Podcasts
CyberWire Daily
Ep 2155
The CyberWire Daily Podcast 9.20.24
Ep 2155 | 9.20.24

They really are watching what we watch.

Show Notes
Transcript

An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability.

Today is Friday September 20th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

An FTC report confirms online surveillance and privacy concerns. 

The Federal Trade Commission (FTC) released a report confirming that major social media and video streaming companies engage in extensive surveillance to monetize user data, particularly through targeted advertising. The report, based on 2020 inquiries into companies like Meta, YouTube, TikTok, and others, highlights how these platforms collect and retain large amounts of personal data from users and non-users alike, often without adequate protections, especially for children and teens.

The FTC found that many companies used privacy-invasive tracking technologies and shared data broadly, often retaining it indefinitely. Some companies also failed to delete user data when requested. The report emphasizes the conflict between the companies’ data-driven business models and user privacy, with particular concerns around the impact on young users’ mental health.

The FTC recommends comprehensive federal privacy legislation to limit data collection and enforce stricter data protections. Companies are urged to minimize data retention, limit sharing with third parties, enhance privacy protections for teens, and comply more fully with children’s privacy laws. The report also raised concerns about potential competition issues, as companies accumulating vast data may dominate the market, limiting consumer choice.

Ukraine bans Telegram for state and security officials. 

Ukraine has banned the Telegram messaging app on official devices used by state and security officials, military personnel, and critical infrastructure employees, citing national security concerns. Kyrylo Budanov, head of Ukraine’s defense intelligence, warned that Russian special services could access users’ personal data, messages, and even deleted content. The ban applies to devices in government and defense sectors but excludes those using the app for official duties. Ukraine’s National Security and Defense Council stated that Telegram is used by Russia for cyberattacks, phishing, and military targeting. Despite privacy concerns, Telegram remains popular in Ukraine as a key source of news and alerts on Russian military actions. The app’s founder, Pavel Durov, is under investigation in France for serious offenses.

Sensitive customer data from India’s largest health insurer is leaked. 

Meanwhile, sensitive customer data from Star Health and Allied Insurance, India’s largest standalone health insurer, has been leaked via Telegram chatbots, impacting over 31 million customers. The breach, discovered by cybersecurity researcher Jason Parker, exposed names, addresses, phone numbers, policy details, and sensitive medical information. The stolen data is available for free in small portions, while bulk data is being sold by a hacker known as “xenZen.” Despite Telegram removing the chatbots, new ones quickly emerged. Star Health confirmed the breach but downplayed its severity, claiming sensitive data remains secure. However, investigations revealed extensive personal data sharing, raising questions about the company’s transparency. The incident highlights the growing threat of cybercriminals using Telegram to distribute stolen data, a trend exacerbated by the platform’s anonymity and ease of use.

German law enforcement shuts down multiple cryptocurrency exchange services. 

German law enforcement shut down 47 cryptocurrency exchange services used by cybercriminals for money laundering, including ransomware groups and darknet merchants. These platforms, hosted in Germany, allowed users to anonymously exchange cryptocurrencies without registration or identity verification. Among the seized services was Xchange.cash, which handled nearly half a million users and 1.3 million transactions since 2012. The police obtained extensive user and transaction data, offering valuable leads in the fight against cybercrime. No arrests have been announced yet from the operation.

HZ RAT sets its sights on macOS systems. 

HZ RAT is a remote access trojan (RAT) that initially targeted Windows devices, but has now expanded to attack macOS environments. First observed in 2020, HZ RAT allows attackers full control over infected systems, enabling them to steal data, take screenshots, record keystrokes, and access sensitive information from apps like WeChat and DingTalk. The malware also collects data on the device’s hardware, networks, and applications. Delivered via phishing emails or disguised applications, HZ RAT connects to a command-and-control server for further instructions, allowing attackers to upload or execute files remotely. While primarily used for data collection, the malware’s true purpose remains unclear. 

Stolen VPN passwords remain a growing threat. 

A report from Specops Software reveals that over 2.1 million VPN passwords were stolen by malware in the past year, posing significant risks to secure networks. While many VPN services offer strong security, attackers increasingly target end users through phishing and malware to capture credentials. Common passwords like “12345” and “password” were frequently compromised, highlighting poor password practices. The report emphasizes that VPNs, while essential for remote access, aren’t foolproof against phishing or malware. Experts recommend additional protections like multi-factor authentication (MFA), strong password policies, and adopting passwordless authentication methods such as certificate-based authentication or zero-trust network access (ZTNA). Businesses are encouraged to monitor login activities, audit access logs, and apply security patches to safeguard against credential theft.

Watch out for these CVEs.

Rapid7 is warning customers about several critical vulnerabilities in enterprise technologies that are high-priority attack targets. These include:

  • CVE-2024-41874: A remote code execution vulnerability in Adobe ColdFusion, affecting versions 2023 (update 9 and earlier) and 2021 (update 15 and earlier).
  • CVE-2024-38812 & CVE-2024-38813: Remote code execution and privilege escalation vulnerabilities in Broadcom VMware vCenter Server.
  • CVE-2024-29847: A deserialization vulnerability in Ivanti Endpoint Manager (EPM), affecting versions 2022 SU5 and 2024.

Rapid7 advises immediate remediation to prevent exploitation.

Law enforcement dismantles the iServer phishing-as-a-service platform. 

Law enforcement agencies in Europe and Latin America have dismantled iServer, a phishing-as-a-service platform used to unlock stolen and lost phones. As part of Operation Kaerb, 17 individuals were arrested, including the platform’s Argentinian administrator. iServer targeted over 1.2 million phones and victimized 480,000 users, mainly Spanish speakers from Europe, North America, and South America. The platform had over 2,000 paying users who were charged for phishing services that harvested credentials from cloud-based mobile services. These credentials were used to unlock devices by bypassing Lost Mode. Victims received phishing SMS messages, prompting them to enter sensitive information like IMEI numbers and OTP codes, which allowed criminals to unlink devices from their owners. The platform operated for five years, running since 2018.

Up next, we’ve got N2K’s Brandon Karpf speaking with Steve Blank of the Gordian Knot Center for National Security Innovation about national security and the dilemma of technology disruption. 

We’ll be right back.

Welcome back, for additional background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It” that is linked in our show notes.

To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed. 

CISA’s boss pushes for accountability. 

And finally, In a lively keynote this week at the mWise conference, CISA director Jen Easterly didn’t hold back, casting software developers as complicit contributors in the cybercrime saga. “Tech vendors are building problems right into their products,” Easterly proclaimed, leaving doors wide open for cybercriminals. And let’s stop with the poetic villain names, she added – how about calling them “Evil Ferret” or  “Scrawny Nuisance” instead?

Easterly argues the real issue isn’t security vulnerabilities; it’s shoddy coding practices. “Why does software need so many urgent patches?” she asked, suggesting we rename “vulnerabilities” to “product defects” and hold vendors accountable. The message? It’s time for software developers to shape up and secure their code before the villains get in.

While many big names have signed CISA’s “Secure by Design” pledge, Easterly wants tech buyers to wield their purchasing power and demand security upfront. And maybe, just maybe, we’ll finally put a dent in the multi-trillion-dollar cybercrime problem.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

Programming notes: 

Join us tomorrow for Research Saturday, where Dave is joined by guest Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data.

On Sunday, Part 1 of our 2-Part Special Edition series featuring the full conversation Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, had with N2K's Brandon Karpf about national security and the dilemma of technology disruption.

 

And that’s the CyberWire.

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.