Transcript
A (0:02)
You're listening to the Cyberwire network, powered by N2K.
B (0:12)
At Talas, they know cybersecurity can be tough and you can't protect everything. But with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Talas to protect what matters most applications, data and identity. That's Talas. T H A L E S learn more@talasgroup.com cyber operation chargeback takes down global fraud networks an investigation reveals the dangers of ad int mns profits plunge after a cyber attack Google patches a critical Android flaw Asian prosecutors seize millions from an accused Cambodian scam kingpin Ohio residents are still guessing water bills months after a cyber attack. Houston firefighters deny blame in a city data breach. Nikkei reports a slack breach exposing 17,000 records the Google whiz deal clears DOJ review Ann Johnson welcomes her Microsoft colleague Frank X. Shaw to afternoon cyber tea and Norway parks its China bus in a cave just in case. Foreign November 5, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Great to have you with us as always. An international law enforcement operation dubbed Chargeback has dismantled three major fraud and money laundering networks accused of stealing credit card data from more than 4.3 million people worldwide. Coordinated by prosecutors in Koblenz, Germany, and supported by Europol and Eurojust, the November 4 action spanned nine countries and led to 18 arrests and over 60 searches between 2016 and 2021. Suspects allegedly used stolen card data to create fake online subscriptions, mostly for adult and streaming sites, charging small recurring amounts to evade detection. The scheme funneled transactions through four German payment providers, aided by complicit executives and shell companies registered in the UK and Cyprus, authorities estimate losses exceeding over 300 million euros, with over 35 million euros already seized. Europol praised the operation as a model of international cooperation and a warning to cybercriminals hiding behind digital borders. An investigation from Germany's Netzpolitik, called the Data Broker Files, shows how adtech location data can unmask where EU officials live, work and commute. Even inside the Commission's Berlamont and NATO headquarters, analysts reviewed two data sets with 278 million Belgian location records and, using mobile advertising IDs, linked pings to identifiable individuals and routes. Preview samples alone surfaced thousands of signals from EU institutions, including roughly 2,000 pings at the Commission and 5,800 at Parliament. NATO sites saw 9,600 pings from 543 devices. The Commission issued new staff guidance on ad tracking. Members of the European Parliament now urge tighter curbs up to bans on tracking and large scale profiling, citing espionage risks. Advertising based intelligence or ad int turns routine app data into operational targeting, outpacing GDPR's consent model and inconsistent enforcement. The result is a security and privacy gap at the heart of Europe's institutions. Marks and Spencer's profits plunged 99% in the first half of the year after a cyber attack crippled online orders for months and disrupted store operations. Statutory pre tax profit fell from 392 million pounds to to 3.4 million pounds, though the retailer has received 100 million pounds in insurance payouts, roughly matching costs so far. M and S expects further expenses as recovery continues. Despite the turmoil, underlying profit reached 184 million pounds and food sales rose 7.8%, signaling resilience. Analysts called the performance outstanding given the extended outage. While while RivalNext enjoyed a temporary sales boost, executives said profits should rebound in the second half as operations stabilize and shoppers return for Christmas. Ms. Still estimates the full impact of the hack at around 300 million pounds. Google's November 2025 Android update fixes a critical flaw allowing remote code execution in the system component without user interaction. The bug affects Android 13 through 16. A second issue rated high severity could let attackers block security updates on Android 16 devices. Google has released fixes to the Android open source project, with manufacturers rolling out updates to users. Authorities in Taiwan, Hong Kong and Singapore have seized hundreds of millions in assets linked to Chen Xi, the Cambodian businessman accused by the US of running a vast global scam network through his Prince holding group. US prosecutors charged Chen in October with wire fraud and money laundering conspiracies alongside a $14 billion cryptocurrency seizure. Recent raids uncovered luxury cars, high end apartments and yachts across Asia, with Taiwan seizing $150 million, Hong Kong $353 million and Singapore over $114 million. The UK also froze properties worth nearly 145 million. Prosecutors say Chen's network defrauded victims worldwide through pig butchering and investment scams, generating up to $30 million a day. Chen, a naturalized Cambodian citizen and former adviser to Prime Minister Hun Manae, has not commented publicly. More than two months after a cyberattack crippled Middleton, Ohio's systems, residents are still paying estimated water bills because the city can't calculate actual usage. The August hack also halted background checks and disrupted city email, forcing residents to visit City hall to pay in person. Officials haven't confirmed if personal data was compromised but suspect ransomware. The city has upgraded servers and pledged a grace period once billing resumes. Experts say smaller municipalities like Middleton are increasingly targeted by state backed or criminal gangs exploiting weak IT defenses. A new Ohio law now requires cities to adopt cybersecurity programs, report incidents and prohibits ransom payments without council approval. Residents, meanwhile, keep receipts and hope billing returns to normal by spring. Houston firefighters say they're being wrongly blamed for a data breach that exposed over 7,500 Social Security numbers. The city of Houston emailed a link meant for promotion exam information, but it led to unsecured folders containing personal data. A firefighter reported the issue immediately, prompting the fire chief to block access. Union President Patrick Langton called city claims that firefighters downloaded sensitive files false, arguing the city failed to secure its own data. City officials say the access was inadvertent. Japanese media giant Nikkei, owner of the Financial Times, disclosed a data breach affecting over 17,000 employees and partners after attackers accessed its Slack workspace using stolen credentials. The compromise began when an employee's malware infected computer exposed authentication data, allowing unauthorized entry into Nikkei's internal communications. Exposed information includes names, emails and full chat histories. The company has reset passwords, notified affected users and reported the breach to Japan's data protection Authority. Though not legally required to do so. Alphabet's Google and cybersecurity firm Wiz have cleared a major hurdle in their $32 billion merger after the U.S. department of justice ended its antitrust review. The FTC notice dated October 24th confirms early termination of the investigation, signaling no objection to closing the deal. Wiz CEO Asaf Rapoport confirmed the development, though other regulators continue to review the merger. The decision offers rare good news for Google, which remains under global antitrust scrutiny following multiple US Court rulings. Coming up after the break, Ann Johnson welcomes her Microsoft colleague Frank Shaw to afternoon cyber tea and Norway parks its Chinese bus in a cave just in case. Stick around.