Episode Transcript
Transcripts are displayed as originally observed. Some content, including advertisements may have changed.
Use Ctrl + F to search
0:04
The US has imposed visa travel restrictions on
0:06
13 individuals linked to
0:08
spyware, the Polish military used spyware
0:10
against female officers, Russian hackers used
0:13
a secret Windows Zero Day for
0:15
years, and the US charges and
0:17
sanctions for Iranian hackers. This
0:20
is Risky Business News, prepared by Katelyn
0:22
Kompanu and read by me, Katelyn Soory.
0:25
Today is April 24th and this podcast episode
0:27
is brought to you by Trail of Bits.
0:32
The US government has imposed visa restrictions on
0:34
13 individuals involved in the
0:36
development and sale of commercial spyware.
0:39
The visa ban applies to the individuals and
0:41
their immediate family members such as spouses and
0:43
children. The State Department has not released
0:45
their names. This marks the
0:47
first time the US State Department has
0:50
imposed visa restrictions related to spyware. It
0:52
announced its intention to do so at the start of
0:55
February this year. The
0:57
Polish military police used the Pegasus spyware
0:59
to spy on two female officers who
1:02
reported sexual harassment by their superiors. Military
1:05
police officials used Pegasus 78 times
1:07
in the last seven years against
1:10
female employees. Polish prosecutors
1:12
are currently investigating the previous government's use
1:14
of the Pegasus spyware. So
1:16
far, officials have notified 578
1:18
individuals they have been targeted
1:20
with the spyware. A
1:23
Spanish court has reopened a probe into a
1:25
suspected Pegasus infection of the country's Prime Minister
1:27
in 2022. The
1:30
judge reopened the case at the request of French
1:32
officials. According to the Associated
1:35
Press, French investigators claimed to have new
1:37
evidence to advance the investigation. The
1:39
French government previously found traces of the
1:41
Pegasus spyware on the devices of President
1:43
Emmanuel Macron and several ministers in 2021.
1:48
The US government has charged four
1:50
Iranian nationals for cyberattacks against
1:52
US organisations. Officials say
1:54
the four suspects work for two front companies
1:56
controlled by the cyber arm of the Iranian
1:59
Islamic Revolutionary Guard. core. The
2:01
four are accused of hacking more than a dozen
2:03
US companies and the US Departments of Treasury
2:05
and State. The Treasury Department has
2:07
sanctioned the four individuals as well as the
2:09
two front companies. The US State Department
2:11
is also offering a $10 million reward
2:13
for information on the group. US
2:16
officials say one of the front companies has been
2:18
associated with multiple Iranian APT
2:20
groups, including Tortoiseshell. Russian
2:24
hacking group Forest Blizzard has been quietly
2:26
using a zero-day in the Windows Print
2:28
Spooler service for almost three years. The
2:30
tool is named Goose Egg and has
2:32
been used in attacks since April 2019.
2:34
Russian hackers use Goose
2:37
Egg to elevate privileges and steal
2:39
credentials on already compromised networks. Microsoft
2:42
patched the bug behind the tool in
2:44
October 2022 but only recently discovered
2:46
the attacks. North
2:49
Korean hacking groups have breached at least 10 South
2:51
Korean defense companies in the last year and a
2:53
half. South Korea's Police Force says
2:55
the hacked companies were unaware of the breaches
2:58
until they were notified by authorities. Officials
3:00
linked intrusions to North Korean groups such
3:02
as Indariel, Lazarus and Kimsugi. Brazilian
3:07
authorities are investigating a breach of
3:09
the country's Integrated Financial Administration system,
3:11
also known as CFE. The Brazilian
3:13
government uses CFE to pay contracts
3:15
and employees. Local media reports
3:18
that hackers phished CFE employees and then
3:20
used the accounts to steal government funds.
