Indictments, Israel-Iran, Iron Cyber dome and insecure Bluetooth headphones
We are organizing a webinar on July 9, 2025 from 17:00 to 18:00 where we will launch our new research paper focusing on cyber operations in the wars in Ukraine and Gaza. The focus is on the question of what role cyber operations actually play in current conflicts. The research paper will be presented by the author Matthias. And also good to know: the webinar will be held in German. We would be very happy if you could join us. You can register here.
Lots of indictments against criminals. Iran and Israel are still fighting digitally. A serious weakness in Bluetooth chips found in millions of headphones, enables eavesdropping. Previously theoretical cyber-attack scenarios are becoming real. China is accelerating cyber 0-day development, while the US relies on big defense contractors. Apparently German users haven’t heard the shots as IT-security hygiene is backsliding and AI models are bad office tasks and number guessing.
Cyber Conflict
It’s not just the US: Salt Typhoon hacked a Canadian telecom firm via a Cisco flaw (link)
Israeli cyber and computer science experts are getting phished by Iran-linked APT42 (link)
Where there is conflict, there are hacktivists! U.S. hit by hacktivist DDoS attacks following Iran bombings that apparently weren’t as effective as the US admin likes us to believe (link). U.S. government agencies warning about potential cyber threats from Iranian actors towards vulnerable U.S. networks and entities, particularly those with ties to Israeli research and defense firms (link)
Signal has become a primary attack vector in the Russian war against Ukraine: a new wave of social engineering via Signal chats targets Ukrainians (link)
Chinese hackers doing Chinese hackers things: Over 1,000 SOHO devices hacked in LapDogs cyber espionage campaign (link). Chinese hackers also target Chinese users with RAT and Rootkit (link). We often forget that the Chinese cyber-ecosystem is likely as insecure as ours, maybe even more so due to corruption
Cyber Policy around the world
Some news about people: Notorious cybercriminal ‘IntelBroker’ got arrested in France, awaits extradition to US (link). Russian court releases several REvil ransomware gang members (you know, Colonial Pipeline etc.) (link). Meanwhile, ‘Big Balls’ is leaving DOGE for a new job at the social security administration (link). And a name to remember: NSA’s Patrick Ware takes over as top civilian at U.S. Cyber Command (link)
The U.S. Department of Justice has disrupted multiple North Korean IT worker scams, leading to two indictments, one arrest, and the seizure of 137 laptops (link)
Australia is doing some bold moves on restricting the damage social media does on kids, but it is not banning kids from YouTube – they’ll just have to use mum and dad’s logins to create friction, they say (link)
Germany seeks increased Israeli partnership on cyber-defense and plans ‘Cyber Dome’ (link). Meanwhile, a disturbance in the force was felt as the entirety of German and Israeli cyber-experts collectively facepalmed upon hearing the term “cyber dome”. Just in case you wonder: a dome covering a country is not just a terrible metaphor for missile defense, it is even worse for cyber-defense because shooting down stuff is not how any of this works.
NATO summit: members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber (link)
Cyber Command supported US strikes on Iran’s nuclear facilities, but officials keep details under wraps (link)
The French city of Lyon ditching Microsoft for open-source office and collab tools (link)
News about the Pegasus case in Poland: the former anti-corruption bureau head, Ernest Bejda, was arrested for his role in the Pegasus case. The investigative committe investigating the legality of the use of Pegasus software (link)
IT-Security News
This one is a biggy: A vulnerability in the Bluetooth chip soldered into millions of headphones can be remotely exploited for eavesdropping. 100s of the top-notch Sony, Bose, JBL, Jabra headphones are affected, and many more (link). The attacker needs to be in Bluetooth-range (20m). There are no firmware patches for the vulnerable Airoha chipset yet.
Two hypothetical scenarios often floating around in the cyber-conflict sphere just materialized: A person died due to a Qilin ransomware attack on NHS supplier (link) and: Hackers breached Norwegian dam and opened valve at full capacity (link)
Aloha, you’ve been pwned: Hawaiian Airlines discloses ‘cybersecurity event’ (link)
Don't panic, but it's only a matter of time before critical 'CitrixBleed 2' is under attack (link)
Given all these attacks, users must surely be aware of the threat by now! Right? Wrong: the German cybersecurity agency BSI warns that even fewer persons are using MFA or secure passwords (link). In 2023, 42% used MFA, in 2024 the number went down to 34% Only 27% have auto-updates activated (down 9%), anti malware use is down (44% in 2024 compared to 57%). What`’s going on?
And now for the section where we discuss how AI is sucking every joy out of our human existence: Many companies are now replacing workers with AI, even hackers: the top red teamer in the US is an AI bot (link). But do they know that AI agents get office tasks wrong around 70% of the time (link)? Ever more music on streaming services is AI generated, no, thank you (link). Because people search for AI, Hackers are poisoning Google Search results for AI Tools to deliver infostealer Malware (link). Maybe a silver lining: The résumé is dying as HR is drowning in AI-generated job applications, and AI is holding the smoking gun (link)
More Cybercrime: the Scattered Spider group has been targeting the aviation sector in a series of attacks (link)
Research
On the matter of social media and teenagers: Theorising ‘brain rot’ as a genre of participation among teenagers (link)
What do we even mean by digital sovereignty? This here paper analyzes what it means in the context of the EUNIS2 directive (link). Tl;dr: 1) layered control of infrastructure, 2) development of local & independent technologies, 3) governance authority over digital tech, 4) sufficient independent R&D funding, 5) Openness and cooperation
Crash (exploit) and burn: Securing the offensive 0-day supply chain to counter China in cyberspace (link). Takeaway: the Chinese time to market for expensive 0-days just got accelerated due to the civil-military fusion, while the US relies on slower, big defense contractors. If this sparks policy reform, we could have an cyber-arms race for 0-days on our hands
This paper is about an ongoing debate about law enforcement's access to encrypted data and its implications on privacy and national security. As more people use strong locks on their messages, police and governments want ways to open them for investigations (link)
The odd Bit
Why is that? If you ask any AI Model to guess a number between 1 and 50, it is likely to answer 27 (link)