A

Cambodia promises to dismantle cyberscam compounds by April CISA urges companies to adopt the Open EOX standard, Linux gets post quantum crypto support and Palo Alto Networks avoids attributing an APT to China. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire Airdrop. Today is the 16th of February and this podcast episode is brought to you by Asset Inventory and Network Visibility company Run zero in today's top story, Cambodia has promised to dismantle all local cyberscam compounds by April. Its government said it raided 190 locations in January and made more than 2,500 arrests. Officials say more than 110,000 workers have been either deported or or have left the country. CISA is operating with reduced staff this week as the US Enters a partial government shutdown. The Cyber Security Agency has furloughed two thirds of its employees. Staff members with essential duties remain. CISA is part of the Department of Homeland Security and is collateral damage as the two parties fight over immigration enforcement funding. Meanwhile, CISA has urged both public and private sectors to adopt the open EOX standard. Open EOX provides a simple way for devices to share their end of life and end of support information. Since its creation last year, it's been implemented in products from Cisco, Microsoft and Oracle. Further, government cyber programs are set to be shut down this year as CISA refocuses on critical infrastructure security. Cybersecurity Dive has reported on an internal CISA meeting where staff from the Cyber Security Division were warned about the upcoming changes. Two anonymous sources said the changes would result in a lot less people doing much more work. Still in The United States, U.S. democratic senators are seeking an explanation over sanctions being lifted on executives from spyware maker Intellexa. The senators claim the government did not attend a recent meeting about the spyware maker's sanction evasion tactics. Sanctions on the executives were lifted three weeks later. Moroccan intelligence services are believed to have infected the phone of Spanish PM Pedro Sanchez with the Pegasus spyware. The hack occurred in 2021 when Sanchez visited the city of Quet, a Spanish enclave on the Moroccan coast. The attackers isolated the phone with an IMSI catcher and then deployed the spyware using a zero click exploit. Details of the hack have been revealed for the first time by Spanish intelligence sources. U.S. surveillance company Palantir is suing a Swiss magazine over two articles exposing vulnerabilities in its products. The articles in Republic magazine last year led to an investigation into the company by the Swiss army. The country eventually dropped its contract with Palantir on national security grounds, Palo Alto Networks has intentionally avoided attributing a recent global cyber espionage campaign to the Chinese government. Sources told Reuters that company researchers linked the attacks to Beijing. The final published report described the attackers only as a group operating out of Asia. The sources said the company feared retaliation from the Chinese government. Earlier this year, Beijing instructed local companies to stop using products from multiple Western firms. Palo Alto Networks was on that list alongside CrowdStrike, SentinelOne and Mandiant. The next major release of the Linux kernel will ship support for a quantum resistance signature algorithm. The module Lattice based digital signature algorithm will also ship with macOS and Windows. It allows the three operating systems to generate digital signatures that are resistant to attacks by quantum computers. US NIST selected MLDSA as a post quantum encryption standard in August 2024. Adult toy maker Tenga has notified customers of a data breach. The company says a hacker gained access to one of its employees inboxes and used the account to phish other staff members. Tenga said customer data may have been stolen. Last week's breach of Dutch ISP Odito was the result of phishing a customer service representative. The intruders used access to the account to scrape customer data from the company's salesfor the details of more than 6.2 million customers were stolen. The Guernsey Data Protection Agency has told a local healthcare provider to improve its cyber security practices. The agency says First Contact Health failed to protect patient data after a 2024 data breach. Dutch authorities have arrested a 40 year old man for extorting the local police force. The suspect attempted to share footage with authorities but was accidentally provided a download link rather than an upload one. He downloaded police files and then requested money to delete them. Malaysian authorities have disrupted two SMS Blaster operations. The first was active near a casino resort in the country's capital, while the second operated in a border town near Singapore. Both operations used fake cell towers installed in the back of cars to send spam impersonating official services. The bad IIS malware botnet has infected more than 1,800 Windows IIS servers. The malware deploys malicious IIS modules to perform SEO poisoning or to redirect users to gambling and casino sites. The botnet has been active since last year. An APT is targeting China's academic and scientific research sectors. The Chained Shark Group has been active since May 2024. It focuses on intelligence collection, related Chinese diplomacy and marine technology. Victims have included universities and research institutions specialising in international relations. Chinese security firm NS Focus says the group is sophisticated, has strong social engineering capabilities and has advanced knowledge of the Chinese language. The influence operations of the late Yevgeny Prigozhin have been taken over by Russia's foreign intelligence Service. The SVR companies and operatives from Prigozhin's Wagner mercenary operation have been rearranged under a new company, Stratconsult, according to leaked documents. The company runs influence operations in more than 30 countries, 22 of which are in Africa. Threat actors are exploiting a recent vulnerability in Beyond Trust Remote Access Solutions. Multiple security firms spotted attacks within a day of Proof of Concept code being published. The vulnerability is a remote code execution bug in the Remote support and Privileged remote access products. The bug has a 9.9 out of 10 severity rating. It was one of 11 bugs added to CISA's kev database last week. Meta plans to add a facial recognition feature to its smart glasses. In an internal memo obtained by the New York Times, Meta said it was a good time to release the controversial technology as critics are distracted by political tumult in the us. Meta Smart glasses have been publicly criticised after being abused to see secretly record women. The company sold 7 million pairs last year. A vulnerability has been discovered in Munge, an authentication system used for supercomputers and high performance clusters. The vulnerability can leak the Munge secret key and allow attackers to forge their own tokens to access a cluster's resources, according to French security firm Lexfo. The bug's been present for 20 years. Indian pharmacy chain Darva has secured an exposed API that allowed full access to its backend systems. Security researcher Eaton Zver said the API could have allowed attackers to create super admin accounts and access the company's data. That could have included customer information, orders and the ability to edit prices and product details. And finally, the European Commission has told TikTok to change some of its features due to their addictive nature. TikTok was instructed to disable Infinite scroll, change its recommendation system and add screen time breaks. Facebook and Instagram are also under investigation in the EU for using addictive design features. And that is all for this podcast edition. Today's show is brought to you by our sponsor, Run Zero find them@runzero.com thanks to your company.