Cyber Security Headlines: Meta’s Record EU fine, China bans Micron, Tornado Cash hacked

Meta receives record fine over EU data transfers

The European Union fined the social networking giant 1.2 billion euros for privacy violations related to transferring European users data to the US. Regulators say Meta stored European data in US-based data centers, where information could potentially be accessed by American intelligence agencies with no means for citizens to appeal. Regulators also ordered Meta to stop transferring European Facebook data to the US and delete existing data within six months. Meta could avoid these requirements if a new trans-Altantic data sharing framework comes into effect before that time. Meta says it will appeal. The previous largest privacy fine in the EU came back in 2001, when it fined Amazon €746 million for GDPR violations. 


China bans Micron over cybersecurity risks

The Cyberspace Administration of China warned critical infrastructure operators against buying components from the chip maker Micron, citing “relatively serious” cybersecurity risks in its products. The action comes a month after China announced an investigation into Micron imports. The CAC did not detail any security risks or identify specific vulnerable Micron products. The US Commerce Department said the Chinese action had “no basis in fact.” Roughly 11% of Micron’s revenue comes from China, significantly less than other chipmakers like Intel, Broadcom, Qualcomm, and AMD. 


Crypto mixer hijacked

When we talk about the cryptocurrency mixer Tornado Cash on the show, it’s usually in stories involving money laundering. But the service now finds itself in the crosshairs of malicious actors. Researchers at the crypto investment firm Paradigm discovered an attacker used an exploit to grant themselves majority voting power in the service’s decentralized structure. This saw the actors withdraw 10,000 of the services TORN governance tokens and sell them on exchanges. Binance said it suspended sales of TORN as a result. So far no comment from Tornado Cash on the incident. 


Android phones plagued with malware

At the Black Hat Singapore conference last week, researchers at Trend Micro presented findings that up to 8.9 million Android devices across 50 brands could be infected with Guerrilla malware. This malware came from 15 malicious apps published on the Play Store. Guerrilla established a backdoor to C2 servers, collecting data that it eventually sells to advertisers. The malware also uses extensive plugins, able to do things like sending WhatsApp messages, setting up a reverse proxy, and injecting ads into other apps. Trend Micro did not name brands impacted by this malware. 

(Ars Technica)

And now a word from our sponsor, Sonrai Security

Did you know that 81% of breaches are due to compromised identities? It’s a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud.
Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at

NIST helps small businesses with cyber readiness

When we cover ransomware attacks on this show, often we highlight attacks against large organizations. But in terms of ransomware volume, these represent the exception not the rule. A recent Coveware study found 72% of ransomware attacks impacted organizations with less than 1,000 employees, with 29% hitting those with less than 100. To respond to this reality, the National Institute of Standards and Technology launched the  Small Business Cybersecurity Community of Interest, or COI. This aims to provide a two-way street to communicate with small businesses. The COI will provide company reps to provide NIST feedback about cybersecurity issues. These will inform how NIST issues guidance and develops tools specifically for small businesses. 

(Security Intelligence)

Bad Magic group operating for over a decade

Researchers at Kaspersky first reported on the Bad Magic threat group in March 2023. At the time, it highlighted its activity in sectors adjacent to the ongoing Russia-Ukraine war. However the researchers recently found the group’s activity goes much farther back. Malwarebytes already discovered a series of Bad Magic espionage attacks from December 2020. However Kaspersky discovered the use of its modular CloudWizard malware framework in telemetry data going back to 2017. It also identified source code similarities between CloudWizard and the malware family Prikormka, which ESET found dates back to at least 2008. The researchers found this history shows a persistent commitment to enhancing its toolsets and targeting organizations for cyber espionage. 

(The Hacker News)

Dish dishes on ransomware leak

Back in February the TV provider DISH suffered a ransomware attack. This gained attention after it caused widespread outages to both DISH service and its internal systems. Now in a regulatory filing, the company disclosed attackers exfiltrated personal information on roughly 300,000 people. DISH says attackers did not access customer databases, so the leaked data comes from employee-related records. It sent breach notification letters to impacted people on May 18th. It only disclosed the leak included driver’s license numbers. The regulatory disclosure also said DISH “received confirmation that the extracted data has been deleted” indicating it paid a ransom to the attackers. 

(The Record)

BEC attempts on the rise

Microsoft’s latest Cyber Signal report shows that the company detected 35 million business email compromise attempts in the last year, seeing an average of 156,000 attempts per day. This came as part of an overall 38% increase in cybercrime as a service attacks against business email since 2019. These attacks generally don’t target unpatched vulnerabilities. Rather they generally focus on using the sheer volume of email to get victims to accidentally share financial information or otherwise facilitate a transfer of funds. Microsoft observed attackers using multichannel spamming campaigns, including fake 2FA authentication, to eventually wear down victims. 

(CSO Online)

Rich Stroffolino is a podcaster, editor and writer based out of Cleveland, Ohio. He's spent the past five years creating media for technology enthusiasts and IT practitioners. He dreams of someday writing the oral history of Transmeta.