Risky Bulletin: Apple adds ClickFix warning to macOS terminal

Apple adds a click-fixed warning to Mac OS, and Dala hacks Kash Patel's personal email.

Balance the crypto platform shuts down after last year's hack, and the EU proposes a ban

on AI-neutrify apps.

This is The Risky Bulletin, prepared by Ketlin Kimpanu and read by me, Claire Eard.

Today is the 30th of March, and this podcast episode is brought to you by Knock Knock.

In today's top story, Apple has added a warning about click-fixed attacks to Mac OS.

Users will see an alert anytime they copy-paste commands from a browser into the terminal window.

The click-fixed technique became popular in 2024. It relies on tricking users into running malicious

commands. It initially targeted Windows, but expanded to Mac OS last year.

In other news, Iranian hackers have breached FBI Director Kash Patel's personal Gmail account.

The Handala Hacking Group has taken credit and leaked some of Patel's emails.

The FBI confirmed the breach on Friday.

Previous reports have linked the Handala Group to Iran's intelligence service, the MOIS.

The European Commission is investigating a hack of its website and cloud infrastructure.

The Shiny Hunters Hacking Group claims to have stolen more than 350 gigabytes of data from

the Commission's AWS environment. The group says stolen material includes email server dumps,

databases, internal documents and contracts. The commission also suffered a separate hack in

January. That incident was via its Avanti mobile device management server.

The Balancer DeFi platform has shut down months after hackers stole $110 million.

The company cited increased legal liability after the hack in November last year.

The company will continue operating its token.

Thread Actors are launching attacks against a recently patched vulnerability in Citrix

net-scaler devices. Watched our labs spotted exploitation in Honeypots last week,

days after the patch was made available. The vulnerability allows attackers to leak data from memory

similar to the earlier Citrix bleed attacks. Citrix has yet to confirm the activity.

Hackers have breached US Health Record Provider Care Cloud. The incident earlier this month

impacted one of the company's six electronic health record platforms. The company says it evicted

the attackers eight hours after they gained access. The fifth incarnation of breach forums has been

hacked just days after its launch. The Shiny Hunters Group has leaked registration data and

private messages of more than 340,000 users. The group was involved in earlier iterations of

the site. It said it will hack and leak any future versions. It deems fake.

A UK man has accused his estranged wife of stealing $176 million worth of crypto assets.

Ping Fire UN claims his wife used a security camera to record his crypto wallet password.

She then emptied his wallet. Ping presented the court with an audio recording of his wife

planning the hack with her sister. The funds have not moved since being stolen.

A ransomware attack has crippled the Jackson County Sheriff's Department in Indiana. The attack

took down the Wi-Fi network, the police report filing system and all of the department's computers.

The incident occurred last week and has been traced back to a malicious file received via email.

The department website was still down on Monday. Hackers have inserted malicious

code into the desktop client of Chinese web dev service API Fox. The attackers compromised

Java script files hosted on the app's CDN. According to security firm Slow Mist,

the code stole users credentials and left a backdoor.

Hack and Group team PCP has backdoored the Python library of a voice AI provider.

The hack against TelNix impacted the company's official SDK on the PyPy Portal.

Team PCP has breached thousands of organisations this month in an ongoing supply chain attack.

Europe has proposed an amendment to its AI Act that would ban nudify apps.

The law would cover any app that creates sexualised deepfakes without consent.

Earlier this year, XAI's GROC generated explicit images of women and children

leading to public demand for regulation. EU lawmakers have been instructed

to leave their phones at home when travelling to China next month.

The commission's security team cited concerns over possible hacking attempts.

Lawmakers will receive burner phones and laptops for the Beijing visit.

NSA and Cybercommands new chief has told staff to increase intelligent sharing with allies.

General Josh Rudd has also instructed staff to keep a close eye on China and Russia,

even though the White House has prioritised the southern border.

The directors were part of General Rudd's first NSA or hands meeting.

A second Russian APT group has started using the Darksword iOS hacking framework.

Spear-fishing emails lowered Lithuanian victims to sites hosting the exploit kit.

Proofpoint says it's linked the emails to the Russian FSB Intelligence Service.

Darksword was previously spotted being used by a unit from Russia's military intelligence service.

The US State Department is offering rewards of up to $10 million for information on Iranian

hacking groups. It's seeking information on groups, acting in support of Iran,

such as Handala Hack and Parjan Afsaray and Borner.

The department is interested in group members' names and locations.

A social media disinformation campaign is telling Taiwanese audiences that the Iran conflict

would deplete the country's LNG reserves. The campaign was traced back to a cluster of accounts

based in China. Taiwan's Minister of Economic Affairs said the claims were untrue.

A similar campaign also targeted Australian audiences. That one was linked to an Iranian news

agency. And finally, threat actors are hacking corporate networks via a vulnerability in F5

big IP devices. The attacks exploit a remote code execution bug that was patched as denial of

service in October last year. On Friday, Sissel warned federal agencies about the attacks

and ordered them to install patches by the end of Monday.

And that is all for this podcast edition. Today's show was brought to you by Knock Knock.

Find them at Knock Knock. That's K-N-O-C-K-N-O-C.io.