Risky Bulletin: Signal threatens to leave Sweden over backdoor request - Risky Bulletin

Summary5 min read

Risky Bulletin: Signal Threatens to Leave Sweden Over Backdoor Request

Hosted by Claire Aird | Released on February 26, 2025

1. Signal's Stand Against Swedish Surveillance Bill

Timestamp: [00:04]

In the episode's opening, Claire Aird delves into a significant development concerning the secure messaging platform, Signal. Meredith Whittaker, President of the Signal Foundation, has issued a stern warning: "Signal will leave Sweden if the government passes the new surveillance bill" (00:10). The proposed legislation mandates that communication providers grant police and security services access to message content, effectively introducing a backdoor into the platform. Whittaker emphasized the global implications, stating, "Such a backdoor would undermine Signal's entire network and its users worldwide" (00:25). This isn't the first instance of Signal taking a stand against governmental overreach; in 2023, the app also threatened to exit Sweden should backdoors become a requirement under the nation's Online Safety Act.

2. EU Sanctions North Korean General Lee Chang Ho

Timestamp: [00:45]

Turning to international espionage, the European Union has imposed sanctions on General Lee Chang Ho, commander of North Korea's intelligence service. Claire highlights that Lee is implicated in orchestrating cyber attacks, including those linked to notorious groups like Lazarus and Kim Suki APTs (00:50). The sanctions are part of the EU's broader strategy to counteract North Korea's involvement in the Ukraine conflict, positioning Lee among several North Korean officials targeted for their roles in cyber warfare.

3. Australia's Ban on Kaspersky Products

Timestamp: [01:15]

Australia has taken decisive action against cybersecurity threats by banning the use of Kaspersky products on all government IT systems. Claire reports, "Government agencies must uninstall existing Kaspersky software by April" (01:20). This move aligns with similar bans previously enacted by the US and UK in 2017, and Canada in 2023, citing risks of foreign interference and potential vulnerabilities introduced by the software.

4. Google's Transition to QR Codes for Gmail Authentication

Timestamp: [01:45]

In a bid to enhance security, Google plans to replace SMS-based two-factor authentication for Gmail with QR code scanning. As Claire explains, "Users will be prompted to scan a QR code with their phone when logging in or creating a new Gmail account" (01:50). This shift aims to mitigate threats like SIM swapping and SMS traffic pumping schemes, with the new feature expected to roll out in the upcoming months.

5. Meta Alerts Italian Priest of Government Spyware Attack

Timestamp: [02:15]

Meta has raised alarms regarding targeted spyware attacks on Father Mattia Ferrari, an Italian priest serving on a migrant rescue ship. Claire notes, "Earlier this month, Ferrari was among 90 victims targeted with SpyW, developed by Israel-based Paragon Solutions" (02:20). The revelation came after Meta's WhatsApp team uncovered the surveillance attempt, leading Paragon Solutions to sever ties with the Italian government amidst heightened concerns over privacy and data security.

6. Orange Telecommunications Suffers Security Breach

Timestamp: [02:45]

Claire reports a significant security breach at Orange, a major French telecommunications company. Hackers have published internal documents, user records, and employee data on an underground forum, primarily originating from Orange's Romanian subsidiary (02:50). The breach was executed by individuals affiliated with the Hellcat ransomware group, following a failed extortion attempt.

7. Ransomware Attacks Target Namibian Telcos

Timestamp: [03:15]

In Namibia, telecommunications provider Paritas has fallen victim to a ransomware attack by the Akira ransomware gang, which exfiltrated over 84 gigabytes of data (03:20). This incident marks the second recent telco-related breach in the country, with Telecom Namibia previously targeted by the Hunters International Group in December.

8. US Department of Housing and Urban Development Screen Hack

Timestamp: [03:45]

A peculiar cyber incident occurred at the U.S. Department of Housing and Urban Development, where TV screens were hijacked to display an AI-generated video of President Donald Trump kissing Elon Musk's feet (03:50). Claire describes the event as an unrelated prank coinciding with the end of the department's Work from Home program, leaving employees bewildered and scrambling to disconnect the looping video.

