Transcript
Claire Aird (0:04)
A hacking group goes after Salesforce data the FBI takes down the Biden Cash carding forum, China offers rewards for Taiwanese military hackers and high risk bugs are patched in enterprise software from HPE and Infoblox. This is the Risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 6th of June and this podcast episode is brought to you by Asset Inventory and Network Visibility company Run zero A hacking group has used a fake Salesforce app to breach and extort more than 20 companies. The group, Tractors UNC040, called employees at large companies posing as their IT department. Employees were tricked into installing a modified version of the Salesforce data Loader app, which granted access to companies Salesforce databases. According to Google's security team, the group originated from the. Com, the same underground community that gave us Scattered Spider. In other news, hackers have stolen 47 million pounds from the UK Tax Authority. His Majesty's Revenue and Customs said hackers compromised around 100,000 taxpayers accounts and claimed fraudulent refunds. The agency is notifying everyone affected. UK tax officials believe the hackers used credentials collected through means such as phishing. The U.S. department of Homeland Security will shut down a program that vets mobile apps used by federal employees, such as CISA's Mobile App Vetting Program was established in 2023 to assess mobile apps to assist government agencies with their risk management. Members of the House Homeland Security subcommittee have requested a meeting with DHS Secretary Kristi Noem to discuss the shutdown. Almost 1,000 employees have left CISA since President Donald Trump took office in January. Around 175 employees accepted the first round of redundancy offers earlier this year. Another 600 took the second round last month, according to White House documents. Cisa now has 2,649 employees. Last year it had 3,732. Romanian telcos have been ordered to block inbound international calls that claim to come from a domestic phone number. The country's communications watchdog announced the decision following an increase in fraudulent calls posing as government institutions. It says the block won't eliminate all fraud, but it will prevent obvious attempts. The Interlock Ransomware group has claimed credit for a security breach at the Kettering Health hospital chain in Ohio. The attack occurred in late May, and the company is still recovering from the incident. Interlock leaked some of the stolen data after Kettering allegedly refused to pay the ransom demand. Ukraine's military intelligence agency claims it hacked the Russian aircraft manufacturer Tupolev. The GUR says it stole 4.4 gigabytes of files containing internal communications and personnel details. Officials told the Kyiv Post that the data will be useful for future operations against Russia's military industrial complex. China is offering a reward for information on 20 Taiwanese military hackers. Officials claim the individuals are members of Taiwan's Information Communications and Electronic Force Command. China has accused that unit of hacking companies and government organizations in 11 Chinese provinces. The reward offered is 10,000 yuan, roughly $1,400 for each suspect. The US State Department, meanwhile, has offered a slightly larger $10 million reward for information leading to the arrest of Russian national Maxim Rudomitov. US authorities indicted Rudomitov in October last year for developing the Redline infosteeler. He's believed to live in the Russian city of Krasnodar. The State Department claims Rudomitov acted under the direction of a foreign government. The FBI has seized 145 domains linked to the Biden Cash carding forum and marketplace. The site launched in 2022 and is believed to be operated by a Russian speaker. The site dumped millions of credit cards for free as a marketing strategy when it launched. Two members of the hacking group Vile have been sentenced to prison in the US they hacked law enforcement portals and stole data to dox and harass victims. Sagar Steven Singh, also known as Weep the, was sentenced to 27 months, while Nicholas Chiaraolo, also known as convict, received a 25 month sentence. Almost 8% of Model Context Protocol servers hosted on GitHub may be malicious, according to Google. The company says it scanned close to 18,000 GitHub repos. It found suspicious functionality in roughly 1,400 MCP servers, such as harvesting credentials or trying to run remote code. MCP servers are software components used to integrate AI tools with other systems. The management interfaces for more than 35,000 solar panels are exposed on the Internet. Cybersecurity firm Forescout says three quarters of the exposed systems are located in Europe, primarily in Germany and Greece. Almost a third of the affected interfaces are from German vendor SMA Solar. Russian hackers have deployed a data wiper inside the network of an unnamed Ukrainian critical infrastructure operator, Cisco. Talas says the attack used a new strain of malware called Pathwise. The malware is the ninth wiper deployed in Ukraine by Russian hackers since the war began. Threat actors are exploiting a recently patched vulnerability in the Roundcube Webmail server. Attacks began two days after a patch was published on GitHub. An exploit was also sold on underground hacking forums. The vulnerability impacts all versions of Roundcube released in the last decade, six vulnerabilities have been found in the Infoblox NetMRI Network Automation and configuration management solution. The bugs allow remote attackers to bypass authentication via hard coded credentials and escalate privileges through cookie forgery. Other bugs include an unauthenticated command injection and an SQL injection. And finally, Hewlett Packard Enterprise has patched eight vulnerabilities in its store Once Enterprise Backup solution. The vulnerabilities include an authentication bypass and several remote code execution flaws. The issues were discovered and reported privately, but are not currently under active exploitation yet. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Run Zero. Find them@runzero.com thanks for your company.