← Risky Bulletin
Risky Bulletin
Risky Biz News: iPhones are auto-rebooting to defeat law enforcement
00:09:52
PLUS: Palo Alto Networks warns of possible zero day; 2,700+ US schools and libraries apply for cybersecurity funds.
Loading summary
Transcript1 lines
- [00:04]
Claire Airdrop
IPhones get a Secret Security feature Palo Alto Networks warns of a rumoured code exec flaw. More than 2,700 US schools and libraries apply for cybersecurity funds and the EU tells Temu to respect consumer protection laws. This is Risky Business News, prepared by Catalyn Kimpanu and read by me, Claire Airdrop. Today is the 11th of November and this podcast episode is brought to you by Kroll. Find them@kroll.com sliber in today's top story, Apple has quietly added a feature that reboots locked iPhones when they've been idle for an extended period. The reboots put devices into a state where the phone's data is harder to obtain. According to 404media, the feature was added to iOS version 18.1. Released at the end of October, the feature was discovered by law enforcement when seized iPhones started rebooting. The reboots even occurred when phones were in flight mode or inside Faraday boxes. In other news Palo Alto Networks has told customers to restrict access to their firewall management interfaces. The company says it's investigating claims of a zero day exploit in the interfaces, but has not yet identified the vulnerability. The security vendor has recommended that customers only permit access to firewall management from internal networks. The Department of Homeland Security has told employees in an internal memo to use Microsoft Teams to communicate whenever possible. Homeland Security's CIO issued the new guidance in the aftermath of China hacking three major U.S. telecommunications providers. The intrusion allowed the hackers to intercept phone calls and SMS messages. The memo doesn't mention the telco hacks. The DHS is the second U.S. agency after the U.S. consumer Financial Protection Bureau to tell employees to stop using phones for work related matters. Following the hack, the FCC has received over 2,700 applications from schools and libraries to receive funding for cybersecurity expenses. The funding is part of a pilot program the FCC established in November 2023. The agency will provide up to $200 million over three years in total schools and libraries app for $3.7 billion in funding. Showing the appetite for the program. The U.S. transportation Security Administration has proposed new cyber rules that would mandate pipeline and railroad operators establish cyber risk programs. In addition, pipeline, railroad and high risk bus operators are required to report cybersecurity incidents to the TSA to pass on along to cisa. The White House ordered the TSA to establish new cybersecurity rules in 2021 after the colonial Pipeline ransomware attack. The European Union has told Chinese e commerce giant TEMU to follow consumer protection laws or face major fines. The EU says Temu uses fake discounts, high pressure selling tactics, gamification and fake reviews to trick users into buying products from its online marketplace. The company also allegedly displays incomplete or incorrect information about consumers rights to return goods and receive refunds. It also hides contact details so customers cannot file complaints. The EU is also investigating the Chinese company's business practices under the EU Digital Services Act. A threat actor is selling data stolen from clothing retail chain Hot topic at least 54 million hot topic customers. Details are being sold as part of a larger package of stolen data. The data was posted for sale at the end of October but was only recently confirmed to be authentic. The stolen data includes names, home addresses, past orders and even the last four digits of payment cards. A threat actor has hacked Russian sports betting and gambling company OneWin and is now extorting the company. The hacker allegedly used a wave of DDoS attacks to distract the company's security team while stealing its user database. According to OneWin's CEO, the hacker initially demanded a ransom of $1 million, but increased the sum to $15 million after several failed negotiations. US oil services company Halliburton has incurred $35 million in costs related to an August cyberattack. Halliburton CEO Jeff Miller says the incident delayed billing and caused lost or delayed revenue. A ransomware group named Ransom Hub took credit for the attack but never leaked any data from the company. It's unclear if Halliburton paid the ransom. Pro Kremlin hacktivist groups launched a wave of DDoS attacks against South Korean government websites late last week. The attacks took place in the wake of South Korea's decision to send military observers to Ukraine after North Korean troops were deployed on the front lines. South Korea's president's office has urged government agencies and private businesses to boost their cybersecurity defences. A DDoS attack blocked credit card payments across Israel over the weekend. The incident targeted Hype, one of Israel's main financial clearing companies. Hybe says it blocked the attack, but not before consumers were impacted by downtime. Cambodia's national police director has ordered local police to crack down on online gambling and cyber scam compounds operating inside the country. General Soo Tong says the government is committed to maintaining a good national image and ensuring the stable development of the tourism sector. Neighbouring Asian countries have accused Cambodia of allowing criminal syndicates to operate freely, sometimes with the protection of local military and police forces. The Tor project says it identified and shut down the source of an attack on Tor relays that lasted three weeks. The attacks used spoof SYN packets to make it look like Tor relays were conducting unauthorised port scans. Some network operators detected the attacks and filed abuse complaints with the hosting providers of Tor relay servers. The Tor project believes the attacker was trying to get relays added to IP block lists to disrupt Tor traffic. The Tor team says it worked with Greynoys and Intersect Lab to detect the origin of the attacks, but didn't provide other details. US authorities have sentenced a 33 year old Nigerian man to 10 years in prison for a BEC scam that targeted the real estate sector. Officials say the man was part of a group that stole almost $20 million from over 400 victims. The group hacked the email accounts of real estate agents, title companies and lawyers. Once inside, they monitored emails and stepped provide misleading account details and hijack customer payments. A US judge has sentenced a Russian Swedish national to 12 and a half years in prison for laundering cryptocurrency on the Dark Web Roman Sterling Gov operated the Bitcoin Fog service and laundered more than $400 million worth of Bitcoin between 2011 and 2021. During the trial, Sterling Gov's lawyer attacked the blockchain tracking company Chainalysis, which helped US law enforcement identify and arrest his client. He called the company's junk science and described Chainalysis as the Theranos of blockchain analysis. And perhaps unsurprisingly, being mad at Chainalysis didn't help him. Nigeria's National Police have detained 130 individuals suspected to have participated in cybercrime operations. The arrests included 17 Nigerians and 113 Chinese and Malay nationals. Officials didn't provide any details about the nature of the group's activities. Ross Telecom's security team has discovered a novel Linux malware on the servers of a Russian IT service provider. The company described the new Goblin RAT malware as one of the most stealthy attacks it had ever investigated. Artefacts suggest the malware may have been developed as early as 2020. ROS Telecom has yet to attribute the malware but believes it may be the work of a state sponsored group. Security researcher Mickey Jinn has discovered over 10 vulnerabilities in the macOS operating system. The vulnerabilities exploit the XPC service to escape the macOS app sandbox. The XPC service is a mechanism for basic inter process communication similar to the Windows IPC service. Jin says five more sandbox escapes are still in Apple's patching queue. And finally, security firm Syberis is warning companies to disable the shared bookings option in their Microsoft 365 account. The feature allows employees to create and manage appointments inside a Microsoft 365 environment. Cyberus says the feature is insecure because it creates new email accounts whenever a booking is made for non existent users. A threat actor who compromises a low level employee can abuse it to set up new accounts. This includes registering accounts that mimic existing employees and executives re registering accounts of former employees or creating accounts for unused special addresses such as admin, contact or webmaster. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Kroll Cyber. Find them@kroll.com cyber thanks for your company.