← Risky Bulletin
Loading summary
Transcript1 lines
- [00:04]
Claire Aird
Zoom has a remote control feature, so of course crypto thieves are abusing it. Hackers make $700 million in unauthorized stock trades, a Chinese APT leaks its exploits and Euro MPs traveling to Hungary are offered anti spying pouches for their phones. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 21st of April and and this podcast episode is brought to you by Devicee. In today's top story, a hacking group has stolen millions of dollars in cryptocurrency by abusing Zoom's little known remote control feature. Members of the group Elusive Comet pose as podcast hosts, reporters and venture firms to lure crypto owners into video conferences. The attackers name themselves Zoom on the call, so when they request control of the victim's system, it appears the software itself is asking. Once in, they install malware and steal fund. In other news, hackers have made unauthorised trades worth more than $700 million using Japanese stock brokerage accounts. The attackers gained access to the accounts through phishing attacks. They sold the victims stocks and bought artificially inflated shares in Chinese companies with the proceeds. Japan's financial regulator says most of the hacks occurred between February and April this year. Microsoft Entra customers are reporting a sudden spike in security alerts and account lockouts, according to Reddit users, The issue appears to be caused by Entra's new Mace credential revocation feature. The feature warns companies when employees are using an insecure password that was leaked in a previous breach. Some customers who have investigated suggest the alerts may be false positives from Microsoft's new system. Five European MPs were offered Faraday bags to protect their phones when visiting Hungary last week. The EU has taken steps to protect MPs after a previous delegation was spied on and followed by Hungarian intelligence. EU officials told Politico Europe that the use of Faraday pouches to protect phones is not a common practice. A previous report suggested that EU officials were advised to use burner phones when travelling abroad, including to the US. CISA has discontinued its contracts with Census and VirusTotal, according to a Nextgov report. The agency notified threat hunting teams last week and said it would find alternatives. But both tools are used to identify and investigate signs of compromise and threat actor activity, according to Axios. CISA has also fired 75 contractors who worked with its threat hunting teams. The Dutch government is seeking to recruit new cyber reservists for its armed forces. A recruitment campaign will begin later this year, according to Dutch news outlet. The Dutch Defence Cyber Command operated six platoons with a total of 110 cyber reservists last year. Zambia has passed a cyber security law requiring lawful interception capabilities for all types of electronic communications. The new rule has spooked some countries and the US has issued a travel advisory for Americans visiting the country. Zambian officials say other countries have similar laws and the capability will only be used with judicial oversight. They say it's needed to fight fraud, disinformation and CSAM content. US authorities have indicted a man accused of stealing the personal data of more than 65,000 people. Nicholas Moses used the hacker name Scrublord and was an alleged customer of the Smoke Loader botnet. He is accused of renting access to the botnet and deploying infostealers on victims computers. Authorities discovered his actions after taking down the Smoke Loader botnet in May last year. The U.S. justice Department has charged an Iranian man accused of running the Nemesis Dark web marketplace. The indictment says Behrou's Pasarad launched the website in 2021. It was active until German authorities seized it last year. Nemesis was known for selling drugs and hacking services. Pasarad was also sanctioned by the U.S. treasury last month. The U.S. federal Trade Commission says Americans reported losing $470 million to text message scams last year. The agency says the true figure is likely much higher since most incidents are not reported. The most common scams related to package deliveries, phony job opportunities, fake fraud alerts and unpaid road toll fees. The FBI says scammers are impersonating employees of its Internet Crime Complaint Centre as part of a new campaign. The scammers begin by posing as attractive women on support forums for fraud victims. These Personas advise victims to contact an account posing as an IC3 agent. Targets are led to believe the fake IC3 agent can help rec stolen funds, but instead they're just scammed again. The Kairos data extortion group has leaked files from the Baltimore State Attorney's office. The small leak is likely part of an ongoing extortion attempt. The office was listed on the group's leak portal at the end of March. The Kairos group publicly emerged in November and has attempted to extort more than 30 organisations. A Chinese cybercrime group is renting out access to its Android malware that automates NFC relay attacks. The capability lets attack hackers withdraw Victims funds at ATMs or make point of sale purchases. There's a growing trend of NFC capable malware which was first spotted last year in Russia. A Chinese cyber espionage group misconfigured one of its servers and briefly exposed some of its attack tools. The leak contained exploit scripts for Fortinet firewalls and VPNs, PHP web shells and network reconnaissance scripts specific to a major Japanese company. Security firm Hunt Intelligence, says the server was likely operated by the apt it tracks as redgolf, a hacking group is planting backdoors inside Russian companies that use the VPN software VIPnet. According to Kaspersky, the attackers are leveraging the software's update mechanism to install a backdoor. Infotex, which makes VIPnet, confirmed the attacks but said they can only be carried out if hackers already have access. Asus has fixed the vulnerability affecting its routers, which have the AI cloud service enabled. The company said users should disable AI Cloud if they can't install the firmware updates. The service allows Asus users to connect back to their home networks remotely, and attackers too, apparently. Google is working on a new web API to help websites detect bots and online fraud. The new Private Proof API is meant to replace existing bot and fraud detection systems. Current systems rely on cookies and device fingerprinting or making users complete a captcha. The API uses zero knowledge proofs to allow websites to check whether a browser profile is too fresh. And finally, Discord is testing a new Age verification system that requires users to scan their faces before viewing sensitive content. Users can opt out and still verify their age by submitting a scan of their photo id. The feature is currently being tested in Australia and the uk and that is all for this podcast edition. Today's show was brought to you by our sponsor Device. Find them@device.com thanks for your company.