Transcript
A (0:04)
Belarus deployed spyware on journalists phones A man is arrested for installing malware on a ferry. France arrests the hacker behind an Interior Ministry email server breach and use Cisco and SonicWall 0 days this is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 19th of December and this podcast episode is brought to you by Push Security. In today's top story, Belarus has deployed spyware on the phones of local journalists. The resident BAT spyware was installed while the victims were being interrogated by police. The spyware's infrastructure was built in 2021 during the country's anti government protests. The malware was identified by Reporters Without Borders in cooperation with resident ngo. In other news, Iranian hackers have compromised the Telegram account of former Israeli Prime Minister Naftali Bennett. The Handala Group published of conversations and his contact list earlier this week. Bennett denied that they compromised his phone and said the hack was limited to his Telegram account. French authorities have arrested a 22 year old man for a cyber attack on email service at the country's Interior Ministry. The hackers allegedly stole data on millions of French citizens. Officials said the suspect is a known hacker who was convicted of similar crimes earlier this year. Meantime, French authorities have arrested a Latvian man for installing malware on a ferry. The suspect was a crew member of the Fantastic, an Italian owned passenger ship. He allegedly installed a Remote Access Trojan on the ferry's systems while the ship was docked in the southern French port of Cette. Authorities believe the man worked for a group linked to a foreign power. Dutch authorities have arrested a 34 year old man for bank fraud. The suspect opened bank accounts online in other people's names using copies of their IDs. Authorities say he modified digital images of his face to include facial features from the victims. These were used to fool the bank's facial recognition systems that attempt to verify the applicant's identity. US Authorities have seized the servers and infrastructure of the Enote cryptocurrency exchange. The FBI says the portal laundered more than $70 million from ransomware attacks and account hacks. Authorities have indicted site's operator, a 39 year old Russian national named Mikhailo Petrovich Chadnevets. Indian authorities have dismantled a cybercrime platform that sent bulk SMS spam. The platform had 21,000 SIM cards. It was used by both domestic and foreign cybercrime gangs. It sent millions of messages per day, often imitating Indian government services to collect banking details. Google has filed a lawsuit against the operators of the Dhakala phishing service. The company is seeking a court order to seize the group's server infrastructure. The lawsuit names Chinese national Yu Cheng Chong as the group's leader, along with 24 other members. In May, Chong was identified as the administrator of Darkala in a joint investigation by German, French and Norwegian journalists. The Federal Trade Commission has ordered the operator of the Nomad Bridge to return funds recovered from a 2022 hack. Illusory Systems recovered 37 of the $186 million worth of crypto assets that were st. The FTC has also ordered the company to implement a comprehensive cybersecurity plan, audit its code and fix vulnerabilities. The FBI attributed the Nomad Bridge hack to North Korea and staying with North Korea, its hackers stole more than $2 billion worth of cryptocurrency this year. This represents almost 60% of all stolen crypto, according to Chainalysis. The country's total is now more than $6.75 billion in the last decade. A cluster of 17 malicious Firefox add ons is being distributed through the official Mozilla portal. The extensions track users and insert affiliate links for Chinese shopping portals. Koi Security said the add ons have been active since September and have been downloaded more than 50,000 times. Proofpoint is reporting a surge in OAuth device code phishing campaigns targeting Microsoft 365 accounts. The campaigns have been linked to both ecrime and state sponsored espionage groups. The attacks seek to trick users into finishing an OAuth authorisation process started by the hackers. Completing the process grants attackers access to the victims accounts. A new Android botnet has infected more than 1.8 million devices. The Kim Woof malware has been found on smart TVs, set top boxes and Android tablets. The botnet's been used to carry out large scale DDoS attacks, according to Chinese security firm Xianxin. The botnet appears to have been created by the same group behind Isuru, a botnet that broke several DDoS records this year. A suspected Chinese apt is exploiting a zero day in Cisco email security products. The attacks have targeted the Cisco Secure Email Gateway and the Cisco Secure Email and Web Manager. The zero day allows the attackers to run commands as root on the devices if the spam quarantine feature is enabled. Sonicwall has released a security update. Apache actively exploited zero day in its SMA 1000 security gateways. The vulnerability was being used in an exploit chain with an another zero day that SonicWall patched in January. The new zero day was spotted in the wild by Google's security team, the FreeBSD operating system has patched a remote code execution attack. The vulnerability occurred when processing the domain search list in IPv6 router advertisement messages it has a severity rating of 9.8 out of 10. Threat actors are using the React to Shell vulnerability to deploy ransomware. Attackers have been spotted deploying the weaksaw ransomware over the last the ransomware has been historically associated with a group that targets Ms. SQL servers. And finally, the US government has remained the Tor project's largest sponsor, despite the organisation's effort to diversify its funding. The project raised $7.3 million last year, of which $2.5 million came from the US government. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Push Security. Find them@PushSecurity.com and it's also the last episode for the year. The Risky Bulletin will return on 12 January. In the meantime, have a wonderful new year and thanks so much for your company.