Risky Bulletin: Two Billion eSIMs Receive Crucial Security Patch
Hosted by Risky.biz
Release Date: July 11, 2025
In the latest episode of Risky Bulletin, hosted by Claire Airdrop and prepared by Catalyn Kim Panu, the Risky Business team delves deep into the most pressing cybersecurity developments. This comprehensive summary captures the key discussions, insights, and conclusions presented during the episode.
1. Massive eSIM Security Patch
Timestamp: [00:04]
Claire opens the bulletin with significant news about the cybersecurity landscape affecting mobile communications:
"Security updates have been shipped to fix vulnerabilities in more than 2 billion eSIMs from software company Qgen."
The vulnerabilities in Keygen's EUICC software package posed a substantial threat, allowing attackers to clone eSIMs and intercept mobile communications. Although exploitation required initial physical access, researchers speculated the possibility of an over-the-air attack vector. The timely discovery by the Security Explorations team earned Keygen a $30,000 reward, underscoring the importance of vigilant cybersecurity practices.
2. Global Cybercriminal Arrests
a. Scattered Spider Group Members Detained in the UK
Timestamp: [00:04]
Claire reports the arrest of four individuals associated with the Scattered Spider cybercriminal group:
"Four members of the Scattered Spider group have been arrested in the UK over recent cyber attacks against major retailers."
Targeting prominent retailers like Marks and Spencer, Co Op, and Harrods since April, the group comprised three British nationals and one Latvian, all aged between 17 and 20. Their arrests mark a significant step in combating cyber threats targeting the retail sector.
b. Russian Basketball Player Arrested in Ransomware Case
Timestamp: [00:04]
Highlighting international cooperation in cybercrime investigations, Claire states:
"French authorities have arrested a Russian basketball player for his alleged role in ransomware attacks."
Daniil Kasatkin was detained at Charles de Gaulle Airport in Paris upon the request of US authorities. Accused of negotiating ransoms for an unidentified ransomware gang, Kasatkin's defense, led by his lawyer Daniel, vehemently denied the charges, claiming his client lacks the technical expertise purportedly required for such operations.
c. Accusations Against Former Mexican President
Timestamp: [00:04]
In a startling revelation, Claire discusses allegations against former Mexican President Enrique Peña Nieto:
"Mexican authorities are investigating the country's former president for allegedly taking bribes from the spyware industry."
Nieto is accused of receiving $25 million from Israeli businessmen in 2012, facilitating NSO Group in securing $60 million in contracts with various Mexican government bodies. This case underscores the intricate ties between political figures and cybersecurity enterprises.
d. Pakistani Authorities Raid Cyber Fraud Network
Timestamp: [00:04]
Claire covers the crackdown on online fraud and hacking operations in Pakistan:
"Pakistani authorities have detained 149 suspects linked to online fraud and hacking operations."
The extensive raid in Faisalabad resulted in the apprehension of individuals, including a significant number of Chinese nationals, highlighting the transnational nature of cybercrime networks.
3. State-Sponsored Cyber Militia Units
Timestamp: [00:04]
Claire shifts focus to the militarization of cybersecurity efforts:
"The Chinese government is operating at least 136 cyber militia units staffed by civilians tasked with the cyber defence of critical infrastructure."
These units may also engage in offensive operations, as suggested by documents from Margin Research. Additionally, private cybersecurity firms like Antilabs and Chihu360 have ventured into establishing their own cyber militia units, indicating a growing trend of privatizing state-like cyber defense mechanisms.
4. Cyber Intrusions and Data Breaches
a. German Army Contractors Targeted
Timestamp: [00:04]
German authorities are probing cyber intrusions at two army contractors:
"Both incidents took place in June and it's unclear if sensitive information was compromised."
The victims include an IT company specializing in satellite communications and an engineering firm responsible for building a command center. Initial investigations point towards Russian cybercriminals, reflecting ongoing tensions and cyber espionage activities.
b. McDonald's AI Chatbot Vulnerabilities
Timestamp: [00:04]
A concerning breach in McDonald's recruitment process was uncovered:
"Researchers have discovered two vulnerabilities in an AI chatbot used by McDonald's for recruitment."
The first flaw involved a default admin account with an easily guessable password, while the second was a direct object reference vulnerability that exposed personal information of over 64 million applicants. The chatbot vendor has since addressed these issues, but the scale of data exposed raises alarms about the security of AI-driven platforms.
