CyberWire Daily - Sri Lanka says ‘no more’ to financial fakers!
Episode Date: October 16, 2024Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach. A major apparel prov...ider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Reference: Microsoft Azure Blog > Virtual Machines > Gain business insights using Power BI reports for Azure Backup Selected Reading Sri Lankan Police Arrest Over 200 Chinese Scammers (BankInfo Security) Finnish Customs closed down the Sipulitie marketplace on the encrypted Tor network (Finnish Customs) Cisco investigates breach after stolen data for sale on hacking forum (Bleeping Computer) Varsity Brands Data Breach Impacts 65,000 People (SecurityWeek) Oracle October 2024 Critical Patch Update Addresses 198 CVEs (Security Boulevard) Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site (SecurityWeek) 'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief (The Record) CISA Warns of Three Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’ (404 Media) Hackers took over robovacs to chase pets and yell slurs (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams.
Officials in Finland take down an online drug market.
Cisco investigates an alleged data breach.
A major apparel provider suffers a data breach.
Oracle's latest patch update includes 35 critical issues.
Microsoft has patched several high-severity vulnerabilities.
The NCSC's new boss calls for global collaboration to fight cybercrime.
CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.
Hackers steal data from Verizon's push-to-talk system.
On our CertFight segment, Chris Hare is joined by resident Microsoft subject matter expert George Monsalvachi
to break down a question from N2K's Microsoft Azure Administrator practice test.
And robot vacuums go rogue.
It's Wednesday, October 16th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today.
Great as always to have you here with us.
Authorities in Sri Lanka have arrested over 200 Chinese nationals
involved in large-scale financial scams targeting victims across Asia.
The arrests follow seven raids across the country,
with most suspects linked to pig butchering scams, where victims
are tricked into investing in fake businesses or stocks. These operations align with reports from
the UN and U.S. Institute of Peace highlighting the rise of sophisticated crime syndicates in Asia,
which stole up to $37 billion in 2023. Many of these cartels, originating from online gambling
operations banned in China, have expanded into Myanmar, Cambodia, and Laos. The largest raid
in Sri Lanka netted 126 Chinese nationals running a money laundering operation from a luxury hotel.
The Chinese government has expressed support for
Sri Lanka's law enforcement efforts, emphasizing its commitment to combating transnational online
fraud that damages both countries' reputations and relationships. Customs officials in Finland,
in cooperation with the Swedish police, have shut down the Sepuletai marketplace,
a tour-based platform used for anonymous drug sales since February 2023. The site,
operating in Finnish and English, facilitated criminal activities, including narcotic sales,
with an estimated turnover of 1.3 million euros. Sepulatai was created after the closure of its predecessor,
Sapuli Market, in 2020, which had a turnover exceeding 2 million euros. Authorities have
identified the administrator behind both marketplaces and a 2022 chat-based sales platform
called Sati, which has also been closed. The investigation has also uncovered
identities of sellers, buyers, and those in support roles such as moderators. Finnish Customs has
worked closely with the Swedish police, Europol, and Finnish police units, with the investigation
still ongoing. Cisco is investigating claims of a data breach after the threat actor Intel Broker alleged that they, along with two others, accessed Cisco's data on October 6th of this year.
The hacker posted on a forum offering stolen data, including source code, customer information, credentials, API tokens, and confidential documents.
Intel Broker shared samples of the data but did not explain how it was obtained.
Cisco has confirmed it is aware of the reports and is actively investigating.
It remains unclear if this breach is connected to previous attacks involving companies like T-Mobile, AMD, and Apple back in June.
AMD, and Apple back in June. Varsity Brands, a major apparel provider for sports teams and schools, disclosed a data breach affecting over 65,000 individuals. Detected in May of this year,
the breach involved unusual activity on its systems, prompting Varsity to take systems
offline and launch an investigation with external cybersecurity experts.
The breach exposed a small subset of company files containing personal information.
Affected individuals have been offered 24 months of free credit monitoring and identity theft
protection. While ransomware involvement is suspected, no group has claimed responsibility.
no group has claimed responsibility. Oracle's October 2024 critical patch update addresses 198 CVEs with 334 security patches across 28 product families, including 35 critical
patches. The Oracle Commerce family received the most patches, followed by Oracle Hyperion with 45 patches.
Many vulnerabilities, particularly in Oracle Commerce, can be exploited remotely without
authentication. Products like Oracle Financial Services, Oracle SQL Developer, and Oracle Java
SE also received significant updates. Oracle advises customers to apply all relevant patches promptly.
Full details, including a breakdown of patches by product family and severity,
can be found in Oracle's October 2024 advisory.
Microsoft has patched several high-severity vulnerabilities in Power Platform,
Dataverse, and the Imagine Cup website.
