Transcript
A (0:04)
Russia will use a custom crypto algorithm for its 5G network the Hungarian opposition accuses the government of using spyware. Kaspersky says it tied Karuna to the operation triangulation attacks and malware was deployed on thousands of Luxembourg government phones. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire airdrie. Today is the 27th of March and this podcast episode is brought to you by Authentic. In today's top story, the Russian government will use a custom crypto algorithm for its 5G mobile network. Phones sold in the country will have to support the NEA 7 encryption algorithm. Foreign algorithms such as AES will not be supported after 2032. Devices that do not support the local encryption setup will be unable to connect to Russia's 5G mobile network. In other news, Russia will expand the bandwidth of its national firewall system to 954 terabits per second. The upgrade will be rolled out by 2030 and will have more than double its current capacity. Russia's national firewall allows the government to censor traffic and prevent incoming cyber attacks. Hungarian opposition leader Peter Magyar has accused Prime Minister Viktor Orban of using spyware against the Tisa party. Magyar claims the country's intelligence services used Candiru to spy on the Conservative Party. The teaser party is expected to win the country's elections next month, ousting Auburn's party from power for the first time in two decades. Hong Kong police can now demand phone or computer passwords from suspects in national security investigations. Individuals who refuse can face up to one year in prison as well as fines. Additionally, suspects that provide misleading information during investigations face up to three years in prison. The new rules are part of an update to the city's National Security Law, which came into effect last week. The Indian government has ordered a national audit of CCTV systems. Local law enforcement has been tasked with physically checking cameras. They'll also need to ensure the networks have adequate access controls. The order comes after a Pakistani spy ring was caught hacking Indian CCTV systems and deploying their own cameras in some locations. At least 50 Israeli companies have been victims of data wiping incidents in recent weeks. According to Israel's national cyber authority, 20 different groups have been carrying out the attacks. They've been occurring amid the U S Israel military campaign against Iran. Israeli officials have warned that wiper attacks are likely to continue even after military action ends. The Dutch national police are investigating their own security breach after an employee fell for a phishing attack. Officials say they detected the attack immediately and disabled the intruders access. An investigation is underway to determine what data was accessed. Hackers have deployed malware to Luxembourg government mobile devices using the government's own MDM Solution. More than 4850 phones and tablets used by public sector workers were infected in late February, the country's digitalisation minister said. All devices have since been updated and secured. A ransomware attack has disrupted one of Spain's largest cargo ports. Vigo officials have disabled IT systems systems and are using pen and paper to keep operations going. Loading and unloading of cargo has not been disrupted. No ransomware group has claimed responsibility for the attack. Meantime, a cyber attack has disrupted the Puerto Rico Department of Transportation. The department has cancelled all upcoming appointments for vehicle registrations and driver's licences. Officials have not confirmed when bookings will reopen or whether the incident is ransomware related. A hacker has breached the stadium management system of Dutch soccer club Ajax Amsterdam. The hacker said they had the ability to modify ticket details and see supporters personal information. They leaked a list of individuals banned from matches to journalists. The club has since confirmed the incident. Google expects quantum computers to be able to break classic encryption by the end of the decade. The company has set a 2029 deadline to secure its products with post quantum cryptography. Chrome and Google Cloud already have post quantum protections in place. Android will have them later this year. A judge has dismissed a wrongful termination lawsuit filed by Meta's former head of security. Attala Baig sued the company last year. He accused Meta of firing him after he found privacy violations in WhatsApp. The UK has imposed sanctions on a Chinese online marketplace used by scam operations. Shinbi sold personal data to scammers, which was used to target their victims. It also sold satellite Internet equipment that allowed compounds to stay online after authorities cut their fibre connections. US authorities have extradited a developer of the Redline infostealer. Armenian national Hambad Zaminozyan was arraigned in a US court this week. He is accused of being part of a team that developed Redline, which was offered through a malware as a service platform. Authorities disrupted the infostealer in late 20. Russian authorities have arrested the administrator of the leak based hacking forum. The site was seized by US and European law enforcement in early March. The suspect was detained in the black seaport of Taganrog the day after the site was seized. Threat intel firm Keller linked a resident of Taganrog to leak base. A Chinese APT group has deployed advanced versions of the BPF door malware into telco networks. The attacks have been linked to a group tracked as Red Mention. The new Verified are more complex than the original backdoors discovered in 2021. Rapid7 described them as some of the most advanced malware its team has seen. And Finally, Kaspersky said it's linked the triangulation hacking campaign to the Karuna iOS exploit chain. The security company said it found similarities between the triangulation iOS kernel exploits and other components of the Karuna framework. The triangulation attacks employed 2.0days, which were also in Karuna's arsenal. And that is all for this podcast edition. Today's show was brought to you by Authentic. Find them@goauthentic IO that's authentic with a T I K. Thanks for your company.