Risky Bulletin

Belarus has been caught deploying spyware on journalists' phones, raising serious concerns for press freedom. France arrested a hacker linked to a major data breach affecting millions. In a curious case, a crew member installed malware on an Italian ferry, while Dutch authorities detained someone for bank fraud using facial ID tricks. North Korea continues to steal cryptocurrency on a massive scale, and cybersecurity issues are highlighted with new zero-day vulnerabilities in Cisco and SonicWall products. The podcast covers these alarming trends in cybersecurity and privacy.

Tom Uren, a policy and intelligence editor, dives deep into the troubling U.S. reliance on Chinese manufacturers for electrical grid equipment. He discusses the risks posed by Chinese hacking and the alarming intent behind recent PLA research aimed at grid sabotage. The conversation takes a turn as they explore the controversial U.S. involvement in cyberattacks on Venezuela's state oil company and critique the ineffectiveness of Russian state-backed hacktivism. Uren emphasizes the need for strategic mitigations and warns about the political misuse of security concerns.

Many smart devices are running outdated web browsers, leaving them vulnerable to attacks. Ukrainian hacktivists have reportedly breached a major Russian defense contractor, stealing sensitive data. Additionally, ransomware has disrupted operations at Venezuela's state-owned oil company. In a surprising twist, hackers are attempting to extort PornHub with stolen user data, claiming to hold 94GB of sensitive information. Other notable discussions include ongoing cybersecurity developments and new threats targeting user privacy.

Hamid Kashfi, CEO and founder of DarkCell, is a cybersecurity expert specializing in Iranian cyber espionage. He reveals the evolution of Iran's hacking scene, discussing how the regime's past suppression of domestic talent has transformed into a new focus on training and recruitment. Kashfi highlights the lax OPSEC culture among Iranian operators, the strategic handling of zero-days, and the integration of cyber capabilities with kinetic operations. He also shares insights on how Iran uses lessons from attacks like Shamoon and Stuxnet to improve their techniques.

Russia's recruitment of African freelancers for disinformation campaigns against the US and France is spotlighted. Meanwhile, the US may allow contractors to launch offensive cyber operations. Germany points fingers at Russia for a significant air traffic control hack. In cybersecurity news, Apple addresses urgent WebKit vulnerabilities, and South Korea proposes hefty fines for repeat data breach offenders. The podcast also touches on China's research into US power grid vulnerabilities, underpinning the global cybersecurity landscape.

In this conversation, Mark Orlando, Push Security's Field CTO and an expert in detection and response, shares insights on evolving browser-based attacks. He introduces ConsentFix, a unique attack that hijacks OAuth consent grants, and explains its sophisticated workings, including evasion of detection mechanisms. The discussion highlights browsers as blind spots, revealing the limitations of existing security models and the crucial need for modern taxonomies in combating phishing and in-browser threats. Orlando's research-driven approach aims to enhance community awareness and defenses.

The EU faces challenges in attracting and retaining cyber talent due to skills gaps and burnout. A massive security breach leads to the resignation of Coupang's CEO. Microsoft expands its bug bounty program, now covering third-party code vulnerabilities. Meanwhile, Ukraine showcases its hacking prowess by targeting Russian logistics, and a significant data exposure is revealed at Petco, affecting pet medical details. Additionally, multiple cyber attack indictments and security patches highlight ongoing vulnerabilities in digital infrastructure.

Linux is enhancing cloud security with PCIe encryption across major platforms. Europol recently arrested 193 individuals linked to violent crime facilitation. The International Criminal Court is now including cyber evidence in cases of genocide. In a separate incident, a massive data breach in South Korea led to police action against Kupang. Meanwhile, Cambodian authorities discovered a warehouse filled with SMS blasters. These stories highlight the ongoing battle against cybercrime and the innovative measures being taken to combat it.

Chinese APTs wasted no time exploiting the recently disclosed React2Shell vulnerability. The US response to telco hacking by China remains stalled, prioritizing trade over security. The hunt for a CISA director continues as the NSA faces significant staff reductions. Meanwhile, India has scrapped its mandatory cybersecurity app after backlash. In other news, unauthorized transactions linked to Gmarket and a significant data leak from Nonsec raise alarms, while a teen's hacking exploits using AI showcase the evolving threat landscape.

Tom Uren, a cyber policy analyst and author of the Seriously Risky Business newsletter, joins to discuss a new framework outlining seven 'red flags' for assessing cyber operations. They explore Iran's use of cyber intelligence for missile strikes and the implications of political interference in elections. The conversation dives into the significance of corporate disclosure amid evolving state cyber activities, and they express skepticism about China's claims of being a responsible cyber actor. This engaging dialogue sheds light on the complexities of modern cyber warfare.