Transcript
A (0:04)
The US sues a crypto ATM operator for profiting from scams SMS blasters make their way into Switzerland, the US and Portugal tussle over the extradition of the Raid forums Admin and Samsung patches a zero day in its phones. This is the Risky Bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 15th of September and this podcast episode is brought to you by application. Allow listing Software maker Airlock Digital the District of Columbia is suing America's largest crypto ATM operator. The suit alleges that Athena Bitcoin knowingly profited from scams. 93% of deposits into the company's ATMs were allegedly made by scam victims. Officials say Athena chose to ignore the problematic deposits, charged hidden fees and refused to refund victims. D.C. officials are seeking restitution for victims and to force the company to comply with anti fraud regulations. CISA has incorrectly used funds intended to retain cyber talent, according to an internal audit report. The DHS Inspector General said the cyber incentive funds were earmarked for retaining top cyber talent. CISA paid bonuses from the program to more than 240 employees who did not hold cybersecurity roles. The Dutch army will deploy hackers with frontline units. They'll be tasked with hacking local infrastructure to support combat operations. The Netherlands are following the lead of Russia and Ukraine, who regularly deploy cyber personnel to hack captured drones and personal devices. Jaguar Land Rover has yet to fully recover more than two weeks after a ransomware attack. The company expects that at least 3 of its production lines will resume activity this week, according to the BBC. Several of the carmaker's smaller suppliers are facing bankruptcies due to the halt in production. Jaguar Land Rover is believed to have lost at least 5050 million pounds since the attack. The Texas school district of Uvalde is closing this week due to a ransomware attack. The incident impacted phones, security cameras, visitor management and thermostat controls. The district said the systems are critical to students well being. School is expected to resume on Friday. In 2022, Uvalde's Robb Elementary School was the site of one of America's worst school school shootings. Authorities in France have seized a French language Dark Web marketplace. The Dark French anti system was established in 2017 and had more than 12,000 registered users. It sold drugs, hacking tools and criminal services. Authorities took control of servers and arrested the site's admin as well as a registered user. This is the fifth French language dark web platform seized by local authorities since 2018. Portugal and the US are in an extradition battle over the administrator of RAID forums. Diogo Santos Coelho used the online handle Omnipotent. He was arrested in the UK in 2022 at the request of US authorities. He's since been fighting his extradition to the US. Coelho is a Portuguese citizen. He said he'll have better family and medical support for his autism in Portugal. According to data breaches.net, a UK judge ruled last week that US representatives had made several procedural errors in the case. An employee of a DVD and Blu ray manufacturer has been sentenced to almost five years in prison. Stephen R. Hale stole DVDs and Blu Rays of Hollywood blockbuster movies and sold them before their official release. Movies from the Dune, Fast and Furious and Marvel franchises were among the stolen material. Hackers are selling access to accounts on the Russian national Messenger Max for up to $250. Some of the accounts are rented out by the hour. Russian officials say they've already blocked more than 67,000 accounts for suspicious activity such as spamming and sharing malicious files. ESET has spotted a version of the NotPetya ransomware that was modified to bypass secure boot. The hybrid Petya malware works by installing a malicious application into the EFI system part. ESET found the malware on VirusTotal, but there's no evidence it's being used in the wild. Samsung has patched a zero day in its version of the Android OS. The vulnerability was part of an exploit that targeted WhatsApp users. A similar zero day leveraging WhatsApp was also patched in Apple phones. The exploit chain was used to deploy spyware. Hackers are exploiting a recent vulnerability in the Delmia Apriso manufacturing platform. The bug was patched in June and active exploitation began began this month. The software is used to control production lines in factories. A successful compromise could be used for IP theft, sabotage or ransomware. The bug's been added to CISA's list of known exploited vulnerabilities. A vulnerability in stored value payment cards allows hackers to increase the card's balance. The cards are from Kiosoft, a self service payment kiosk vendor. The company's systems are often used by laundromats, car washers and vending machines rather than using a centralised system. The dollar value is stored on the cards themselves. Hackers can use a flaw in the cards to increase the balance. The vendor was notified of the flaws in 2023 but did not release a patch until 2025. Kigosoft said it has planned hardware changes with secure cards and new card reader components. Smartphone cameras produce different lens blur patterns that can be used to identify individual devices. Academic researchers have described the effect, known as a lens BL, as a camera fingerprint. It can be used for forensic and other investigative purposes. And finally, a correction. On Friday, we reported that the personal data of almost 6,000 Australian doctors and staff had leaked online. We meant to say 600. This had nothing to do with Catalyn Kimpanu's excellent journalism, just my crappy reading. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Airlock Digital. Find them@airlockdigital.com thanks for your company, Sam.