← Risky Bulletin
Loading summary
Transcript1 lines
- [00:04]
Claire Airdrop
2 billion ESIMs receive crucial security patches China's cyber militias go on the offensive, Four Scattered Spider members detained over UK retail attacks and a Russian basketball player is arrested in a ransomware case. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire airdrop. Today is the 11th of July and this podcast episode is brought to you by Knock Knock Security updates have been shipped to fix vulnerabilities in more than 2 billion ESIMs from software company Qgen. The vulnerabilities impact Keygen's EUICC, a software package used by mobile network operators to implement virtual SIM cards. The bugs allow attackers to clone ESIMs and intercept mobile communications. Exploitation required initial physical access to each device, although the researchers theorised an over the air vector. The Security Explorations team discovered the bugs and received a $30,000 reward from Keygen for the report. In other news, four members of the Scattered Spider group have been arrested in the UK over recent cyber attacks against major retailers. The attacks on Marks and Spencer Co Op and Harrods began in April. Three suspects include three Britons and one Latvian. All all four live in the UK and are aged between 17 and 20. French authorities have arrested a Russian basketball player for his alleged role in ransomware attacks. Daniil Kasatkin was arrested in June at the request of US authorities. He was detained at the Charles du Gaulle Airport in Paris. The US claims Kasatkin helped negotiate ransoms for an unnamed ransomware gang. Kasatkin's lawyer, Daniel, denied the charges and claimed his client has no technical skills. The Chinese government is operating at least 136 cyber militia units. The units are staffed by civilians tasked with the cyber defence of critical infrastructure. Beijing may also use the units for offensive operations. According to documents uncovered by Margin Research, private cybersecurity firms Antilabs and Chihu360 have also established cyber militia units. Mexican authorities are investigating the country's former president for allegedly taking bribes from the spyware industry. Enrique Pena Nieto is accused of receiving $25 million from two Israeli businessmen during his 2012 presidency. Nieto allegedly helped the NSO group secure contracts worth $60 million with several Mexican government organizations. German authorities are investigating cyber intrusions at two contractors for the country's army. Both incidents took place in June and it's unclear if sensitive information was compromised. The victims were an IT company involved in satellite communications and an engineering firm that was contracted to build a command centre. Authorities believe the hackers are Russian cybercriminals. An Iranian apt group has hacked journalists from an independent UK news outlet and leaked their Telegram chats. Iran International says its reporters were hacked in 2024 and again in January this year. The news organisation, which operates out of London, linked the hacks to a group known as Banished Kitten Security Researchers have discovered two vulnerabilities in an AI chatbot used by McDonalds for recruitment. The first issue was a default admin account with the username and password of and you guessed it 123456. Once logged in, a direct object reference vulnerability could be used extract data which included the personal information of more than 64 million applicants. The chatbot vendor says the issue has been resolved. Hackers have stolen $42 million worth of assets from the GMX cryptocurrency exchange. The attacker leveraged a weakness in a smart contract to drain the exchange's funds. GMX offered to let the hacker keep 10% if they returned the rest. Meanwhile, a hacker has stolen the Personal data of 26,000 cryptocurrency ATM users from Bitcoin Depot. The data was stolen last month and includes details such as names, driver licence numbers and contact information. Bitcoin Depot operates more than 8,000 ATMs across North America. The European Commission has given approval to relax GDPR rules. The European Data Protection Board and European Data Protection Supervisor have accepted a recent EU proposal to reduce the administrative burden on small and medium businesses. The proposal reduces record keeping requirements for companies with fewer than 750 employees. Previously, this threshold was set at 250 employees. The Dutch government will renew a grant program assisting small businesses to acquire cybersecurity products and services. The My Cyber Resilient Business Grant ran as a pilot in 2020. Last year more than 1,300 companies applied for funds. Dutch companies have until the end of October to apply. A single company can receive up to €1,250. The Russian Duma has rejected a proposal to legalise vulnerability research. Officials said the bill didn't address the needs of critical infrastructure and the necessary changes to criminal law. A new proposal is under development. Russian officials have been working on legalising vulnerability research and disclosure since 2022. Pakistani authorities have detained 149 suspects linked to online fraud and hacking operations. They were arrested following a raid in the city of Faisalabad. One third of those arrested are Chinese nationals. A ransomware group has re emerged after two years of inactivity to leak the internal comms of a rival gang. The ransomed VC group leaked the Medusa gang's after one of Medusa's Admins deleted its affiliate chat system. Ransomed VC claims Medusa may be exit scamming or have been compromised by law enforcement. Four vulnerabilities in a popular Bluetooth software stack can be chained together to run malicious code on cars. The attack impacts The Open Synergy BlueSDK framework that's used in cars from Mercedes Benz, Volkswagen and Skoda. Exploiting the vulnerabilities requires at least one user interaction during the pairing process. Successful exploitation allows attackers to extract data from a vehicle or use the microphone to eavesdrop. OpenSynergy released patches last September, but not all carmakers have deployed them yet. Ruckus Wireless has failed to patch nine vulnerabilities in its Wi Fi and network management products. The issues include authentication, bypass hard coded secrets and unauthenticated remote code execution. They impact Ruckus Virtual Smart Zone and the Network Director platforms. Researchers recommend blocking access to the two products management interfaces until the issues are patched. Threat actors are exploiting a recently disclosed vulnerability in Wing FTP servers. The vulnerability allows attackers to bypass authentication on the FTP server's web interface by appending a null byte to the username, according to Huntress Labs. The attacks began a day after the vulnerability was publicly disclosed. And finally, a US Court has struck down a rule that required companies to simplify cancelling subscriptions. The Click to Cancel rule passed last year during the final weeks of the Biden era. Federal Trade Commission legal experts expected the rule to be challenged due to the hurried rulemaking process. And that is all for this podcast edition. Today's show was brought to you by Knock Knock. Find them at knocknock IO. Thanks for your company, Sam.