Transcript
A (0:04)
APTS go after the REACT to Shell vulnerability just hours after public disclosure CISA remains without a director after the nomination stalls again. NSA is down 2000 staff this year and Intellexa is still active despite sanctions. This is the risky bulletin prepared by Catalan Kimpanu and read by me Claire aired today is the 8th of December and this podcast episode is brought to you by MasterCard. In today's top story, Chinese APT groups are exploiting a vulnerability in the REACT framework server components. The attacks began just hours after the vulnerability was disclosed last Wednesday. Amazon researchers linked the campaign to the Chinese groups Earth Lamia and Jackpot Panda. The vulnerability allows attackers to run malicious code on servers for REACT based apps. The attack exploits the data serialization mechanism used between client and server and does not require authentication. In other news, the Trump administration has halted plans to sanction China over US telco hacks, according to the Financial Times. The administration has instructed staff to prioritise trade deals instead. Last year, Chinese cyber espionage group Salt Typhoon hacked more than a dozen US telcos. The US was considering a response that included sanctions against China's Ministry of State Security and its cyber contractors. The nomination of Sean Planky for the role of CISA director has stalled again. Planky was excluded from a key Senate vote after he was challenged by Senator Rick Scott of Florida. Multiple procedural issues have stymied Planky's candidacy since he was nominated in March. Sources told cyberscoop that Planky's bid for the role may be over.
A (1:53)
Meantime, the Trump administration has ended a CISA's Cyber Job Retention program. The Cyber Security Retention Incentive program provided extra pay to help government roles compete with the private sector. Nearly half ASA's staff were covered by the program. Some will face up to a 25% pay cut as a result of the program's withdrawal. The U.S. national Security Agency has shrunk by around 2,000 people this year. The cuts include employees who were terminated, left voluntarily or took to deferred resignation offers. The Trump administration pressured NSA to reduce its size earlier this year. The UK's Cyber Security Agency has launched a service to notify British organisations of vulnerabilities in their networks. The new proactive notification service contracts threat intelligence firm Netcraft to scan the British Internet and detect exposed systems. The agency then notifies system owners via email. India has reversed a decision to require smartphone vendors to preinstall a government cybersecurity app. Last week, officials said the Sanchar Sati app would be mandatory on all new smartphones sold in the country. The app was developed by the Department of Telecommunications to allow citizens to report SMS and WhatsApp fraud. Two days after the announcement, the government changed its mind following extensive public criticism. South Korean authorities are investigating the gmarket e commerce platform after reports of unauthorised mobile payments. Customers have reported unauthorised transactions of up to $135 on Gmarket's SmilePay system. The company says it's not been hacked and that the attacks leverage data stolen from other platforms. A recent leak of internal documents from Chinese security firm Nonsec originated from a 2023 hack an attacker allegedly exploited three breach the company. According to the Natto Thoughts blog, The company was unaware of the breach until the files were offered for sale on a hacking forum last month. The U.S. department of justice has indicted twin brothers for deleting almost 100 government databases. Muneeb and Sohab Akhtar, both 34 years old, are accused of stealing information and destroying databases minutes after they were fired from their contractor roles. The incident impacted multiple government agencies, including the IRS and the dhs. The brothers also allegedly asked an AI chatbot how to remove logs of their actions. Tokyo police have arrested two Chinese nationals on hacking and financial fraud charges. The two allegedly broke into securities accounts and made unauthorised trades to manipulate the stock market. Authorities believe the accounts were compromised through phishing. Almost 3,600 victims filed complaints with police over the attacks. Japanese police have issued an arrest warrant for a teen who used AI tools for cyber attacks. A 17 year old boy from Osaka was charged with hacking Kaikatsu Frontier, the operator of a chain of Internet cafes and gyms. The teen allegedly used ChatGPT to help him hack the company and steal data about almost 7.3 million customers. A Moscow man has been sentenced to 21 years in prison for DDoS attacks on the Russian postal service. The attacks took place in 2022 after Russia's invasion of Ukraine. Artayum Koroshalov worked with the Haktivist group IT army of Ukraine. Prior to his arrest, he was a mathematician at the Moscow Institute of General Physics. He was also found guilty of treason for donating to Ukraine's military, taking pictures of Russian rail lines and planning to create explosive devices. A Belarusian and Ukrainian dual national has pleaded guilty in the US for his role in two long running cybercrime operations. Maxim Silnikow was a core member of the Angler Exploit Kit malvertising operation. He also founded and ran the Ransom Cartel ransomware service. He was extradited to the US last year after being arrested at a resort in Spain. Spain in 2023 ransomware incidents and payments dropped last year after law enforcement disrupted two high profile ransomware groups. According to FinCEN, US banks and financial institutions paid $734 million to ransomware gangs in 2024. This was down from $1.1 billion in 2023. Spyware vendor Intellexa has continued selling its products despite US sanctions. Amnesty International published a Jo.