Transcript
A (0:04)
An AI driven hacking campaign breached 600 Fortinet devices. Avanti was hacked via its own product Wikipedia bans archive today for DDoS attacks and Chinese hackers breached Italy's police force this is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 23rd of February and this podcast episode is brought to you by Socket Security, a developer first security platform that prevents vulnerable and malicious open source dependencies from infiltrating software supply chains. In today's top story, a Russian speaking threat actor has hacked more than 600 Fortinet firewalls using commercial AI toolkits. In the campaign that began in January, the attacker breached the devices by exploiting exposed management services with weak credentials. From there they used Deepseek for reconnaissance and Claud to generate vulnerability assessments and run offensive tools. The attacker avoided environments with hardened internal networks. In other news, a new report has revealed that Chinese hackers breached Ivanti's internal network in 2021. According to Bloomberg, the attackers exploited a vulnerability in Ivanti's own SecureConnect VPN product. This granted them access to the company's California data center. Avanti said the hackers did not reach its internal network. The hacks were part of a campaign that also targeted U.S. and European military contractors. Chinese state sponsored hackers have breached the Italian police force. The intruders targeted the Special Investigations and Operations Division and stole a list of 5,000 officers. Officials said data about ongoing investigations was not accessed. They believe the hackers were searching for information on Chinese dissidents living in Italy. Wikipedia has blacklisted Archive Today the anonymously run archiving site has an ongoing stoush with a blog that attempted to identify who was operating the service. Archive today modified its capture page to repeatedly request the blog, causing a DDoS attack. Wikipedia will be replacing almost 700,000 links to the site. A bug in PayPal's loan service working capital, exposed customer data for almost six months. The leak began in July last year and lasted until December. It exposed customer names, contact details and Social Security numbers. PayPal said the bug only exposed the details of 100 customers. A Ukrainian national has been sentenced to five years in a US prison for running laptop farms for North Korean IT workers. Oleksandr Dydenko paid Americans to receive and host laptops from their homes. He then sold access to the laptops and their identities. According to the Department of justice. He operated three US based laptop farms that hosted a many as 871 identities. Nigerian authorities have arrested seven suspects accused of running a cyberscam centre in the city of Agbor. The group used social media ads to lure victims to their fake crypto investment portals. The suspects were detained with the help of UK police and Facebook. A Romanian national has pleaded guilty to hacking and selling access to computer networks of American companies. Among his victims was the Oregon State government office. In 2021, Katalin Dragomir made at least $250,000 as initial access broker until he was arrested in 2024. He faces up to seven years in a US prison. US authorities have arrested three Silicon Valley engineers for stealing trade secrets from Google and other tech companies. Sisters Samane and Saror Gandali were detained on Friday. Together with Samane's husband Mohammad Javid Khosravi, they stole sensitive information about processor security and Cryptogr. They later accessed the stolen data whilst in Iran. A single character typo in Firefox's source code has exposed the browser to remote code execution attacks. The issue was discovered by security researcher Alessio Gindini and has since been fixed. The typo was an ampersand character being used instead of a pipe, causing incorrect data to be stored into memory. Hackers are exploiting two new vulnerabilities in Roundcube webmail servers. The bugs are an unsecure deserialization issue and a cross site scripting flaw. Both were patched last year. While no details about the attacks have been disclosed, Russian state sponsored hackers have been behind several campaigns targeting roundcube servers in recent years. The Predator spyware can hide camera and microphone indicators on iPhones to enable silent recording. Unlike previous open source exploits that achieved similar results. Predator can disable the indicators while leaving the rest of the screen active. The spyware was developed by Intellexa, previously known as Citrox. A new worm is spreading on the NPM package repository. It was spotted in 19 libraries across two developer accounts. Once installed, these packages exfiltrate a victim's credentials and then spread to other packages they maintain. Due to its similarities with last year's shy Hulud worm, Socket Security has named this one Sandworm Mode. Arizona lawmakers have proposed a bill that would require age verification on all mobile apps. The proposed law would apply to apps that are both bundled with the device and downloaded through an app store. If passed, miners devices would need an associated parent device to consent to their use of apps. And finally, Microsoft has warned against running OpenClaw AI agents. The company's security team says OpenClaw should be deployed only on dedicated virtual machines and with dedicated credentials. The company has released hunt queries to find OpenClaw agents in Microsoft Defender telemetry data. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Socket Security. Find them at socket.dev thanks to your company.