These vulnerabilities, rated critical by Microsoft,
include a missing authorization flaw in Power Platform that could allow unauthorized access to sensitive information,
a flaw in Dataverse which could enable privilege escalation by an authenticated user,
and additionally an improper access control issue in the Imagine Cup
website was addressed. All issues have been mitigated server-side and no user action is
required. Microsoft confirmed no evidence of exploitation before the fixes. In a move toward
transparency, the company now assigns CVE identifiers even to cloud service vulnerabilities that require no user intervention,
while allowing users to filter out such flaws in their security update guide.
The UK's National Cyber Security Centre has reported a 50% increase in nationally significant cyber attacks compared to last year,
according to its new chief executive, Richard Horn.
Speaking at Singapore International Cyber Week, Horn highlighted the growing gap between cyber
threats and global defenses, emphasizing the increasing complexity of the threat landscape.
He warned that rising dependencies on technology exposes societies to greater cyber risks,
and called for coordinated global efforts
to strengthen cyber resilience. Horn, the first NCSC chief with a technical background,
stressed that security must be built into technology from the start. He also urged
governments to take a more active role in guiding businesses and public services to defend against and recover from cyber attacks.
Horn's comments echo earlier concerns that current regulations are failing to keep up with rapid technological advancements.
Just last month, a report from Spotlight on Corruption noted that the UK's National Crime Agency,
also tasked with tackling cybercrime, is facing a crisis. The agency is experiencing a
brain drain with nearly 20% of its cybercapacity lost annually due to staff departures, largely
attributed to a broken pay system. This has led to increased costs as the NCA relies on temporary
labor and consultants consuming over 10% of its budget.
The report urges urgent government reforms and investment to restore the agency's effectiveness.
CISA has issued an urgent warning about three critical vulnerabilities
affecting widely used software from Microsoft, Mozilla, and SolarWinds.
These vulnerabilities are currently being exploited
in the wild, making timely action crucial to prevent potential attacks. The first vulnerability
is a race condition in the Microsoft Windows kernel that could allow attackers to escalate
privileges on a compromised system. Although it's unclear if this flaw is being used in ransomware campaigns, the risk remains high.
The second vulnerability highlighted by CISA impacts Mozilla Firefox
and involves a use-after-free vulnerability that could enable arbitrary code execution.
And lastly, there's a vulnerability affecting SolarWinds' web help desk,
which involves hard-coded credentials, allowing unauthorized
access to internal systems. CISA advises organizations to apply patches or mitigations
by November 5th of this year to safeguard against exploitation, emphasizing the importance of
proactive security measures. Hackers have stolen data from Verizon's push-to-talk system, which is marketed to government agencies and first responders,
and are now selling the data on a Russian cybercrime forum.
404 Media reports the breach did not affect Verizon's main consumer network,
but targeted a third-party provider supporting the PTT system.
The stolen data includes call logs, emails, and phone
numbers. Verizon confirmed that a small subset of customer data was exposed, but noted that no
sensitive information such as social security numbers was leaked. The hackers, including
Cyber Phantom and Judish, are part of acriminal group known as The Calm, responsible for numerous
high-profile breaches. The hackers are selling the stolen data instead of extorting Verizon.
Coming up after the break, on our CertBytes segment, Chris Hare is joined by our resident Microsoft SME, George Monsalvachi.
They break down a question from N2K's Microsoft Azure Administrator practice test.
Stay with us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies
like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home.
Black Cloak's award-winning digital executive protection platform secures their personal
devices, home networks, and connected lives. Because when executives are compromised at home,
your company is at risk. In fact, over one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
Our recurring CertByte segment is a bi-weekly feature hosted by Chris Hare,
a content developer and project management specialist here at N2K.
Chris and her guests share practice questions from our suite of industry-leading content
and a study tip to help you achieve the professional certifications you need to fast-track your career growth.
Here's Chris.
Hi, everyone. It's Chris. I'm a content developer and project
management specialist here at N2K Networks. I'm also your host for this week's edition of
CertByte, where I share a practice question from our suite of industry-leading content
and a study tip to help you achieve the professional certifications you need
to fast-track your career growth. Today's question targets Microsoft's Azure Administrator Skills Measured Exam.
Okay, George, did I say that right? Is it Azure? Azure?
It could be either one. Who are we to say? But I like to say it's Azure.
Azure. Okay, I have our resident Microsoft SME here, George, who's going to help us out today.
We're going to turn the tables again, and George will resident Microsoft SME here, George, who's going to help us out today.
We're going to turn the tables again, and George will be asking me this week's question,
and I'm really nervous because this is not in my wheelhouse.
You'll do fine. You always do.
Thank you, as always, for the vote of confidence. So, George, before you ask me the question,
I understand you have a 10-second study bit for this exam. So what do you have for us?
Well, as you know, Chris, Microsoft always updates their exams.
