Newsletters

The US-Israeli attack on Iran shows how cyber operations help achieve military goals when aggressors have cyber dominance. But it also highlights the small window of opportunity for them to have a significant impact once war kicks off.

At a press briefing on Monday, Joint Chiefs of Staff Chairman Gen. Dan Caine said US Cyber Command was involved in "coordinated space and cyber operations [that] effectively disrupted communications and sensor networks… leaving the adversary without the ability to see, coordinate or respond effectively".

The overall goal, he said, was to "disrupt, disorient and confuse the enemy". 

The Pentagon says that US Cyber Command carried out cyber operations that disrupted Iranian defenses ahead of a joint US-Israeli military operation over the last weekend.

"The first movers were US CyberCom and US SpaceCom, layering non-kinetic effects, disrupting and degrading and blinding Iran's ability to see, communicate, and respond," Joint Chiefs of Staff Chairman Gen. Dan Caine said in a press conference on Monday.

"Coordinated space and cyber operations effectively disrupted communications and sensor networks across the area of responsibility, leaving the adversary without the ability to see, coordinate, or respond effectively," he added.

A team of academics has developed large language models (LLMs) that can deanonymize internet users based on past comments or other digital clues they have left behind.

The new method works even if targets use different pseudonyms across multiple platforms. It can link real identities to hidden accounts and online activity, and vice versa.

The LLMs basically work by analyzing past activity and creating user profiles. Once enough data points are available, connections can be made between similar profiles based on shared vocabulary and other clues revealed online, such as locations, hobbies, age, and so on.

Russian authorities have arrested a Moscow resident for posing as an FSB intelligence officer to extort and demand payments from members of the Conti ransomware group.

Ruslan Satuchin was detained in October of last year and has remained in custody after authorities extended his arrest warrant in December.

According to Russian news outlet RBC, the suspect contacted a Conti member in September of 2022, claiming he could prevent the FSB from investigating them for a bribe.

This week, US Defense Secretary Pete Hegseth delivered an ultimatum to Anthropic that it allow unrestricted military use of its AI models by Friday or face harsh punishments. This begs the question: When it comes to military use of AI, who exactly should be setting the rules?

At issue for the Department of Defense are safeguards intended to prevent accidental or malicious use of AI. The Pentagon argues that AI is no different from any other technology and decisions about how it is used should be left to the military. 

In mid-January, Hegseth spoke about accelerating AI deployment within the War Department and eliminating barriers that prevent deploying the technology to the battlefield. Hegseth railed against "equitable AI, and other DEI and social justice infusions that constrain and confuse our employment of this technology… We will not employ AI models that won't allow you to fight wars."

Russian authorities have launched a criminal investigation of Telegram founder and CEO Pavel Durov. He is allegedly charged with promoting and facilitating terrorist activity on the Telegram platform by failing to respond to law enforcement takedown requests.

The criminal probe was revealed in a long piece published on Tuesday by the official newspaper of the Russian government, the Rossiyskaya Gazeta.

Russian officials have accused Durov of choosing a "path of violence and permissiveness" by not cooperating with its law enforcement agencies.

A Russian-speaking financially motivated threat actor has used commercial AI toolkits to hack more than 600 Fortinet firewalls.

The campaign began at the start of the year, around January 11, according to the AWS security team.

The attacker didn't exploit zero-days or older vulnerabilities. Instead, they targeted FortiGate devices that had their management ports exposed online, used weak passwords, and didn't have MFA enabled.

The infrastructure that supports the Resource Public Key Infrastructure (RPKI) security standard is not as secure as one would believe and is prone to multiple attacks that could hinder or crash global internet routing.

A new research paper that will be presented next week at the Network and Distributed System Security (NDSS) Symposium looks at a type of server that is part of the RPKI infrastructure known as PP, standing for Publishing Point, and how attacking these servers can prevent routers from validating routing information.

The topic of internet routing and its security protocols is a complex one, so here are the main acronyms and terms that we'll be using and what they mean:

A groundswell of officials are calling for European countries to build cyber capabilities to  strike back against adversaries. It's a fine sentiment, but if Europe had the cojones to strike back it could have done so already with the options it currently has. 

Last week, speaking on the sidelines of the Munich Security Conference, the European Commission's Executive Vice President for Tech Sovereignty, Security and Democracy, Henna Virkkunen, told Politico that "it's not enough that we are just defending ... We also have to have offensive capacity". 

At the same conference, other European officials, including intelligence chiefs expressed similar sentiments. NATO Deputy Secretary General Radmila Shekerinska said that collectively, the alliance's objective should be, "to take action and to be able to strike back" against cyber threats. Shekerinska called out Russia and China as significant threats. 

A supply chain attack has planted backdoors inside the firmware of multiple Android tablet makers. Incidents of tainted firmware updates have been traced back to as far as August 2023.

The firmware images were infected with a new backdoor named Keenadu.

Spotted and analyzed by Kaspersky in a report released on Tuesday, the backdoor is injected in Zygote, the central core process of the Android operating system from where it cannot be removed without a full device flash and reinstall.