3:23
The hackers are believed to have stolen at least
3:25
three and a half million Brazilian HIEs or about
3:28
US$700,000. Reports
3:30
claim the hackers compromised as many
3:32
as 17 CFE accounts. Medical
3:36
Diagnostic Service, SINLAB, says that a ransomware
3:38
attack has crippled the operations of its
3:40
Italian branch. The breach took place last
3:42
week and the company shut down all IT systems
3:45
as a result. The company operates more
3:47
than 380 medical labs across Italy. No ransomware
3:51
group has taken credit for the incident so
3:53
far. The company's French division was a victim
3:55
of the clock gang's move at Hacking Spree
3:58
last year. The
4:00
Greek Data Protection Agency has signed the
4:02
country's postal service 3 million euro for
4:05
a security breach that leaked customer data.
4:07
The Vice Society Ransomware Gang breached Elta in
4:09
March 2022. The
4:12
group leaked the company's data on the dark web
4:14
after it failed to extract the ransom. Leaked
4:17
data included customer and employee personal
4:19
information. The Greek Data
4:21
Protection Agency investigated Elta and found the
4:23
company failed to adequately protect the data.
4:27
A North Korean cloud server was
4:29
left exposed on the internet last
4:31
year and leaked animation-related projects. The
4:34
exposed files suggest that Western Studios
4:36
might have inadvertently hired North Korean
4:38
animators for their projects. According
4:40
to the leaked files, North Korean animators appear
4:42
to have worked on shows that air on
4:44
the BBC, Amazon Prime and HBO Max. Streetlights
4:49
in Leicester have been stuck on all
4:51
day, six weeks after the UK city
4:53
fell victim to a ransomware attack. The
4:55
attack impacted a central management system used
4:57
to control the streetlights. Officials
5:00
say the lights entered a fail-safe mode where they're
5:02
left on all the time. City
5:04
officials hope to have the system restored by the end of
5:06
next week. Russian
5:08
authorities have arrested a Moscow resident
5:10
for developing and selling malware via
5:12
Telegram. Officials describe the
5:14
malware as having data stealing and destructive
5:17
capabilities. The FSB tracked down the
5:19
suspect through a website they used to advertise
5:21
the malware. The
5:23
median dwell time for cybersecurity intrusions has fallen
5:25
last year to an all-time low of 10
5:28
days. Mandian says that 43 percent
5:30
of all incidents last year were detected in a week
5:32
or less. The company attributes
5:34
the reduction of dwell times to improvements
5:36
in detection capabilities. Mandian also
5:39
observed a decrease in intrusions that remained
5:41
undiscovered for long periods of time. Only
5:44
6 percent of intrusions went undetected for more
5:46
than a year. In terms of ransomware
5:48
attacks, dwell times fell from 9 days in 2022 to 5 days
5:50
last year. A
5:54
threat actor has hijacked the update
5:56
mechanism of the eScan antivirus to
5:58
distribute backdoors and AVAAS says
6:02
the campaign has been active since 2018 as
6:04
primarily targeted large corporate networks. Named
6:07
GuptiMiner, threat actor has distributed
6:09
two different backdoors. The first
6:11
was used to move laterally across networks, while
6:14
the second was used to scan and steal
6:16
private keys and crypto wallet information. AVAAS
6:19
says it found connections between GuptiMiner's
6:21
malware and Kim Suk-hee's North Korean
6:23
APT. Citizen
6:26
Lab researchers have identified vulnerabilities in 8
6:28
out of 9 Chinese keyboard apps. The
6:31
vulnerabilities allow threat actors to intercept
6:33
keystrokes in real time. Researchers
6:35
estimate that up to 1 billion users have
6:37
the apps installed and are vulnerable. Vendors
6:40
with vulnerable keyboard apps include Baidu,
6:42
Tencent and Xiaomi. Police
6:45
chiefs from European countries have called on
6:47
governments and industry groups to stop tech
6:49
companies from deploying end-to-end encryption. Police
6:52
officials say the increasing use of E2EE
6:54
blinds them to malicious activities on platforms
6:56
such as social media sites. 32
6:59
police chiefs have signed the joint declaration. The
7:02
statement comes as META is rolling out end-to-end
7:04
encryption for its messenger apps.
Podchaser is the ultimate destination for podcast data, search, and discovery. Learn More