GeoPolitics China’s Volt Typhoon breached Singtel, reports say • The Register - Volt Typhoon reportedly breached Singapore Telecom over the summer. Highlighting why Cyber Threat Intelligence can at times be beneficial for more advanced orgs.
N Korea may receive tech in exchange for military support • The Register - DPRK has provided around 10,000 troops to Putin’s war in Ukraine. After DPRK successfully conducted a 90 minute missile flight the US and its allies are starting to wonder exactly what Pyongyang got in exchange for those troops.
Breaches ‘Satanic’ data thief hits 350M Hot Topic shoppers • The Register - HotTopic, Torrid, and Lunchbox shoppers (around 350m) of them have had a few bits of info stolen; names, emails, physical addresses, dates of birth, last four digits of customers’ credit cards, card types, hashed expiration dates, and account holder names. Likely just watch out for My Neighbor Totoro-themed phishes and you’ll be ok.
Skyscraper-high sewage plume erupts in Moscow • The Register - A Ukranian hacker group claims to have disrupted 87k alarms, destroyed 70 servers, and wiped 90TBs of data to pull off the hack.
Politics World Iran U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign Iranian hackers act as brokers selling critical infrastructure access - US and Allies are warning that Iran has ran a year long campaign to break into water, waste-water, electrical plants, government, healthcare, and telecom systems to serve as an Initial Access Broker, selling credentials to other nations, threat actors, etc… These IAB’s aren’t damaging the networks, simply staging an maintaining a presence on the network until it can be sold or made useful.
Mobile News Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (thehackernews.com) - Google will now allow their Pixel phones to be configured to ignore 2G downgrade attacks caused by Stingrays (cell-site simulators) and other devices that emulate a cellular baseband (tower) controlled by their service provider. This will prevent attacks like those performed by Intellexa and Predator using the Triton malware. This will also prevent SMS Blasting which bypass carrier spam protections.
Privacy News Data watchdog fines Clearview AI $33M • The Register - Clearview scrapes photos from all over the internet, adds them to its database, then sells the data to advertisers and governments, some who use it without appropriate legal permissions (think 4th amendment/warrantless surveillance issues)
Election News Spamouflage trolls pretend to be American patriots on X • The Register - #China - People’s Republic of China propaganda crew ramps up X and TikTok work claiming to be American citizens and “frustrated Conservatives”.
Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide (thehackernews.com) - Hardware backdoor means even with appropriate controls, threat actors can still attack hotel and office doors around the globe. The FM11RF08S backdoor enables any entity with knowledge of it to compromise all user-defined keys on these cards, even when fully diversified, simply by accessing the card for a few minutes.
Russia fears Ukraine hijacking home CCTV systems for intel • The Register - This is genius, the Russians have asked users in the Bryansk, Kursk, and Belgorod regions to shut off dating apps and IP cameras that Ukranians are using for intelligence gathering.