Scattered Spider arrest, telcos attacked, Apple exploit
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts , RSS link , add as an Alexa Skill , or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
US charges Scattered Spider members
According to an unsealed indictment, California prosecutors charged five members of the pernicious threat group for stealing sensitive data and at least $11 million in crypto assets. The groups have previously been tied to attacks on MGM Resorts, Caesars, and Coinbase. The five alleged members range from 20-25 years old, living in Florida, North Carolina, Texas, and Scotland. We don’t have a complete list of Scattered Spider victims tied to the charges, but Bloomberg sources say one of them was Riot Games. The charges also list four unnamed US-based telcos, two IT outsourcing companies, and a crypto firm. One of the defendants has already pleaded guilty in a separate SIM-swapping case. Investigators traced another of the defendants, Tyler Buchanan, through domain registration records on malicious websites.?
(Bloomberg )
Chinese threat actors infiltrate more telcos
Researchers at CrowdStrike discovered a Chinese-linked threat group, Liminal Panda, that has been infiltrating telcos since at least 2020. The researchers found evidence of the group operating in Southeast Asia and Africa. CrowdStrike’s Adam Meyers told Axios that its likely interoperability standards allow the threat actors to access other telco networks as part of the attack, likely for cyberespionage. The tools used by the group show they were built for bulk collection to search network traffic for specific keywords. If this all sounds familiar, we previously covered a similar operation run by the threat actor Salt Typhoon against US telcos.?
(Axios , CrowdStrike )
Apple issues emergency security update
The company issued a patch for two vulnerabilities impacting most of Apple’s portfolio, including iOS, iPadOS, macOS Sequoia, Safari, and visionOS. Researchers at Google’s Threat Analysis Group initially disclosed the issues to Apple. One flaw impacts JavaScriptCore; the other is a “cookie management issue” in WebKit. The company said it found signs of active exploitation on Intel-based Mac systems, although no details on any threat actors targeting the vulnerabilities were released. These mark the sixth zero-day vulnerabilities disclosed by Apple this year.?
Microsoft announces big and small computers
We covered a lot of Microsoft news yesterday; here are two additional items. Microsoft announced the $349 Windows 365 Link device, a thin client PC designed to access Windows 365 service and a cloud-based streaming version of Windows 11 managed by Microsoft Intune. The company says the device uses secure-by-design principles and is framed as “a super hardened version of Windows.” Microsoft will also support third-party Windows 365 Link devices from OEMs like HP, Dell, and Lenovo, with units shipping in April 2025.
In other news, Microsoft and Atom Computing announced they successfully entangled 24 logical qubits using neutral atoms held by lasers. The system could detect when neutral atoms disappeared from the machine and correct for that. The company plans to ship this technology to commercial customers next year, with machines featuring over 1,000 physical qubits. Microsoft already offers the Azure Quantum Compute virtualization system to help develop quantum error correction for the processor.???
(The Verge , TechCrunch )
Huge thanks to our sponsor, ThreatLocker
The effectiveness of police phone cracking
404 Media obtained documents detailing the effectiveness of the phone unlocking and forensics tool Graykey, typically used by law enforcement. These documents show that Graykey can only partially retrieve data from the most recent version of iOS. While the leaked documents don’t detail the limits of “partial” data access, a Forbes report in 2018 found partial extraction at that time was limited to unencrypted files and metadata. The documents show Graykey is much less effective against beta builds. Android phones were much more variable in effectiveness, with Pixel 9 and 8a devices being limited to partial extraction.??
(404 Media )
TSA not implementing cybersecurity recommendations
A report from the US Government Accountability Office, or GAO, criticized the Transportation Security Administration for failing to address four out of six cybersecurity recommendations it made in 2018. The TSA did implement a plan to develop strategies to expand its cybersecurity workforce and partially updated its Pipeline Security and Incident Recovery Protocol Plan to include cybersecurity. GAO’s recommendations about ransomware best practices were not been heeded by TSA yet, from evaluating which transportation sectors were following best practices to aligning its directives with NIST standards or assessing the effectiveness of federal support for organizations experiencing a ransomware attack. It also noted a lack of metrics to measure the effectiveness of TSA measures implemented in the wake of the Colonial Pipeline attack.?
(The Record )
D-Link asks you to trash your VPN router
The network equipment OEMs issued an advisory recommending that users of older VPN routers replace them immediately. This comes after the company discovered a severe remote code execution flaw. The company is cagey with details and hasn’t assigned a CVE number. All impacted models have already gone end of life; most went out of support in May 2024. D-Link will offer owners a 20% discount on newer supported models to spur the retirement of the now problematic routers.?
(The Register )
GitHub launches open-source security fund
The Microsoft subsidiary announced it is accepting applications for the GitHub Secure Open Source Fund, which will invest $1.25 million across 125 projects. Beyond financial support, project maintainers will also receive 5-10 hours per week dedicated to security education, relevant certifications, mentorship, and access to tooling like Copilot, Copilot Autofix, and Secret Scanning. GitHub will accept an initial round of applications through January 7, 2025.?