Transcript
A (0:04)
Apple notifies French users of spyware attacks China will increase fines for data breaches. Google pays $1.6 million for cloud bugs at a Hackathon event and no more hacked free laundry for Dutch students. This is the risky bulletin prepared by Catalyn Kimparnu and read by me, Claire aird. Today is the 12th of September and this podcast episode is brought to you by Trail of Bits. Apple has notified French users of a spyware campaign that targeted their devices. The French cybersecurity agency says this is the fourth time this year that Apple has sent these notifications. Previous ones were sent in March, May and June. The Chinese government is looking to increase fines for data breaches. An amendment to the country's cybersecurity law could see critical infrastructure operators facing fines of up to $1.4 million. Individuals responsible for a breach could also face personal fines of up to $14,000. The US has surpassed Israel to become the largest investor in Spyware technologies. In 2024, the number of American entities investing in spyware tripled compared to the previous year, a report from the Atlantic Council says. The majority of US investors money has flowed to Israeli and US companies. Kenyan police installed spyware on the devices of two local filmmakers. The filmmakers were arrested in May on alleg allegations of publishing false information. Their devices were seized and returned two months later with the Flexispy spyware installed. The filmmakers appeared in court multiple times but have not been charged. A former IT employee is suing the government in Fulton County, Georgia. Omitade Adeneiyi claims he was blamed for a ransomware attack in 2024, even though the breach originated from other employees. He also says he suffered racial abuse from his supervisor after the hack. Adeneei was placed on leave. He was fired a few months later together with another Nigerian colleague. He'd worked for Fulton county for 14 years. The Hague has warned citizens of fake QR codes in parking lots across the city. Malicious QR codes are being stuck over legitimate ones. They redirect users to phishing sites where hackers intercept parking payments and steal banking information. Similar schemes were spotted in the UK and the US last year. The Police Service of Northern Ireland has told a judge it does not have the money to compensate staff impacted by a 2023 security breach. According to the BBC, affected employees are seeking around 100 million pounds in damages. More than 9,400 staff members had their data leaked online in a website misconfiguration. An Amsterdam university campus has closed its laundry facility after its smart washing machines were hacked. An unknown hacker disabled the machines payment systems in July. Students have since enjoyed free laundry. The machines will be replaced by low tech ones with a Coinbase payment system this month. Students expressed concern that having to pay for laundry would lead to an outbreak of lice. The personal data of almost 6,000 Australian doctors and staff has leaked online. New South Wales Health says the files leaked after a misconfiguration on its website. Leaked data includes passports, licences and medical credentials. Panama's Ministry of Economy and Finance has fallen victim to a ransomware attack. The ministry said the attack did not reach critical systems and operations have not been affected. The Inc Ransomware Group has taken credit for the intrusion. It claims to have stolen more than 1.5 terabytes of data. Chinese authorities have fined French fashion house Dior over a recent data breach. Officials said Dior violated the Personal Information Protection Law by sending data about Chinese citizens overseas. Dior was hacked in May during a campaign that targeted multiple subsidiaries of French fashion group lvmh. California, Colorado and Connecticut will investigate companies that are failing to comply with Global Privacy Control. The GPC is a protocol that notifies websites and and advertisers if users do not consent to having their data collected and sold. Data trackers that do not honour the GPC are in violation of recently passed state privacy laws. Finnish hacker Alexanderi Kivamaki has been released from prison following an appeal. In 2020, Kivimaki hacked the Finnish psychotherapy chain Vastamo and released highly sensitive patient files. He was arrested in 2023 following an international manhunt. Last year he was sentenced to six years in prison. At the time of release, he had served almost half that sentence. Australia's Cyber Security Agency has detected a spike in attacks against Sonicwall devices. The attacks have been linked to the Akira ransomware group. The group is using a 2024 vulnerability and compromised credentials. Google has awarded $1.6 million to security researchers. During a recent event, hackathon helped find 91 vulnerabilities in the Google Cloud platform. The event accounted for two thirds of the bug bounties paid for Google Cloud this year. A team of academics has developed a new side channel attack that breaks virtualized environments. The VMScape attack works against AMD Zen CPUs and Intel Coffee Lake processors. The attack uses CPU branch prediction to allow malicious guests to extract data from the hypervisor. The costs associated with ransomware attacks have risen this year despite a reduction in the number of attacks and insurance claims. Cyber insurance provider Resilience says claims decreased by 53% in the first half of 2025, but costs rose by 17%. Ransomware has accounted for 91% of all losses. Individual developers can now publish their apps on the Windows Store for free. Developers will no longer need a credit card to set up their account. Now the announcement appears to be an attempt to encourage app developers to use the Windows Store rather than their own websites or GitHub. And finally, the UK's telecommunications watchdog has launched investigations into a further 22 adult sites. The sites are being investigated over failing to implement age checks for visitors from the UK. Ofcom launched similar investigations into 34 adult sites in July. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Trail of Bits. Find them@trailerbits.com thanks for your company.