Risky Biz News: Poland arrests former spy chief in Pegasus scandal - Risky Bulletin

Summary6 min read

Risky Business News: Poland Arrests Former Spy Chief in Pegasus Scandal

Release Date: December 4, 2024
Host: Claire
Prepared by: Catalyn Kimpanu

1. Poland Detains Former Spy Chief Over Pegasus Surveillance

In a significant development, the Polish government has apprehended Piotr Poganowski, the former head of Poland's internal security agency (ABW), to testify regarding the use of Pegasus spyware. Poganowski, who led the agency from 2016 to 2020, authorized the acquisition and deployment of NSO Group's Pegasus software to monitor opposition leaders, journalists, and prosecutors investigating government corruption. This action marks the first instance in Poland's history where a witness was compelled to appear before an inquiry.

Claire notes at [00:04] “Poland arrests its former spy chief in the Pegasus investigation... this marks the first time in the country's history when a witness has been forced to appear for an inquiry.”

2. Germany Forms Task Force to Combat Disinformation and Espionage

Amid rising concerns over election interference, Germany has established a specialized task force within the Federal Office for the Protection of the Constitution. This unit aims to counteract disinformation and espionage campaigns, primarily attributing the surge to Russian efforts to influence the upcoming snap elections scheduled for February next year. The agency highlights that Russia has intensified its information warfare tactics, including cyberattacks and real-world sabotage, to bolster pro-Russian and anti-EU candidates.

3. Europol Shuts Down the Matrix Cryptocoms Platform

European law enforcement has successfully dismantled Matrix, an encrypted messaging service utilized by criminal organizations. The operation, which commenced earlier this year, involved seizing control of the platform and intercepting communications over three months. The takedown led to coordinated arrests across multiple jurisdictions. The investigation was triggered when Dutch authorities identified the Matrix app on a criminal involved in the murder of a Dutch journalist. It is important to distinguish this criminal platform from the similarly named Matrix Open Source Communications Protocol.

4. Crime Network: Largest German Dark Web Marketplace Taken Down

German authorities have closed down Crime Network, the most extensive dark web marketplace catering to German-speaking users. Operating since 2012, the platform facilitated the trade of stolen data, drugs, and counterfeit documents, boasting over 100,000 users and more than 100 verified sellers. Officials reported that Crime Network generated over €93 million in illegal transactions over six years before its closure.

5. Russian Court Sentences Hydra Market Founder to Life Imprisonment

In Moscow, Stanislav Moyatsev, the founder of the Hydra dark web marketplace, has been sentenced to life in prison. Moyatsev and 15 accomplices managed Hydra from 2015 until its seizure by German authorities in 2022. The group was a significant player in the European and Russian drug trade. The court also handed down sentences ranging from eight to twenty-three years for his associates. Russian officials announced the seizure of a substantial quantity of narcotics during raids on Moyatsev's residence.

6. Cisco Addresses Exploitation of 2014 ASA Firewall Vulnerability

Cisco has reported that threat actors are exploiting a long-standing vulnerability in its ASA firewalls, specifically a cross-site scripting (XSS) bug in the ASA WebVPN login page. This flaw allows attackers to execute arbitrary JavaScript by deceiving users into clicking malicious links, potentially leading to credential theft. According to Claire at [00:04], “Attackers can execute JavaScript by tricking a user into clicking a link, which could lead to credential theft.” Cisco indicates that these attacks began last month.

7. Critical SQL Injection Vulnerability Found in Zabbix Monitoring Platform

Security researchers at Qualys have uncovered a severe SQL injection vulnerability in Zabbix, an open-source monitoring solution. Rated 9.9 out of 10 in severity, the flaw permits remote attackers to commandeer Zabbix servers via the platform's API. A patch was released by Zabbix last week. Qualys estimates that over 83,000 Zabbix servers remain exposed to this threat.

8. FTC Bans US Data Brokers Mobile Waller and Ventel from Selling Location Data

The US Federal Trade Commission (FTC) has taken decisive action against Mobile Waller and its subsidiary Ventel, prohibiting them from selling users' geolocation data. The crackdown follows revelations that these companies collected and sold sensitive information without customer consent, including data pertaining to military sites, churches, labor unions, and other protected locations. Claire highlights at [00:04], “The FTC cracked down on the three companies after they were caught collecting and selling data without their customers consent.” Mobile Waller was specifically cited for selling geolocation data to identify individuals visiting pregnancy centers and participants in George Floyd protests.

9. Amazon Introduces AWS Data Transfer Terminal for Secure Data Uploads

Amazon has launched the AWS Data Transfer Terminal, a new feature enabling customers to upload data to the AWS cloud through secure physical terminals located in select locations. Designed for scenarios requiring secure uploads or large data transfers that are impractical over network connections, the initial terminals are available in Los Angeles and New York, with plans for expansion next year.

