← Risky Bulletin
Loading summary
Transcript1 lines
- [00:04]
Claire Aird
North Korean hackers steal $1.5 billion from Bybit Apple disables iCloud backup encryption in the UK Stream jacking hits the esports world and Palau faces its third ransomware attack in six years. This is the risky bulletin prepared by Catalyn Kimpanu and read by me, Claire aird. Today is the 24th of February and this podcast episode is brought to you by Vulnerability Management and Analysis, Plat Nucleus Security North Korean hackers have stolen More than $1.5 billion in crypto assets from Bybit, the world's second largest cryptocurrency exchange. Friday's hack was the largest crypto heist in history. The attackers infiltrated Bybit's network, studied the company's internal procedures, and identified the employees who approved transactions. Those employees were then targeted with malware and malicious smart contracts. When staff went to move funds on Friday, the hackers showed a fake user interface which tricked Bybit's staff into signing a malicious transaction. Bybit says it will provide 10% of the stolen funds to anyone who helps it recover its assets. The North Korean hackers have started laundering the funds. In other news Apple will no longer allow iCloud users in the UK to enable advanced data protection. The feature launched in 2022 and allows users to encrypt iCloud content stored on Apple's servers. Apple's decision was announced after security services in the UK requested special access to user data earlier this year. Existing users will need to disable the feature at a later date. New US Defence Secretary Pete Hegseth has ordered US Cyber Command to devise a plan to overhaul its structure within 45 days. The Pentagon approved a plan to overhaul Cyber Command at the end of the Biden administration, with an initial deadline of 180 days. Hegseth is one of many new Trump officials who've called for more aggressive US cyber operations. Last week, former NSA and Cyber Command head general Paul Nakasone warned that the US was falling behind its adversaries in cyberspace. The Killin Ransomware group has taken credit for a cyber attack on Palau's Ministry of Health and Human Services. Officials are investigating the hack, but say hospital care has not been impacted. The Pacific island nation had faced ransomware attacks twice before, in 2019 and 2020. The Australian government previously sent it teams to help Palau recover a vulnerability in spyware apps Cocospy and Spyic has leaked the email addresses of the app's customers. The bug was discovered by an anonymous security researcher who exploited the issue to track signups to the Stalkaware apps, the researcher says. CocoSpy has almost 1.8 million users. Spyic has 875,000 users and shares infrastructure with CocoSpy. Previous reporting Le linked both to Chinese mobile app developer 711 ICU. Belgium's cybersecurity agency has warned local companies to beware of threat actors offering fake cybersecurity audits. The scammers claim to be from the federal cybercrime service, which doesn't exist by the way, and offer free security audits. When victims agree to the audit, the scammers install some sort of equipment on targeted networks. We think that means a Dropbox, but the information in the Belgian release is a bit vague. A cluster of 16 malicious Chrome extensions has been removed from the Google Web Store. The extensions were used to insert ads into users browsing sessions and manipulate search engine results. They posed as screen capture utilities, ad blockers and emoji keyboards. GitLab's security team identified the extensions, which had more than 3.2 million downloads. Security researcher Mickey Jin has disclosed a zero day in the parallels desktop virtualization product. Jin says he published details after Parallels and its vulnerability handler ZDI failed to address the issue for more than seven months. The zero day bypasses a patch for an earlier bug and can be used to gain root access on Parallels desktop deployments. Scammers are using hacked YouTube accounts to live stream esports competitions and defraud viewers. Malicious QR codes are overlaid on streams to redirect users to phishing sites that steal Steam credentials or crypto wallets. Security firm bitdefender spotted malicious streams for at least two counter strike tournaments. The technique certainly isn't new, but has mostly been used with political streams or tech Talks. Twitter and TikTok recommended Pro AFD content to non partisan users in the lead up to Germany's parliamentary elections, according to new research. Global Witness found that 64% of political content recommended on Twitter and 78% on TikTok was linked to the AfD. Overall right wing content significantly outweighed left wing content. These results are similar to recent research by DFR Lab. A leaked internal document from Chinese security firm TOPSEC has revealed its involvement in Internet censorship. Sentinel One says Top SEC is providing its services to both Chinese government agencies and private sector companies, according to the leaked document. TOPSEC offers an API service that can detect and block political criticism, violence and pornography in compliance with China's Internet regulations. US Authorities have extradited a Brazilian man from Switzerland to face charges over a $290 million. Cryptocurrency Ponzi scheme Dover Braga created his cryptocurrency investment platform, Trade Coinclub, in 2016. Officials claim Braga ran a bitcoin Ponzi scheme that shut down in 2018 without returning investor funds. The DOJ says Braga also failed to report his earnings to the IRS. If found guilty, he faces up to 20 years in prison. And finally, a team of software crackers named MassGrave has deployed a universal exploit that can bypass software licensing controls and activate all versions of Microsoft Windows and Office. Named tsforge, the exploit targets the Microsoft software protection platform. It's been incorporated into the group's piracy toolkit and is now available for download. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Nucleus Security. Find them@nucleusec.com thanks for your company company.