9. Mississippi Ruling on Law Enforcement's Use of Cell Tower Logs

Timestamp: [04:15]

A landmark decision in Mississippi prohibits law enforcement agencies from utilizing cell tower logs—a technique known as tower dumping—to identify nearby phones during criminal investigations (04:20). Claire highlights that this ruling comes six months after the 5th Circuit Court of Appeals declared broad geofence warrant searches unconstitutional, reinforcing privacy protections against intrusive surveillance methods.

10. FTC Settles with Avast Antivirus Over Data Misuse

Timestamp: [04:45]

The Federal Trade Commission (FTC) has reached a settlement with Avast antivirus, resulting in refunds of up to $16.5 million to 3.7 million customers (04:50). Claire notes, "US users have until June 5th to claim the refund," following revelations that Avast unlawfully sold personal data, prompting the legal action.

11. Cyberattacks on Ukrainian Notary Offices

Timestamp: [05:15]

Ukraine is witnessing a surge in cyberattacks targeting notary offices, with malicious groups infiltrating government databases to alter information (05:20). Claire explains that CertUkraine attributes these attacks to financially motivated entities selling services that modify official records, exacerbating vulnerabilities within the nation's legal infrastructure.

12. Botnet Launches Password Spraying on Microsoft 365 Accounts

Timestamp: [05:45]

A formidable botnet comprising over 130,000 devices is actively conducting password spraying attacks on Microsoft 365 accounts, leveraging Microsoft's basic authentication to bypass multi-factor authentication prompts (05:50). The botnet, derived from Mirai malware, utilizes stolen credentials and is linked by Security Scorecard to China-affiliated threat actors.

13. Malware Gang Exploits Vulnerable Drivers for Privilege Escalation

Timestamp: [06:15]

Researchers at Check Point have identified a malware campaign where gangs exploit outdated drivers to gain system privileges and disable security measures (06:20). Ironically, the compromised driver originates from Rogue Killer, a tool intended to eradicate malware, with the majority of victims situated in Asia, particularly China.

14. Closure of Israeli Cybersecurity Firm Skybox Security

Timestamp: [06:45]

In a surprising turn, Skybox Security, an Israeli company specializing in continuous exposure management, has ceased operations and laid off all 300 employees (06:50). Claire shares that the company, founded in 2002 and having raised $280 million, sold its platform to another Israeli cybersecurity firm, Toughen, before shutting down.

This episode of Risky Bulletin provided a comprehensive overview of recent cybersecurity developments, highlighting the persistent tensions between privacy and governmental surveillance, the ongoing battle against sophisticated cyber threats, and significant shifts within the cybersecurity industry itself.

For more insights and updates, listeners are encouraged to tune into future episodes of Risky Bulletin.

