A

Academics develop a 5G downgrade attack ransomware hits car salvage yards across North America. Multiple VPN apps share the same hard coded password and Bangladesh spent $190 million on hacking and surveillance tools this is the risky bulletin prepared by Catalyn Kim Panu and read by me Claire aired today is the 18th of August and this podcast episode is brought to you by Kroll. Find them@kroll.com Cyber academics have developed an attack that can downgrade 5G mobile traffic to 4G without using a rogue based station. The attack uses a new software toolkit to inject crafted messages that disrupt 5G authentication. The attacks were demonstrated in close proximity to targeted devices. The success rate was highest when within 20 metres. The attack has been reported to the GSM association and the tool has been open sourced. In other news HR and business planning platform Workday has disclosed a security breach. Hackers social engineered an employee and gained access to the company's third party CRM. Workday is likely the latest victim of a hacking spree targeting corporate salesforce accounts for data theft and extortion. Workday has not confirmed this. Hundreds of auto salvage yards across Canada and the U.S. have been hit by a ransomware attack. The attackers allegedly gained access to their networks via the Simple Help remote management app. The victims likely share an IT vendor, but this has not been confirmed. The incident took place in early August and attackers used the lock bit black ransomware variant. The UK's tax agency has fired 50 employees for accessing confidential taxpayer data. The agency said the number represents less than 0.1% of its workforce. Since 2022, His Majesty's Revenue and Customs has dismissed almost 200 workers for similar infractions. The Malaysian stock exchange will require multi factor authentication for all brokerage accounts by the end of the year. The change comes after hackers broke into 80 brokerage accounts and carried out unauthorised transactions in April. Similar hacks were reported this year at stock exchanges in Japan and Indonesia. VPN company Proton is investing more than $120 million in data centre infrastructure outside Switzerland. The company is investing in data centres in Germany and Norway due to uncertainty over a proposed Swiss surveillance law. The law would require providers to implement stricter logging and data collection. Switzerland is home to several vpn, secure email and encrypted messaging providers. Bangladesh has bought at least 160 surveillance technologies and spyware systems in the last decade, according to the Tech Global Institute. The government spent nearly $190 million on surveillance tech. More than half of that sum went to companies in the US and Israel. Cellebrite, Finfisher and the Predator spyware are among the tools deployed in the country. The U.S. department of justice has indicted a member of the Zeppelin ransomware gang. UK Yanis Alexandrovic and Tripanka was indicted on computer fraud and money laundering charges. Officials seized $2.8 million in crypto, $70,000 in cash and a luxury car from Entropanka. The Zeppelin ransomware operation was active between 2019 and 2022. Vietnamese authorities have arrested a foreign national for sending SMS messages impersonating government portals. The suspect is accused of driving around Ho Chi Minh City with two SMS blasters in the back of their car. The devices allow the suspect to spoof the SMS sender identity to appear authentic. This is the second known SMS blaster incident in Vietnam after an arrest in Hanoi last year. Indian Police have detained 18 suspects over their involvement in a credit card scam operation. The group members contacted customers of the State bank of India posing as bank executives. They diverted customer funds to their own accounts and laundered the funds using electronic gift cards. The group obtained customer data to support the scam from insiders who worked at one of the bank's call centres. They're believed to have stolen almost $300,000 from SBI customers. Hundreds of Tesla made installations are exposed to the Internet without authentication. The app is an open source web dashboard that lets Tesla owners visualise data collected by their car. According to Sayful of Kilic, the app's sensitive data such as exact car locations, trip details and charging station activity. Several VPN apps on the Google Play Store ship with hard coded passwords. The apps all use the open source Shadowsocks tunnel software and some share the same passwords. The hard coded passwords mean that traffic inside the VPN can be observed by adversaries. According to Citizenlab, the apps are registered to three four front companies but are operated from China. A suspected Ukrainian APT group is behind a campaign that planted keyloggers on Exchange server login pages. Russian security firm Positive Technologies has linked the attacks to a group known as Phantom Corps. The group compromised 65 servers in 26 countries. A third of those servers appear to be government systems. The source code for the Ermac V3 Android banking Trojan has leaked online. The leak contains code for the Trojan along with its builder, backend and exfil servers. According to Hunt Intelligence, the code leaked from an open directory. The Ermac Trojan was first spotted in the wild in 2022. The PolarEdge botnet has compromised more than 40,000 devices. It was discovered in February when it had only 2,000 devices. It mostly consists of Cisco and Asus routers, as well as QNAP and Synology NAS devices. According to Census, Polaredge has traits similar to Orb networks linked to Chinese espionage campaigns. Otter AI is being sued for allegedly recording video conferences without permission. The company runs an AI agent that generates summaries and transcripts of meetings. The lawsuit alleges that Otter obtains permission from meeting hosts to record, but does not inform the other participants. Wallet apps distributed through the Google Play Store will have to demonstrate compliance with local laws. The new rule applies to both classic and crypto wallet apps. App developers will need to obtain relevant local licenses in 15 regions, including the EU, the US and Canada. And finally, an Allow and Block list feature will be added to Microsoft Teams. It'll allow security teams to block external domains from sending messages via teams. The feature is designed to stop social engineering attacks. Next month, Microsoft will also add a feature that can detect malicious links posted in teams. And that is all for this podcast edition. Today's show is brought to you by our sponsor, Kroll Cyber. Find them@kroll.com cyber thanks to your company.