Risky Business News: Russia Blocks Cloudflare ECH Connections

Episode Release Date: November 7, 2024
Host: Risky.biz (Read by Claire)

1. Russia Blocks Cloudflare’s Encrypted Client Hello (ECH) Connections

At the outset of the episode, Claire highlights a significant development in internet censorship:

“[00:04] Russia's Internet watchdog agency, Roskomnadzor, has blocked traffic to Cloudflare-hosted websites that use the new encrypted client hello technology.”

Roskomnadzor implemented this block on November 6th, responding to Cloudflare's decision to enable Encrypted Client Hello (ECH) by default in October. ECH, formerly known as Encrypted Server Name Indication (SNI), is a TLS standard enhancement that conceals metadata about the destination of a connection, thereby preventing censorship circumvention. This move mirrors China's earlier decision in mid-2020 to block ECH for similar reasons.

2. Canadian Government Orders TikTok to Shutdown Operations

Claire reports that the Canadian government has taken decisive action against TikTok following a national security review:

“The Canadian government has ordered TikTok to shut down its operations there following a national security review.”

While the app remains accessible to Canadians, the government has instructed the physical offices in Toronto and Vancouver to cease operations. Officials warn Canadians about potential data misuse by an app controlled by an adversarial nation, emphasizing the risks of data collection and abuse.

3. Australia’s Proposed Ban on Social Media for Under-16s

Addressing concerns over the impact of social media on youth, Claire discusses Australia's legislative efforts:

“The Australian government is preparing legislation that would ban under 16s from using social media.”

This proposed bill aims to hold online platforms accountable for enforcing the age restriction, with plans to present the legislation in Parliament the following week. Government officials cite the detrimental effects of social media on Australian children as the primary motivation behind this initiative.

4. Germany’s New Legislation to Shield Security Researchers

In a move to foster cybersecurity research, Claire outlines Germany’s legislative draft:

“The German government has drafted legislation to protect security researchers who discover and report vulnerabilities.”

The proposed law intends to shield cybersecurity researchers from criminal liability provided they responsibly disclose vulnerabilities to vendors. Conversely, it introduces stringent penalties, including prison terms ranging from three months to five years, for researchers who cause significant financial harm or disrupt critical infrastructure during their investigations.

5. FBI Reports Surge in Compromised Law Enforcement Credentials

Highlighting emerging cyber threats, Claire informs listeners about the FBI’s recent observations:

“The FBI says it's seeing an uptick in posts on criminal forums advertising compromised law enforcement credentials.”

Threat actors exploit these compromised accounts to submit emergency data requests to tech companies, obtaining sensitive information about high-value targets. This data is subsequently used for sophisticated social engineering or SIM swapping attacks. The FBI has advised companies interfacing with law enforcement to enhance their security measures in response.

6. Chinese Hackers Breach Singtel in Singapore

Claire brings attention to cyber espionage activities targeting telecommunications:

“Chinese state-sponsored hackers breached Singapore's largest telecommunications provider Singtel in June.”

Attributed to the Vault Typhoon group, this breach is believed to have been a preliminary operation preceding attacks on US telecommunications companies. The implications of such breaches underscore the growing cyber threats posed by state-sponsored actors.

7. Ransomware Attack Disrupts Washington State Court Systems

Detailing recent ransomware activities, Claire reports on disruptions within the US judicial system:

“A cyber attack has taken down court systems across the US state of Washington.”

The incident, presumed to be a ransomware attack, affected multiple cities over the weekend, causing delays in fine payments and court hearings. Authorities responded by disabling affected systems as a precautionary measure and have commenced restoration efforts to mitigate the outage.

8. UK Prison Vans Hit by Ransomware Attack

Expanding on the theme of ransomware impacts, Claire discusses an attack affecting UK correctional facilities:

“A cyber attack has disrupted tracking devices and panic alarms in prison vans operated by Serco across the UK.”

The downtime resulted from a ransomware breach last week targeting Microlise, a UK-based transport technology provider. Additionally, DHL’s UK division suffered disruptions, losing access to its package tracking tools, highlighting the widespread ramifications of such attacks on critical infrastructure.

9. Cisco Patches Critical Vulnerability in Wireless Access Points

Turning to corporate cybersecurity, Claire outlines Cisco’s recent security measures:

“Cisco has patched a critical vulnerability that allowed threat actors to run commands as root on its ultra-reliable wireless backhaul access points.”

This vulnerability, rated with a severity score of 10, affected the web-based management interface of ruggedized access points commonly used in manufacturing, ports, and mines. This patch is one of fifteen bugs Cisco addressed within the week, emphasizing the company's commitment to securing its infrastructure.

10. Andro Ghost Malware Linked to Defunct Mozzie Botnet

Claire delves into malware evolution and its implications:

“Indian security firm Cloudsec has linked the new Andro Ghost malware to the defunct Mozzie botnet.”

Originally identified this year attacking web servers and Laravel-based applications, Andro Ghost has begun deploying Mozzie-like payloads targeting IoT devices. The original Mozzie botnet, active between 2019 and 2021, was dismantled following the detention of its Chinese administrators. Currently, over 2,700 vulnerable linear, emerge, smart door, and access control systems—95% located in the US—are exposed to a command injection flaw disclosed in September. Despite the availability of a proof-of-concept exploit, vendors have opted not to patch the vulnerability, advising against internet exposure of the affected devices.

11. Replit Confirms Security Breach Impacting User Passwords

Addressing vulnerabilities in AI platforms, Claire discusses Replit’s recent security incident:

“AI coding platform Replit has emailed customers to disclose a security breach.”

A misconfiguration allowed Replit employees unauthorized access to plain-text passwords. While the company asserts that there is no evidence of these passwords being abused to access customer accounts, the breach affects over 30 million users, raising concerns about data protection practices within AI-driven services.

12. Mozilla Foundation Lays Off 30% of Staff Amid Strategic Shift

Concluding the episode, Claire reports on significant organizational changes within the Mozilla Foundation:

“The Mozilla foundation has laid off 30% of its staff. The layoffs impacted the organization’s advocacy and global programs.”

Earlier measures included reducing personnel in the Firefox browser division as Mozilla announced a strategic pivot towards artificial intelligence and ad-related technologies. These layoffs signal a substantial restructuring effort aimed at aligning the foundation’s resources with its evolving strategic priorities.

Conclusion

Claire succinctly wraps up the episode, reiterating the pivotal topics covered and acknowledging the episode’s sponsor:

“And that is all for this podcast edition.”

Today's show was brought to you by our sponsor, Nucleus Security. Find them @nucleussec.com. Thanks for your company.

This episode of Risky Business News provides a comprehensive overview of critical cybersecurity developments worldwide, from state-level internet censorship and legislative changes to significant breaches and corporate vulnerabilities. Whether you're a cybersecurity professional or an informed listener, the insights shared offer valuable perspectives on the evolving digital threat landscape.