing what's displayed, including six digit 2fa codes from apps like Google Authenticator or Banking Tools. And all that's required is that the user load an infected app. Google has acknowledged the issue and issued an update for at least part of the problem, but so far it appears there's no complete fix. This has also prompted more discussion, not just about why this is possible, but also about the time it takes for Android patches to roll out as we've reported before, Pixel phones can get updates directly from Google, but other devices rely on manufacturers and carriers, and this can mean weeks or even months of delay. And lately, even Google is facing criticism for how long it takes to deliver fixes for newly discovered vulnerabilities. In light of this, it's not surprising that what are being presented as more secure options are now emerging. GrapheneOS is an open source version of Android and it has a strong reputation for privacy and security. It's long been available only on Pixel phones. It's been used by privacy advocates, police, and even some organized criminals who value its hardened security. But now the developers of Graphene have struck a deal with another Android manufacturer to bring it to at least one non pixel phone, expanding its reach. That type of competition may force a much needed tightening of Android security and push everyone in the ecosystem. But Google doesn't want to give up its Android dominance. It's done a lot of work to try and keep it not just on the phone, but extended as an operating system. So this type of competition may finally force a much needed tightening of Android security and push everyone in the ecosystem to move faster on patches and updates. And in what prosecutors are calling a lightning fast $25 million crypto heist, two MIT educated brothers, Anton and James Perar Bueno, are now on trial in a Manhattan federal prosecutors say the pair used their deep technical knowledge of the Ethereum blockchain to intercept and reroute other traders transactions, pulling off the theft in just 12 seconds. It was, they allege, a carefully engineered attack that analyzed the timing of automated trading bots and exploited weaknesses in how pending trades are processed. It seems like the prosecution is a solid case, and it's one more in a long list of crypto thefts and frau, albeit an unusually clever one. The twist comes in the defense. The two brothers have refused any plea deals, and despite what prosecutors are calling overwhelming evidence, they insist what they did isn't a crime. Their argument hinges on a long standing idea widely held in the crypto community that whatever is permitted by a blockchain's rules or smart contracts is by definition legitimate because the code itself enforces the system's only real boundaries. In other words, if the blockchain allowed the transaction to happen, it's not illegal inside that system, even if it looks like theft in the so called real world. That's what makes this case so interesting. It's not just about a $25 million theft. It's about whether exploiting a technical loophole on a decentralized platform can be considered criminal. The court's answer could shape the future of crypto regulation for years to come. And that's our show. Because of the holiday, this is our last show of the week. We do have a weekend show, and then we're back to our regular schedule next Monday, Wednesday, and Friday. And if you like what we're doing, please share the show. Give us a Like Leave a comment on your favorite podcast app and always we love to hear from you. Tips, stories, ideas, and even constructive criticism and feedback. You can reach me@technewsca or technewsday.com through the contact page. I'm your host, Jim Love. Thanks for listening.