Newsletters

Firefox and Tor Browser users are advised to install the latest security patches to address a bug that can allow threat actors to track them across the internet.

The bug works in normal browsing mode, in private browsing windows, and, in the case of Tor, across different Tor sessions.

The issue, found by the team at FingerprintJS, resides in IndexedDB, a Firefox API that allows websites to store data inside a user's browser for future visits.

An ugly-looking web panel has been linked to 94 SIM farms located across 17 countries around the globe.

ProxySmart, as the panel is called, is among the first SIM-Farm-as-a-Service providers observed in cybercrime underground circles.

According to security firm Infrawatch, the panel was developed by a group operating out of Belarus, a group the company describes as "individuals with long-running involvement in SIM farm and mobile proxy operations."

Elon Musk has refused to appear at a voluntary interview relating to a French criminal investigation into illegal content on X and sexual abuse material created by the Grok chatbot.

The strategy of applying pressure directly on technology company executives is one that French authorities have used before. This incident reminds us of the arrest of Telegram founder and CEO Pavel Durov in Paris back in 2024. 

Both Telegram and X are being investigated by the same aggressive French cybercrime unit, but the problems these platforms present to authorities are different. Prior to Durov's arrest, Telegram was notoriously reluctant to cooperate with authorities and child safety groups. Massive criminal marketplaces flourished on the app. X, on the other hand, does actually enforce rules and policies, albeit imperfectly. While it has stepped back from countering bias or misinformation and has become an amplifier of Musk's own extreme right-wing views, this is not in the same league as allowing criminal activity to flourish.

A former FBI cyber official has urged Congress to investigate if ransomware groups that target hospitals and critical infrastructure can be designated as terrorist organizations.

Former FBI Cyber Deputy Director Cynthia Kaiser says the designation would allow prosecutors access to a broader set of tools and legal levers in tracking and taking down operations.

Kaiser, who served in the FBI for 20 years, including as the agency's Cyber Deputy Director, has also urged lawmakers to examine if ransomware operators can be charged with murder or manslaughter if any attacks lead to a human death.

Security researchers at British security firm Darktrace have found a new and interesting piece of malware that was specifically designed to infect and sabotage the operations of Israel's national water management network.

Named ZionSiphon, the malware is one of the rare malware strains created to target operational technology (OT), which are the type of networks from which staff manage industrial equipment.

The malware is a very targeted operation that only works inside networks hosted on Israeli IP address ranges and where the malware finds specific text strings containing the names of common Israeli companies that manage water treatment and desalination systems.

The US National Institute of Standards and Technology announced on Wednesday a new policy regarding the US National Vulnerability Database, which the agency has been struggling to keep updated with details for every new vulnerability added to the system.

Going forward, NIST says its staff will only add data—in a process called enrichment—only for important vulnerabilities.

This will include three types of security flaws, which the agency says are critical to the safe operation of US government networks and its private sector.

A recent deep dive into the American adtech surveillance system, Webloc, highlights the national security and privacy risks of pervasive and easily obtainable geolocation data. It brings home, once again, that the US needs to clamp down on the collection and sale of geolocation data.

The report, from Citizen Lab, documents what Webloc says it can do, who uses the product and its relationship with other commercial intelligence products. 

Webloc was developed by Cobweb Technologies, but is now sold by the US firm Penlink after the two companies merged in 2023. A leaked technical proposal document, obtained by Citizen Lab, says that Webloc provides access to records from "up to 500 million mobile devices across the globe". These records contain device identifiers, location coordinates and profile data from mobile apps and digital advertising.

A recently published academic paper has studied the emerging ecosystem of LLM routers, a type of proxy that sits between AI agents and the AI provider to help with load-balancing and cost tracking and limiting.

The research team tested 28 paid routers available on marketplaces like Taobao, Xianyu, and on Shopify-hosted storefronts, as well as 400 free routers available on GitHub and other places.

The study searched for multiple suspicious behaviors, such as modifying the response to inject commands, using a delay/trigger mechanism to hide future bad commands behind a history of clean operations, accessing credentials that pass through them, and using evasion techniques to thwart analysts.

The French government is taking its first major steps to ditch Windows for Linux and reduce its dependency on US tech for local European alternatives.

The first department to bite the bullet will be the French Inter-Ministerial Directorate of Digital Affairs (DINUM). The agency is the unofficial IT department for the French government, and this is very likely a test of how a migration could happen at a larger scale.

The decision was announced last week at a seminar between several French government ministries, which also pledged to prepare plans for their own migrations and the alternatives they might need.

The main Risky Business podcast is now on YouTube with video versions of our recent episodes. Below is our latest weekly show with Pat, Adam, and James at the helm!

LA CAO hack: The Los Angeles city attorney’s office has been hacked and sensitive data has been published online. Stolen data included sensitive case details and the personal information of LA police officers. Witness names, medical records, and internal affairs investigation are also part of a trove of 7.7TB published online this week. [KTLA]

Ransomware hits key Dutch hospital provider: A ransomware attack has hit a major software provider for the Dutch healthcare sector. The incident impacted ChipSoft, the maker of an electronic patient record management platform named HiX. According to reports, the platform is used by roughly 70% of all Dutch hospitals but it's unclear if it was affected. The incident didn't impact the platform's availability. [NLTimes]