And when you're studying for an exam, you may prep for that exam for, I don't know, a couple of months, three or four months.
But my tip would be to look at the Microsoft website for the study guide for this exam. So, say, for instance,
AZ-104, look at the Microsoft study guide for the AZ-104 to see if they've added anything to the
exam or subtracted something from the exam. Because if they added something, you certainly
want to study that for the exam because the difference between failing and passing the test
is one question. So, make sure you know what's on the exam. the difference between failing and passing the test is one question. So
make sure you know what's on the exam. That is an excellent tip. Okay, George,
I'm ready for my question. I'm taking a deep breath. Let's go.
Okay, put your seatbelt on. Here we go. Okay. Here's the question. You need the ability to gauge Azure backup health, storage usage patterns, and backup restore trends within your production Azure subscription.
It is important to use an open data model and leverage data visualization capabilities that can be shared among business owners.
So, what feature will meet the reporting requirements for Azure backup services? There's
only one answer to this, and the choices are A, Azure Monitor, B, Application Insights, C,
Power BI, and D, Log Analytics. Oh, all right. Thank you for this, George.
This is a tricky one, highly technical.
So what feature will meet the reporting requirements for Azure backup services?
Okay, can I ask you some questions first?
You can ask me anything.
Can I help you?
It may not, but you can ask me anything.
Okay, so are all of your answer options part of
the Azure subscription? In other words, there are no trick answers here? There are no trick answers.
They are part of all the choices here are part of your Azure subscription. Okay, great. Now,
can I also ask, do all of the choices mentioned offer some level of reporting and visualization capabilities? Is that fair to say? Let's just say somewhat, but one would be the
beaconing light when you think of reporting and visualization. Okay. And last question,
backup reporting can also happen from the data or the application layer.
Is that right?
I don't know if that's going to help me or not, but I wanted to ask.
It depends on what you're backing up.
But the key part of this question is what will meet the reporting requirements for Azure backup services?
Okay, so I'm just going to take a wild guess and go with B, application insights?
Actually, what I was trying to hit on was reporting requirements. And one thing they
mentioned in the question was visualization. And the Power BI service is what Microsoft likes to use in Azure to have dashboards and reports.
So log analytics, application insights, and Azure Monitor could all give you performance data.
But Power BI really brings that data to life in dashboards.
So what we're looking for is visualization and reporting.
So that's what we went with Power BI there.
Okay.
Got it wrong, but I learned something today.
So thank you so much, George.
Are there any other Microsoft exam updates coming out soon that you'd like to promote
here while I have you?
Well, we're always updating our exams.
And hopefully soon, we have already put out our fundamental exam for
Microsoft's Azure Artificial Intelligence Service, and we're working on one of the advanced exams.
Excellent. That sounds exciting. Thank you so much, and thanks for your time again,
and a great question, too. Thanks for having me.
And thank you for joining me for this week's CertFight.
If you're actively studying for this certification and have any questions about study tips or even future certification questions you'd like to see,
please feel free to email me at certfight at n2k.com.
That's C-E-R-T-B-Y-T-E at n number 2k dot com.
B-Y-T-E at N number 2K dot com.
If you'd like to learn more about N2K's practice tests,
visit our website at N2K dot com forward slash certify.
For sources and citations for this question,
please check out our show notes.
Happy certifying. If there's a question that you would like to see covered,
you can email us at circbyte at n2k.com.
If you're studying for a certification exam,
check out N2K's full exam prep library of certification practice tests,
practice labs, and training courses by visiting our website
n2k.com slash certify.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default
deny approach can keep your company safe and compliant.
And finally, our automated appliances desk tells us the story of some tech gone awry.
Ecovacs D-Bot X2 robotic vacuums were reportedly hacked earlier this year, turning them into tiny terrorizing menaces in U.S. cities.
ABC News in Australia shared stories of these vacuums chasing pets and yelling racist slurs
at their owners. Minnesota lawyer Daniel Swenson described his D-Bot blaring static,
which quickly turned into a teen-like voice shouting slurs.
Other incidents in El Paso and Los Angeles involved similar chaos,
including a rogue vacuum harassing a dog.
Ecovacs responded, citing a credential stuffing event and blocking the hacker's IP,
but assured everyone that no usernames or passwords were stolen.
Last year, researchers showed how to bypass the D-Bot's PIN,
but Ecovacs promises a security update soon.
It's a reminder of the risks of cloud-connected devices,
where instead of cleaning your floors, your vacuum might become a foul-mouthed prankster.
And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders
and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement
agencies. N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Trey Hester
with original music
and sound design
by Elliot Peltzman.
Our executive producer
is Jennifer Iben.
Our executive editor
is Brandon Karp.
Simone Petrella
is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com. That's ai.domo.com.