10. Ransomware Attack Disrupts Costa Rica’s Recope Operations

Recope, Costa Rica's largest oil refinery, has been significantly impacted by a ransomware attack, forcing the company to switch to manual operations. The refinery is now overseeing tanker refueling without relying on its usual software systems. Recope's management has engaged "American Experts" to assist in recovering the affected systems, though it remains unclear whether these experts are affiliated with a private firm or the US government. As Central America's leading fossil fuel importer, refiner, and distributor, this disruption poses substantial operational challenges.

11. Scynzy Experiences Security Breach Affecting Customer Data

KYC (Know Your Customer) service provider Scynzy has reported a security breach resulting in some customer data appearing on hacking forums. The incident occurred after an employee's device was infected by an information stealer malware. Scynzy is currently investigating the extent and implications of the breach. According to Claire at [00:04], “According to TechCrunch, the breach occurred after one of the company's employees got infected by an info stealer.” The Indian-based company serves over 600 financial institutions globally.

12. Japanese Crypto Exchange DMM Bitcoin Ceases Operations Following $305 Million Hack

DMM Bitcoin, a prominent Japanese cryptocurrency exchange, has shut down operations in the wake of a massive security breach that resulted in the theft of approximately $305 million in late May. This incident is recognized as the eighth largest crypto heist to date. DMM has sold its customer accounts and assets to a holding corporation and had previously assured customers of full reimbursement for all stolen assets.

13. XD Cryptocurrency Exchange Halts Transactions After $1.7 Million Theft

XD cryptocurrency exchange has suspended all transactions as it investigates a security breach through which threat actors are believed to have stolen around $1.7 million worth of tokens via an unidentified vector. The platform asserts that it maintains sufficient reserves to reimburse AFF users despite the incident.

14. Clipper Dex Suffers $500,000 Crypto Token Theft via API Exploit

A vulnerability in the API of the Clipper Dex exchange has been exploited by a threat actor, resulting in the theft of nearly $500,000 worth of TVL crypto tokens. This amount represents approximately 6% of the total circulating TVL tokens. In response, Clipper Dex has paused all operations to thoroughly investigate the attack.

15. Apple Faces Lawsuit Over Alleged Employee Monitoring Practices

An Apple employee, Amar Bakhta from the advertising division, has filed a lawsuit against the company alleging unauthorized monitoring of personal devices and iCloud accounts. The lawsuit claims that Apple mandates employees who use personal devices for work to install software that tracks all activities, including periods when employees are off duty or have left the company.

16. Riot Games Offers $100,000 Rewards for Cracking Vanguard Anti-Cheat System

Riot Games has announced a $100,000 bounty for security researchers who can successfully crack Vanguard, the company’s anti-cheat system. Additionally, a similar reward is offered for any exploits capable of disrupting or launching denial-of-service attacks against individual players. This initiative follows updates to Riot’s bug bounty program, prompted by previous exploits targeting Activision and EA Games earlier in the year.

This comprehensive summary of the December 4th, 2024 episode of Risky Business News provides an in-depth overview of the latest cybersecurity developments, ensuring that even those who haven't listened to the podcast remain well-informed on critical issues affecting the digital landscape.

