← Risky Bulletin
Risky Bulletin
Risky Biz News: Four PR firms are behind a Chinese propaganda network
00:07:59
PLUS: US telcos learned of Salt Typhoon breaches from Microsoft; Russian hackers pull off a crazy WiFi attack; hacktivists leak data from Andrew Tate's website.
Loading summary
Transcript1 lines
- [00:04]
Claire Aird
Google says four PR firms are behind a major Chinese propaganda network US Telcos learned of Salt Typhoon breaches from Microsoft, Russian hackers pull off a cunning wifi attack and hacktivists leaked data from Andrew Tate's website. This is Risky Business News, prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 25th of November and this podcast episode is brought to you by Stairwell. Stairwell lets you do you know if, when and where malware has ever been on your systems by collecting, storing and continuously reassessing every executable file and indicator of compromise in your environment. Find them@stairwell.com in today's top story. Four Chinese PR firms are running hundreds of news websites that publish pro Beijing propaganda mixed with benign content to international audiences. The site's published articles that promoted China's territorial claims over the South China Sea and Taiwan, conspiracy theories and personal attacks against government critics. Google has removed the domains linked to the companies from its search and news index and said the network is large but publishes repetitive, low quality articles. One of the companies also paid Fiverr users to promote the articles on social media. Google says all the PR companies are separate legal entities but operated in a similar fashion, suggesting a form of coordination was taking place. The FBI has notified almost 150 victims who were targeted by Chinese espionage group Salt Typhoon. The group spied on victims and breached the lawful intercept systems of four major U.S. telecommunications providers. According to the Washington Post, most of the victims are located in the D.C. area. According to the New York Times, the U.S. government and the telcos learned of the breach after Microsoft notified them of anomalies on their networks. The anomalies included data on servers used by Salt Typhoon that traced back back to US telcos. Government officials have also criticized the companies for being too slow to upgrade their networking equipment, some of which is decades old. A Russian cyber espionage group has breached a US company by connecting to the victim's WI fi network from a compromised laptop across the road. The attack took place ahead of Russia's invasion of Ukraine and sought to collect data related to individuals and projects involving Ukraine. Security firm Velexity called this technique the nearest neighbour attack. It attributed the intrusion to APT 28, a cyber unit inside Russia's military intelligence agency GRU. Thai authorities have arrested a 35 year old Chinese man for sending over a million SMS scam messages. Officials say the suspect was driving around Bangkok using a mobile radio base station installed in his car that sent out the SMS messages. Posing as AIs, Thailand's biggest Internet service provider the suspect was part of a larger group that registered local companies to obtain phone numbers and spam. Thai citizens Hackers have breached the website of the Real World, an online course founded by Andrew Tate. The hackers leaked the email addresses of 325,000 users and flooded the site's main chat room with LGBTQ and feminist themed emojis. The platform was previously known as Hustlers University and is one of Tate's main revenue streams. The personal records of over a million Irish National Health Service employees were leaked online due to a misconfiguration in the Microsoft Power Pages platform. The leak was discovered by security firm Appomny and exposed email addresses, phone numbers and home addresses. Appomny says the Irish NHS was one of several organizations that leaked data via websites built on the Microsoft Power Pages platform. Microsoft says the leak took place because website admins misunderstood how access controls work on the Power Pages platform and exposed private data via their website's APIs. A cyber attack has crippled the systems of International Game Technology, a large gambling machine company. The hack took place on November 17th. IGT says the hack affected internal systems and applications and that it was unclear if this would affect the company's bottom line. Italy's Data Protection agency has fined Fudinho 5 million euros for tracking the geolocation of its drivers outside of working hours. The agency has also banned the company from processing drivers biometric data, which the company uses for driver auth authentication. Fodinho is part of the Glovo group of food delivery companies. This is the company's second fine in Italy. It was also fined 2.6 million euro in 2021 for using algorithms to measure employee performance. Two US senators have asked the US government to investigate VeriSign over its predatory pricing of dot com domains. US Senator Elizabeth Warren of Massachusetts and Congressman Jerry Nadler of New York have asked the Department of Justice and the National Telecommunic Patients and Information Administration for a formal investigation. In a letter sent last week, the to say VeriSign has increased dot com domain prices by 30% without changing the service. The two describe the price as monopolistic behaviour. Four US Senators have introduced a bill in the Senate to improve cybersecurity in the healthcare sector. The Healthcare Cybersecurity and Resiliency act of 2024 will introduce basic cybersecurity standards for the healthcare sector and allocate grants to improve CY security. The bill also updates data breach reporting requirements and will provide training and guides for rural health entities. Basic cybersecurity requirements will include the use of MFA Health data encryption and conducting security audits and penetration tests. Group IB says that 20 suspects detained by Vietnamese officials back in May were likely linked to the Viet Cred Care infostealer. In a report last week, it said Viet Cred Care activity had dropped off, leading it to include the arrests were related to that group. Ducktale, another Vietnam based Infostealer operation, has continued operating and its malware has received several updates since the arrests. So it wasn't them. A design flaw in the Fortinet VPN allows threat actors to hide brute force attacks. The issue was discovered by researchers at Penterra, who found that Fortinet VPN servers only log failed login attempts during the authorisation phase, but not during authentication. Attackers can test as many credentials as they want during the initial authentication phase and only establish a working VPN connection with the valid ones. None of the failed logins would get logged. Taiwanese equipment vendor Xyxl has urged firewall owners to install security updates to protect against ransomware attacks. Vulnerabilities patched by the vendor in September are currently being used by the Heldown ransomware gang to gain initial footholds on corporate networks. Cyxal has also recommended changing firewall admin passwords. And finally, Microsoft has re added the Recall computer history feature into Windows 11 Insider builds. Microsoft pulled Recall in June after massive public backlash and delayed its return twice, according to security boffin Alex Haganah. Recall can now be disabled and its data is encrypted, unlike its first iteration where users couldn't disable it. Remove it and its data was sitting in clear text on disk for anyone to take. And that is all for this podcast edition. Today's show was brought to you by our sponsor Stairwell. Find them at@stairwell.com thanks for your company.