← Risky Bulletin
Loading summary
Transcript1 lines
- [00:04]
A
The FCC removes 1,200 voice providers from the US phone network A cyber attack shuts down Nevada's State Government Services Hackers breach sales loft and pivot into Salesforce accounts and Citrix patches. Yet another zero day this is the Risky Bulletin prepared by Catalan Kim Panu and read by me Claire aired today is the 27th of August and this podcast episode is brought to you by Okta. The US Federal Communications Commission has effectively disconnected more than 1,200 voice service providers from the phone network. Last year, 2,400 providers were ordered to comply with anti robocall protection rules. Voice providers are required to deploy the Stir Shaken protocol, provide accurate ownership details and and a point of contact for reporting robocall abuse. The providers that have not complied were removed from the FCC robocall mitigation database, meaning they'll be blocked by other telcos. In other news, the state of Nevada has temporarily closed its public services following a cyber attack. The incident has taken out in person services as well as websites, phone lines and several back end systems. The state did not provide details about the nature of the cyber attack, but but ransomware seems likely. Meantime, a cyber attack has disrupted transport for people with disabilities in Maryland. The incident primarily impacted the Maryland Transit Administration's mobility system, which is used to organise disability transportation. Call centres and real time information systems were also impacted, but core public transportation services were unaffected. No threat actor has taken credit Hackers have breached sales automation platform Salesloft and gained access to its customers Salesforce accounts. The attackers are harvesting Salesforce data and credentials to access other cloud platforms. Google said the attackers pivoted into Salesforce using OAuth tokens from the SalesLoft AI chat agent. SalesLoft has now revoked connections between its Drift AI platform and Salesforce. It's urged customers to revisit re authenticate to refresh the tokens. Google linked the attack to a group it tracks as UNC6395. Hackers have stolen the data of 1.1 million customers of Farmers Insurance. The breach occurred in late May and targeted the company's Salesforce account, according to the company's data breach notification. The stolen data includes names, addresses, birth dates, driver's license numbers and and the last four digits of Social Security numbers. An Iranian hacking group has claimed responsibility for an attack on Israeli Internet provider Riemon. The company's services have been down since the attack on August 23. The promised revenge group has taken credit for the attack. Riemon provides filtered Internet access for the Orthodox Jewish community. Citrix has released security updates to patch an actively exploited zero day in its netscaler products. The vulnerability is a pre auth rce that's been used to deploy Web shells. Citrix has advised customers to install the patches and commence incident response procedures. A vulnerability in the TruthSpy spyware app allows hackers to take over accounts and extract victim data. Attackers can reset any account's password through a flaw in the app's password recovery process. The Truth Spy told TechCrunch it can't fix the bug because it has misplaced the app's source code. A Chinese cyber espionage group is using hacked Network Edge devices to trick victims into installing malware. The campaign targeted diplomats in Southeast Asia earlier this year. Google said it's unclear how the network devices were being compromised, but linked the attack to a group it tracks as UNC6384. The final payload was PlugX, a malware long associated with Chinese espionage operations. A long running spear phishing campaign is targeting ScreenConnect Cloud administrators. The campaign has been active since 2022 and targets up to 1,000 accounts per run. Fake security alerts lure admins to phishing sites that intercept credentials and MFA challenges. The compromised accounts are being used as the entry point for ransomware attacks. Russia's national Max app is monitoring and logging all user activity, according to a technical analysis received by Forbes. The app does not use encryption and tracks user location in real time with high accuracy. The app will be pre installed on all mobile devices sold in Russia from September. 44 US states have warned AI and social media companies about chatbots having inappropriate interactions with children. Officials have pledged to go after companies that develop AI chatbots that harm young people. The warning follows recent reports that Meta's AI chatbot engaged in sexually inappropriate conversations with minors. A joint letter was sent to 11 companies, including Anthropic, Meta and OpenAI. AI company Perplexity has patched a vulnerability in its agentic AI browser Comet. The flaw allowed threat actors to hide malicious prompts inside a website source code that would be executed by the browser. The bug could have been abused to steal credentials or trick the browser into taking unwanted actions. The issue was discovered by the Brave Browser Team. Security firm Guardio warned last week that most agentic AI browsers are vulnerable to this type of attack. And finally, Google will verify the real world identities of all Android app developers from September next year. The new rule will apply to all apps, including those distributed outside the official Play Store. Future Android OS versions will not load apps from unverified developers. The developer verification process will open in March next year. It will initially be rolled out in Brazil, Indonesia, Singapore and Thailand. Thailand and further countries will be added in later months. That is all for this podcast edition. Today's show was brought to you by our sponsor, Octa. Find them@okta.com thanks for your company.