Loading summary

Transcript1 lines

[00:04]
Claire
Poland arrests its former spy chief in the Pegasus investigation A Japanese Bitcoin exchange shuts down after a $300 million hack, Russia sentences the Hydra Market admin to life in prison and Europol takes down the Matrix cryptocoms platform. This is Risky Business news prepared by Catalyn Kimpanu and read by me Claire aired today is the 4th of December and this podcast episode is brought to you by Push Super Security. In today's top story, the Polish government has detained a former spy chief and will compel him to provide testimony on how his agency used the Pegasus spyware. Piotr Poganowski led Poland's internal security agency from 2016 to 2020. Under his watch, the agency bought and used the NSO Group's Pegasus spyware to surveil opposition leaders, journalists and prosecutors investigating government corruption. Poganowski previously refused three requests to appear in front of the parliamentary commission. According to notes from Poland, this marks the first time in the country's history when a witness has been forced to appear for an inquiry. In other news, the German government has set up a special task force to counter disinformation and espionage campaigns targeting the country's election. The task force will be part of the Federal Office for the Protection of the Constitution, the country's domestic intelligence agency. The agency says Russia has launched an information war against the west and has used disinformation, cyber attacks and real world sabotage to support pro Russian and anti EU candidates. Germany's snap election is scheduled to take place in February next year. Law enforcement agencies from multiple countries have taken down Matrix, an encrypted messaging platform used by criminal groups. Authorities say they seized control of the platform earlier this year and have spent the last three months intercepting messages and gathering evidence. Officials shut down the platform this week and made coordinated arrests. The investigation started after Dutch authorities discovered the Matrix app on the phone of a criminal convicted for the murder of a Dutch journalist. The criminal communications platform is unrelated to the similarly named Matrix Open Source Communications Protocol. German authorities have seized Crime Network, the largest dark web marketplace for German speaking users. The platform launched in 2012 and traded in stolen data, drugs and counterfeit documents. Before it was taken down, Crime Network had amassed more than 100,000 users and more than 100 verified sellers. Officials say the platform made over 93 million euros from the sale of illegal goods and services over the past six years. A Moscow court has sentenced the founder of the Hydra dark web marketplace to life in prison. Officials say Stanislav Moyatsev and 15 accomplices ran the marketplace between 2015-2022 when it was seized by German authorities. The 15 accomplices received sentences between 8 years and 23 years in prison. Prison Hydra was a major source of the drug trade across Europe and Russia. Russian officials say they seized a literal ton of narcotics after raids on the suspect's home. Cisco says threat actors have started exploiting a 2014 vulnerability in its ASA firewalls. The vulnerability is a cross site scripting bug in the ASA WebVPN login page. Attackers can execute JavaScript by tricking a user into clicking a link, which could lead to credential theft. Cisco says Attacks appear to have begun last month. Qualys researchers have discovered an SQL injection vulnerability in Zabbix, an open source monitoring platform. The vulnerability has received a severity score of 9.9 out of 10 and allows remote attackers to take control of Zabbix servers via the platform's API. Zabbix released a patch for the bug last week. According to qualys, more than 83,000 Zabbix servers are exposed. The US Federal Trade Commission has taken regulatory action against two U S based data brokers. The agency has banned Mobile Waller and its subsidiary Ventel from selling users locations. The FTC cracked down on the three companies after they were caught collecting and selling data without their customers consent. The FTC says the data contained information about military sites, churches, labor unions and other sensitive locations. The agency specifically singled out Mobile Waller for selling geolocation data to identify women who visited pregnancy centres and individuals who attended George Floyd protests Amazon has launched AWS Data Transfer Terminal, a new feature that allows customers to upload data to the AWS cloud via a secure terminal at a physical location. Amazon says the feature was developed for customers who have a need for secure uploads or large data transfers occurs that may take too much time over a network connection. The first two terminals are available in locations in Los Angeles and New York, with plans to add more locations next year. A ransomware attack has disrupted the operations of Recope, the largest oil refinery in Costa Rica. The company says it had to revert to manual operations and is now monitoring and refuelling tankers without the help of its normal software. Ricope's management says it's called American Experts to help recover affected systems, but didn't specify if the experts were from a private company or the US government itself. Ricope imports, refines and distributes fossil fuels across Costa Rica and neighbouring countries and is the largest company in Central America. KYC service provider Scynzy has suffered a security breach with some of its customer data briefly appearing on hacking forums. According to TechCrunch, the breach occurred after one of the company's employees got infected by an info stealer. The incident took place last week, and Sainzi said it's still investigating its ramifications. The Indian company claims to serve over 600 financial companies worldwide. Japanese cryptocurrency exchange DMM Bitcoin is shutting down operations in the aftermath of a major security breach earlier this year. $305 million was stolen from the company in late May and it hasn't resumed operations. The hack is the eighth largest crypto heist. DMM says it has now sold its customer accounts and assets to a holding corporation. It had previously guaranteed that customers would receive full reimbursement of all stolen assets. The XD cryptocurrency exchange has paused all transactions while it investigates reports of a security breach. Threat actors are believed to have stolen around $1.7 million worth of tokens through an unknown vector. The platform claims it has more than enough reserves to reimburse AFF users. A threat actor has exploited a vulnerability in the API of the Clipper Dex exchange and has stolen almost $500,000 worth of TVL crypto tokens. The stolen funds represent 6% of the total amount of TVL tokens in circulation. The company has paused all operations to investigate the attack. An Apple employee is suing the company over its alleged monitoring of employees, personal devices and iCloud accounts. The lawsuit alleges that Apple forces employees who use personal devices for work to install software that tracks all their activity. The surveillance allegedly takes place even when employees are off duty and after they've left the company. The lawsuit was filed by Amar Bakhta, an employee in Apple's advertising division. And finally, Riot Games is offering $100,000 to security researchers who managed to crack Vanguard, the company's anti cheat system. The company is also offering a similar $100,000 reward for any exploits that can also be used to disconne or launch denial of service attacks against individual players. Riot has updated its bug bounty program after similar exploits were used to target Activision and EA Games earlier this year. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Push Security. Find them@PushSecurity.com thanks for your company.

Risky Business News: Poland Arrests Former Spy Chief in Pegasus Scandal

Release Date: December 4, 2024
Host: Claire
Prepared by: Catalyn Kimpanu