Loading summary
Transcript1 lines
- [00:04]
A
Almost 500 child sextortion cases have been linked to scam compounds. Oracle's CSO departs after 37 years, Europol offers a reward for the Killen ransomware group and the UK drops its demand for an Apple backdoor. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 20th of August and this podcast episode is brought to you by Kroll. Find them at kroll.com cyber almost 500 child sextortion cases have been tied to scam compounds operating in Southeast Asia. 40 compounds in Cambodia, Myanmar and Laos have been linked to the cases using forensic data. Human rights group the International justice mission believes that IP address data may link as many as 18,000 cases to the same compounds. The UK has abandoned its demand that Apple create a backdoor for its encrypted cloud data. The move followed pressure from the US Government. UK officials expressed concern over Apple's Advanced data protection feature in January. Apple subsequently disabled the feature for new users in the UK. Australia has fined Google $55 million for anti competitive online search practices. The Australian Competitive and Consumer Commission said Google hurt competition by paying telcos to pre install its search app. Those telcos, Telstra and Optus, received revenue for ads displayed in the app. A developer of online casino platforms has disclosed a security breach. The Bragg Gaming group says hackers breached its internal IT network on the weekend. The company says the hack has not affected its main operations. Australian mobile operator TPG Telecom is investigating a hack of its iiNet subsidiary. Hackers allegedly breached an order management system used by iiNet. The incident occurred on Saturday. Europol is offering a $50,000 reward for information on two administrators of the Killin ransomware group. The individuals go by the hacker names Hace and Xoracle. They've led the Killin ransomware since its launch in May 2022. According to Check Point, Killin accounted for 12% of all public ransomware attacks last month. A ransomware attack has disrupted US Pharmaceutical research group Innotiv. The incident occurred August and impacted internal data storage and some business applications. The company has confirmed that data was encrypted by the ransomware. The Killen Group has taken credit for the intrusion by listing the company on its Leak site. A UK cryptocurrency exchange has been liquidated after losing almost $23 million in a hack last year. The company ceased operations shortly after the attack. Liquidation proceedings began this year when customers sued to get their funds returned, according to court documents. The hack was carried out by the North Korean Lazarus group. Thai police have arrested two local men for driving an SMS blaster around Bangkok. The men said they were recruited by a Chinese gang to send SMS spam throughout the city. They were initially paid $100 a day to drive in their personal cars. The Chinese gang later forced them to use rental cars to minimise exposure and and paid them $40 a day. Gambian authorities have arrested 19 people for online scamming. The suspects are Nigerian nationals aged between 19 and 35. They were arrested in the city of Brushby after locals reported suspicious activity. They claimed they were being trained to run online scans by two Chinese nationals who've not yet been detained. An Israeli cyber security official has been arrested in Las Vegas. Tom Artum Alexandrivic has been charged with soliciting a min minor for sex. He was one of eight suspects detained during an undercover police operation. Alexandrovich was released after paying a $10,000 bond and has returned to Israel, according to his LinkedIn page. Alexandrovich is the executive director of the Israel Cyber Directorate. A 26 year old hacker has been sentenced in the UK to 20 months in prison. Al Tahiri Al Mashriqi hacked and defaced more than 3,000 websites over three months in 2022. He was a member hacktivist groups Spider Team and the Yemen Cyber Army. A Nebraska man has been sentenced to one year in prison for defrauding cloud providers as part of a large scale crypto mining scheme. Charles O. Parks rented servers from two cloud providers through fake companies and didn't pay the bills. He used $3.5 million worth of computing resources to mine more than $1 million in crypto tokens. He used the profits to buy NFTs, luxury cars and travel wealth while posing as a social media crypto influencer and thought leader. Oracle's chief security officer is leaving the company as part of a reorganisation. Mary Ann Davidson has been one of the longest serving CSOs in the industry. She joined Oracle in 1988 as a product manager, moved to its security department in 1993 and became the company's CSO in 2001. According to Bloomberg, Oracle is cutting jobs to reduce costs while it invests in AI infrastructure software. Company Elastic says it's unable to reproduce a reported zero day in its Elastic Defend EDR product. The company says Ash's cybersecurity researchers did not submit a working proof of concept and declined to provide further details. Elastic said Ash's public posts were not in line with the principles of coordinated disclosure. AI pen testing company Expo will stop competing for the HackerOne Leaderboard. The company became the first ever AI product to reach the top spot on a bug bounty platform. Expo said it'll focus on working with private customers. The Python Package Index has rolled out a new security feature that blocks domain resurrection attacks. These are where threat actors register expired domains that were once used to set up Pypi accounts. This lets attackers take over Python libraries and ship malicious code. Pypi says the feature rolled out in June, so so far it's blocked more than 1,800 accounts that used expired domains. And finally, the US National Institute of Standards and Technology has released guidance to help companies detect morph faces. Face morphing involves blending photos of real people to generate a new face that can bypass facial recognition scans. NIST says the technique can trick facial recognition systems into identifying the morphed image as either original individual. And that is all for this podcast edition. Today's show was brought to you by our sponsor of Kroll Cyber. Find them@kroll.com cyber thanks for your company.