A (0:04)

Myanmar starts demolishing the KK park scam compound the US Congressional Budget Office gets hacked by a foreign APT Chrome will remove risky excess LT support and scammers in Singapore will get the cane this is the Risky Bulletin prepared by Catalyn Kimparnu and read by me, Claire aird. Today is the 10th of November and this podcast episode is brought to you by cloud security company Prowler. In today's top story, Myanmar's military junta is demolishing buildings in the country's largest scam compound. Controlled demolitions at KK park in the city of Miwodi began on 23 October. 24 of the park's 250 buildings have been destroyed with dynamite by the local border force. In other news, a foreign group has hacked the US Congressional Budget Office. The intruders are believed to have stolen emails and internal chat logs. The office creates economic projections for proposed bills. The hack was was discovered last week and is still under investigation. Hungary's main opposition party has suffered a security breach. Hackers leaked the personal data of more than 200,000 people from the Tisa party's mobile app. This is the party's second breach this year. Its leader, Peter Madja, blamed Russian hackers for the intrusion. Australia has imposed financial sanctions and travel bans on North Korean hackers. Sanctions were levied on one individual and four entities associated with the DPRK's state sponsored sponsored hacking program. Sanctioned entities include the Kimsuki, Lazarus and Andariel hacking groups. WannaCry developer Pak Jin Yeok and his employer Chosun Expo have also been sanctioned. Singaporean authorities will punish scammers and money mules with cane beatings. Scammers could receive between six and 24 lashes and money mules up to 12. The amendment to the law was passed by Parliament last week. A Singaporean minister said scams make up Singapore 60% of crimes reported in the country. A former lawyer for Donald Trump is the new chairman of Israeli spyware maker the NSO Group. David Friedman was appointed after US Investors acquired the company last month. During Trump's first term, he was U.S. ambassador to Israel. Friedman has said he will help lift sanctions and return the company to the US Market. A Russian national has pleaded guilty to hacking US Companies and selling access to ransomware groups. Alexei Olegavich Volkov worked as an initial access broker for the Yan Luang ransomware. He used the online handle Chewbaccacore. He was linked to seven ransomware attacks and received a $1.5 million cut. Volkov was arrested in Rome last year and later extradited to the us. The Yan Luang's group's internal chats and source code were leaked online following a hack in 2022. It disappeared soon after. The FBI has launched a criminal investigation into the website archiving tool Archive is. The agency has requested information about the site's owner from Canadian domain registrar Tucows. The website is often used to bypass news website paywalls. The CEO of cryptocurrency mixing service A Semiri Wallet has been sentenced to five years in prison. Keon Rodriguez received the maximum possible sentence. The service laundered more than $237 million in crypto that was linked to hacks, online fraud and drug trafficking. Authorities shut down the Samurai wallet website in April 2024. The company's CTO, William Lonigan Hill, will be sentenced later this month. A mistrial has been called in a New York case against two brothers accused of stealing $25 million from crypto trading bots. The jury was unable to reach a verdict. Anton and James Pereira Bueno were charged in May. The DOJ claimed the brothers exploited vulnerabilities in trading bots and laundered the extracted funds. The defence argued that they used their MIT education to execute a novel but legitimate trading strategy. Three Chinese nationals have been sentenced to prison in Singapore for hacking related crimes. The trio hacked into online gambling sites to manipulate games and steal personal data. They each received a sentence of at least two years and four months. They were part of a six person group arrested in September Last year. Authorities seized assets worth $40 million from the group. A Pakistani man has been arrested for allegedly selling data about millions of the country's citizens. Aneese Ahmed Shah, from the city of Baka was taken into custody by the country's cybercrime agency last week. Shah is accused of buying Pakistani citizen data on the black market and packaging it for resale. His site sold information including names, identification numbers, home addresses and travel records. The Cambodian government has raided two cyberscam compounds in the city of Bavet. More than 650 suspects were taken into custody. Most are foreign nationals. One scam compound specialised in impersonating government agencies, while the second ran investment scams. Proposed changes to the EU GDPR legislation would allow European users to set cookie preferences using browser or device settings. EU lawmakers are looking to simplify the GDPR and reduce the number of cookie consent banners. If passed, companies that ignore device level tracking consent could be fined up to 20 million euros or 4% of their annual turnover. A new commercial grade Android spyware is targeting the Middle East. The attackers used malicious image files to trigger a Samsung Zero Day and install the Landfall spyware. Samsung patched the bug in April, but evidence of exploitation dates back to July last year. Security firm Palo Alto Networks documented the campaign but has not linked it to any spyware vendor or state. A North Korean APT is targeting human rights activists and wiping their Android phones. The Connie APT operators breach their targets PCs and spam their contacts on the Kakaotalk messenger with malware. The attackers then leverage the Android remote wipe feature to prevent victims from receiving replies. The Django Python web application framework has patched an SQL injection vulnerability in its database component. The vulnerability can be exploited by adding internal query parameters to user input. It can allow attackers to bypass authentication, elevate privileges, and access sensitive data. Django is the most widely used web framework in the Python ecosystem. Russia is beginning to block traffic to the Akamai cdn, leading to disruptions for some local customers. Akamai says it's aware of the government's actions but is unable to do anything about it. A full block is not yet in place or all foreign cloud providers must have a local office in Russia and register with the state. And finally, Google will remove support for the XSLT language from Chrome by the end of next year. The Extensible Stylesheet Language Transformation System is similar to css it's used to apply styles to XML documents. Google cited security reasons for its removal. XSLT support will be removed in Chrome version 155, which is scheduled for November next year. Firefox and Safari also plan to remove excess LT support but have not set dates and that is all for this podcast edition. Today's show is brought to you by our sponsor, Prowler. Find them@prowler.com thanks to your company.