5. Cryptocurrency Security Incidents
a. GMX Cryptocurrency Exchange Heist
Timestamp: [00:04]
The cryptocurrency sector faced a significant setback as hackers stole $42 million from GMX:
"Hackers have stolen $42 million worth of assets from the GMX cryptocurrency exchange."
The breach exploited a vulnerability in a smart contract, allowing attackers to drain funds. Interestingly, GMX proposed letting the hacker retain 10% if the remainder was returned, a strategy reflecting the complex negotiations often seen in cryptocurrency theft cases.
b. Bitcoin Depot Data Breach
Timestamp: [00:04]
User data at risk as Bitcoin Depot experiences a breach:
"A hacker has stolen the personal data of 26,000 cryptocurrency ATM users from Bitcoin Depot."
Stolen in the previous month, the data includes sensitive information such as names, driver's license numbers, and contact details, affecting over 8,000 ATMs across North America. This incident highlights the vulnerabilities inherent in cryptocurrency infrastructures.
6. Regulatory and Policy Updates
a. EU GDPR Rules Relaxed for SMEs
Timestamp: [00:04]
In a move to ease administrative burdens, the European Commission has approved relaxed GDPR rules:
"The European Data Protection Board and European Data Protection Supervisor have accepted a recent EU proposal to reduce the administrative burden on small and medium businesses."
The new regulation increases the employee threshold from 250 to 750 for record-keeping requirements, providing relief to numerous small businesses while maintaining data protection standards.
b. Dutch Government Cybersecurity Grants Renewed
Timestamp: [00:04]
Support continues for small businesses in the Netherlands:
"The Dutch government will renew a grant program assisting small businesses to acquire cybersecurity products and services."
The My Cyber Resilient Business Grant, pending applications until the end of October, offers up to €1,250 per company. Last year's pilot saw over 1,300 applications, demonstrating substantial demand for cybersecurity enhancements among Dutch enterprises.
c. US Court Strikes Down Click to Cancel Rule
Timestamp: [00:04]
A significant regulatory change in the US impacts subscription services:
"A US Court has struck down a rule that required companies to simplify cancelling subscriptions."
The Click to Cancel rule, introduced during the final weeks of the Biden administration, faced legal challenges due to its rushed implementation. Federal Trade Commission legal experts had anticipated such pushback, reflecting ongoing tensions between regulatory bodies and business practices.
7. Vulnerabilities in Technology Products
a. Bluetooth Vulnerabilities in Automotive Systems
Timestamp: [00:04]
Security flaws threaten modern vehicles:
"Four vulnerabilities in a popular Bluetooth software stack can be chained together to run malicious code on cars."
Targeting the Open Synergy BlueSDK framework used by brands like Mercedes Benz, Volkswagen, and Skoda, these vulnerabilities require user interaction during pairing. Successful exploitation could allow attackers to extract vehicle data or eavesdrop via the microphone. Although patches were released in September, not all manufacturers have implemented them, leaving many vehicles at risk.
b. Ruckus Wireless Product Flaws
Timestamp: [00:04]
Networking products remain vulnerable:
"Ruckus Wireless has failed to patch nine vulnerabilities in its Wi-Fi and network management products."
Issues such as authentication bypasses, hard-coded secrets, and unauthenticated remote code execution affect the Ruckus Virtual Smart Zone and Network Director platforms. Researchers advise blocking access to management interfaces until patches are applied to mitigate potential threats.
c. Wing FTP Server Exploits
Timestamp: [00:04]
FTP servers are under attack:
"Threat actors are exploiting a recently disclosed vulnerability in Wing FTP servers."
The vulnerability allows attackers to bypass authentication on the FTP server's web interface by appending a null byte to the username. Exploits began rapidly after the vulnerability's public disclosure, emphasizing the need for timely patching and vigilant monitoring of network services.
8. Emerging Ransomware Tactics
Timestamp: [00:04]
Ransomware gangs are evolving their strategies:
"A ransomware group has re-emerged after two years of inactivity to leak the internal comms of a rival gang."
The Ransomed VC group targeted the Medusa gang by leaking their communication after one of Medusa's admins deleted its affiliate chat system. This move suggests possible exit scamming or law enforcement interference, illustrating the dynamic and adversarial nature of cybercriminal interactions.
Conclusion
Claire Airdrop wraps up the episode by reinforcing the critical nature of staying informed in the ever-evolving cybersecurity landscape. From massive security patches and international arrests to regulatory changes and emerging threats, this bulletin provides a thorough overview for professionals and enthusiasts alike.
For more detailed discussions and the latest updates, subscribe to Risky Bulletin and stay ahead in the cybersecurity realm.