Newsletters

Written content from the Risky Business Media team

Risky Bulletin: SMS blasting incidents are rising

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The number of public SMS blasting incidents has slowly increased over the past year, in a clear sign of a rising problem.

SMS blasters are devices that mimic a mobile base station to trick nearby phones into connecting to them. They are a variation of IMSI catchers (aka cell-site simulators, fake base stations, or stingrays), but instead of intercepting mobile traffic to snoop on a target and track their location, SMS blasters are designed to automatically send SMS messages to all users trapped in the fake base station's coverage.

The devices have been used to mass-spam mobile devices over the past decade, typically at organized events, such as concerts, political rallies, or other mass gatherings, and for silly marketing purposes.

Risky Bulletin: New phishing technique bypasses FIDO keys

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

At least one cybercrime group is using a new phishing technique that bypasses FIDO keys and grants attackers access to user accounts.

The new technique has been used in the wild by a threat actor known as PoisonSeed.

Earlier this year, the group was involved in phishing campaigns targeting the cryptocurrency community and designed to steal assets from their crypto-wallets.

Spain Leaves Key Under Mat for Huawei

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Recent reporting that the Spanish government had awarded  €12.3 million to Huawei to manage storage for the government's lawful intercept (LI) system struck us as a terrible idea. 

Digging a bit deeper, it turns out the truth is more understandable but far worse. These contracts were awarded over the last few years and were a continuation of an existing arrangement. Huawei has been involved in Spain's lawful intercept (LI) system since 2004. 

It is time to rip the bandaid off. 

Risky Bulletin: Microsoft blocks filesystem redirection attacks in new security feature

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft has added a new security feature to Windows 11 that will mitigate an entire class of filesystem redirection attacks.

The new RedirectionGuard feature is currently under testing in Windows 11 Insider builds.

It works by blocking a type of file redirection known as a junction, or a soft link. This allows users to create a link between two folders, so when users or processes access that folder, they get automatically redirected to the target directory somewhere else on the same system.

Risky Bulletin: Major EoT/HoT vulnerability can bring trains to sudden stops

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

More than 12 years after the issue was first reported, the Association of American Railroads is replacing an insecure railroad protocol that can be abused to engage brakes and bring trains to sudden stops anywhere across North America.

The issue impacts a radio protocol that links locomotives (Head-of-Train) to devices mounted on the last wagon, a flashing red light known in the industry as an End-of-Train device or a FRED (Flashing Red End Device).

This device is primarily used to collect telemetry from the back of trains. It is useful especially for long freight trains that can often go over one or two miles in length and which cannot be easily inspected.

Risky Bulletin: Two billion eSIMs receive crucial security patch

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Security updates are being shipped out to mobile operators across the world to fix vulnerabilities in more than two billion eSIMs.

The vulnerabilities impact Kigen's eUICC (embedded Universal Integrated Circuit Card), a software package provided to mobile network operators to support eSIM technology.

eSIMs allow mobile operators to ship a software-based SIM to a device. The technology is mainly used for issuing temporary SIMs to travelers and to add mobile connectivity to IOT devices that can't fit a SIM card slot.

Four Key Players Drive Scattered Spider

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A small number of key individuals are organising the activities of the group known as Scattered Spider, according to researchers at security firms. If it's true, there is hope that targeted approaches might bring some respite from the group's carnage. 

Scattered Spider is responsible for a number of significant, high-impact hacks that have left many victim organisations struggling to recover, sometimes for months. The group first achieved notoriety in 2023 for the hacks of Caesars Entertainment and MGM Resorts International. Since May this year the group is believed to have struck retailers in the UK and the US, insurance companies, and then airlines in quick succession. Overall, it's responsible for the compromise of hundreds of companies since 2022. It is financial cybercrime's apex predator. 

Its cybercrime activity is characterised by the use of highly effective social engineering to gain initial access to victims. This is followed up by brutally efficient post-compromise activities to steal data, deploy ransomware and cause mayhem in double-quick time.

Risky Bulletin: Browser extensions hijacked for web scraping botnet

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

More than one million users have installed browser extensions that turn their browsers into proxies for a web scraping botnet.

The extensions contain a library named Mellowtel that waits for users to go inactive, disables page security protections, and then loads a remote website inside a hidden iframe. The parsed/scraped website is then sent to a remote URL for analysis.

SecureAnnex found the Mellowtel library in 245 extensions for Chrome, Edge, and Firefox.

Risky Bulletin: Chinese researchers claim to find new North American APT

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Chinese security firm QiAnXin claims it discovered a new cyber-espionage group targeting China's high-tech sectors and operating out of North America.

QiAnXin's PanGu and RedDrip teams presented their findings at the CYDES security conference in Malaysia last week and published a technical report on GitHub on Friday.

Researchers describe the new NightEagle group (aka APT-Q-95 and APT-C-78) as extremely stealthy and very sophisticated.

Risky Bulletin: Hunters International ransomware shuts down and releases decryption keys

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The Hunters International ransomware operation has shut down and promised to release free decryption keys for all past victims.

The group announced the shutdown in a message posted on its dark web leak site on Thursday, July 3, after removing all past victims.

The operation launched at the end of 2023 and was a rebrand of the Hive ransomware, which had its infrastructure seized earlier that year.