Loading summary

Transcript1 lines

[00:04]
Claire Aird
Signal threatens to leave Sweden over a backdoor request the EU sanctions A North Korean general linked to two APTS Australia bans Kaspersky products on government systems and Google will use QR codes for Gmail authentication. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 26th of February and this podcast episode is brought to you by Vulnerability Management, Management and Analysis platform Nucleus Security. In today's top story, Signal Foundation President Meredith Whittaker says the secure messaging app will leave Sweden if the government passes a new surveillance bill. The proposed bill would force communication providers to allow police and security services access to message content. Speaking to Swedish television, Whittaker said that such a backdoor would undermine its entire network and its users globally. In 2023, Signal threatened to leave the if the government there mandated backdoors in its Online Safety Act. In other news, the European Union has imposed sanctions on North Korean army general Lee Chang Ho, who heads the country's intelligence service. EU officials say Lee commanded North Korean soldiers in Ukraine and previously led cyber attack units such as the Lazarus and Kim Suki Apts. Lee was one of several North Koreans included in the EU's latest round of sanctions against Russia over its war in Ukraine. Australia has banned the use of Kaspersky products on government IT systems. Government agencies must uninstall existing Kaspersky software by April, officials said. The software puts Australian government networks at risk of foreign interference. Kaspersky was banned on US and UK government systems in 2017. Canada banned it in 2023. Google will ditch SMS messages in favour of QR codes as a second factor for Gmail logins. Forbes has reported that users will be prompted scan a QR code with their phone when logging in or creating a new Gmail account. The change will aim to counter sim swapping and SMS traffic pumping schemes. No date has been given for the launch, but it's scheduled to arrive over the next few months. Meta has warned an Italian priest that he was targeted with government spyware. Father Mattia Ferrari serves as chaplain on a migrant rescue ship owned by an NGO. Earlier this month, the NGO's founder was reported to be one of 90 victims targeted with SpyW, made by the Israel based company Paragon Solutions. The attacks were initially revealed by Meta's WhatsApp team. Paragon Solutions cut off the Italian government's access to its surveillance tools after several Italian activists received Meta's alerts. French telecommunications giant Orange has confirmed a security breach after hackers published internal data on an underground hacking forum Orange said the breach exposed internal documents, user records and employee data. Most of the data is from the company's Romanian subsidiary. The hacker published the data after an unsuccessful extortion attempt. The attacker is affiliated with the Hellcat ransomware group and staying with telcos. A ransomware gang has breached the network of Namibian telecommunications provider Paritas. The company said hackers stole more than 84 gigabytes of data during the attack last week. The Akira ransomware gang has taken credit. This is the second recent telco attack in the country. Telecom Namibia was ransomed by the Hunters International Group in December. TV screens at the U.S. department of Housing and Urban Development were defaced on Monday to show an allegedly AI generated video of President Donald Trump passionately kissing Elon Musk's feet. Employees were greeted with the video when returning to the office after the department's Work from Home program ended, which is unrelated. I'm sure staff couldn't figure out how to stop the video loop and had to go floor to floor unplugging each screen. A Mississippi judge has ruled that law enforcement agencies cannot use cell tower logs to identify nearby phones. The technique, commonly called tower dumping, is used to correlate a person's presence during criminal activity nearby. It's regularly used by law enforcement across the U.S. the ruling came six months after the 5th Circuit Court of Appeals deemed that broad searches through geofence warrants were also alleged legal and unconstitutional. The ofTC has emailed 3.7 million Avast antivirus customers to let them know they're eligible for refunds from the company. Avast agreed to refund up to $16.5 million in a settlement with the FTC last year after the company illegally sold its customers personal data. US users have until June 5th to claim the refund. A financially motivated group is hacking notary offices in Ukraine and making changes to government databases. The country's cert agency says the attacks, targeting Ukrainian notaries with malware have ramped up since January. CertUkraine believes the group behind the attacks sells a service to modify information in government databases. A botnet of over 130,000 devices is password spraying Microsoft 365 accounts. The botnet uses Microsoft's basic authentication feature to evade multi factor authentication prompts. The botnet's code is derived from the Mirai malware and is using credentials stolen by infostealers. Security Scorecard has linked the campaign to threat actors affiliated with China. A malware gang behind a large scale campaign is using a vulnerable driver to escalate privileges on targeted systems, according to researchers at Checkpoint. The group uses the old driver to gain system privileges on infected hosts and disable antivirus and EDR products. The campaign installs an old driver from Rogue Killer, a security tool designed to remove rootkits and malware, which is kind of ironic. Anyway, Check Point says the victims are located in Asia, with three quarters of them in China. And finally, Israeli cybersecurity company Skybox Security has shut down and laid off all 300 employees. The company developed a continuous exposure management platform, which it sold to fellow Israeli cybersecurity company Toughen before shutting down. Skybox was founded in 2002 and raised $280 million over its lifespan. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Nucleus Security. Find them at nucleusec. Com. Thanks for your company.