Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:04
Cisco patches two zero days used
0:06
by a state-backed group. The
0:09
Plug X USB worm has infected two and
0:11
a half million devices. Hackers
0:13
leak the source code of El Salvador's
0:15
crypto wallet service. And the
0:18
US takes down another crypto mixing service.
0:21
This is Risky Business News prepared by
0:23
Katelyn Kimpano and read by me, Patrick
0:25
Gray. And I'm filling in for Clare
0:27
aired. Today is April 26th
0:30
and this podcast episode is brought to
0:32
you by Trail of Bits. Cisco
0:35
has released patches for two zero-day
0:37
vulnerabilities in its ASA firewalls. The
0:40
company says the bugs have been used in
0:43
the wild since early January by a suspected
0:45
state-backed actor. They were
0:47
exploited as part of a wider
0:49
cyber espionage campaign targeting devices from
0:51
other vendors and Microsoft Exchange email
0:53
servers. The campaign targeted
0:56
government networks across the globe. Cisco
0:59
and cybersecurity agencies from the Five
1:01
Eyes countries have released security advisories
1:03
on how to secure and investigate
1:06
ASA devices. The company
1:08
has not linked the attackers to
1:10
any specific foreign adversary. US
1:14
authorities and Europol have taken
1:16
down cryptocurrency mixing service Samurai
1:18
Wallet. The service allegedly
1:20
helped criminals launder more than $100 million
1:23
worth of assets from hacks, phishing
1:25
operations and illegal dark web markets.
1:28
The site's two founders were arrested in
1:30
Portugal and the United States. Authorities
1:34
say the two founders invited users to launder
1:36
funds through their site on social media. They
1:39
also taunted law enforcement about their
1:41
activities. In the aftermath of
1:43
the takedown, the FBI also warned Americans
1:46
not to use these types of services.
1:48
The Bureau says users risk losing
1:50
access to their funds when takedowns
1:52
happen. French
1:55
security firm Sequoia has sync-hulled one of
1:57
the command and control servers used by
1:59
the plug-ins. Us be one. Almost
2:01
one hundred thousand infected devices are
2:03
still checking the server for instructions
2:05
on a daily basis. The company
2:07
says that over a period of
2:10
six months had saw more than
2:12
two point five million unique devices
2:14
contacted server. Sequoia says the malware
2:16
supports the remote on install option.
2:19
The. Company has offered to help national
2:21
search teams perform what it has
2:23
described as a sovereign disinfection of
2:25
each country's Ip space. A
2:28
hacker has leaked the source code of
2:30
Cheaper Wallet, the Official State Crypto Currency
2:32
Wallet and Eight Cm platform in El
2:35
Salvador. This lake is
2:37
the latest in a long list
2:39
of hacks in El Salvador by
2:41
the group Cyber Intelligentsia As the
2:43
the same hackers previously late the
2:45
personal data of five point one
2:47
million Salvadorans that lake accounted for
2:49
most of the country's adult population.
2:53
Smartphone maker. Nothing has concerned a security
2:55
breach of it's online community forum. The
2:57
breach took place in Twenty Twenty Two,
3:00
but time to like this week after
3:02
some Nothing customers spotted their daughter online.
3:04
The company says the bridge took place
3:07
after a threat actor exploited a bug
3:09
in it's forum to collect user data
3:11
such as names and emails. Nothing says
3:14
that only two thousand users were impacted
3:16
and that no passwords were exposed in
3:18
the hat. Cure.
3:21
Him researchers have linked recent De
3:23
Dos attacks against Russian independent media
3:25
outlet Medusa to the infrastructure of
3:27
three residential proxy providers. It's the
3:30
most recent of the attacks took
3:32
place on April Fifteen and lasted
3:34
forty eight hours. The attacks were
3:37
linked to plane proxies, mean proxy,
3:39
and rapid seed box. Curious says
3:41
the same providers were also behind
3:44
coordinated De Dos attacks on independent
3:46
Hungarian news sites last year. A
3:50
Florida course has sentenced a sixty year
3:52
old man to four years in prison
3:54
for helping A B C gang warned
3:56
us stolen money they sell your bottles
3:59
Garcia Jr. laundered. More than two
4:01
point three million dollars for a
4:03
Nigerian gang involved in bc and
4:05
romance scams. Officials say Garcia converted
4:07
stolen funds to Bitcoin and sent
4:10
the funds to his coconspirators in
4:12
Nigeria. Check
4:14
and Ukrainian law enforcement A have
4:16
disrupted a criminal call center in
4:18
the Ukrainian city of Odessa. Us
4:21
officials say the call center was
4:23
involved in phone call scans. The
4:25
targeted and defrauded Check Citizens Call
4:27
Center employees posed as check banks
4:29
and tricked victims into installing remote
4:31
access software on their devices. Officials
4:34
say the group stole money from
4:36
check bank accounts and transfer the
4:38
funds to Ukraine with a cast
4:40
out through local A T M's.
4:43
Security researcher Pierre Kim
4:45
has found eighteen vulnerabilities
4:48
in brocade Sand as
4:50
appliances. Kim. Report of the
4:52
issues to Broad Com in September
4:54
Twenty twenty three, but only half
4:56
were patched and received see the
4:58
identifies. The vulnerabilities allow for compromise
5:00
of Sat Nav devices. They vary
5:02
from the use of hard coded
5:04
Ssh keys to the improper use
5:06
of encryption. Get
5:09
Hub says that ninety five percent
5:11
of users who contribute card to
5:13
the platform have now enabled multifactor
5:16
authentication for their accounts. The company
5:18
made em if a mandatory for
5:20
card contributions last year. Pass
5:22
case or a spike in adoption after support
5:24
was added while as him as use fell
5:27
by twenty five percent. Google
5:30
has delayed the phase out of third
5:32
party cookies from it's Chrome browser until
5:34
early Twenty Twenty Five. The company delayed
5:36
the removal at the request of Uk
5:39
authorities. Support for third party cookies was
5:41
supposed to be removed from prime at
5:43
the end of the year. And
5:47
that's all for this podcast addition. Tonight show
5:49
was brought to you by our sponsor Trail
5:51
of Bits and you can find them at
5:53
Tribal states.com. By. For now.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More