Newsletters

Written content from the Risky Business Media team

Risky Bulletin: EU sanctions more Russian disinformation peddlers

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The European Union has sanctioned three new clusters associated with Russia's disinformation networks across Africa and Europe.

This is the EU's 17th round of sanctions against Russia over its 2022 invasion and ongoing war in Ukraine. The sanctions are far broader and also target Russia's oil sector, its shadow fleet of oil tankers, and its hybrid warfare activities across Europe, which included extensive sabotage and disinformation campaigns.

We will not cover the entire sanctions package since it's out of the scope of this newsletter, but only the three clusters that are cyber adjacent.

Risky Bulletin: Japan passes active cyber defense law

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The Japanese government passed a new law last week that allows local agencies to carry out preemptive offensive cyber operations to prevent or suppress future attacks on the country's IT infrastructure.

Although named the Active Cyberdefense Law, its scope goes beyond what the name suggests and also includes several other provisions that modernize and upgrade the country's cybersecurity practices as a whole.

The most important section of the new law is not the part about "active cyber defense" but the part that overhauls some of Japan's data collection practices.

Risky Bulletin: Chrome will de-elevate itself when run with admin privileges

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Google Chrome will inherit a security feature from Microsoft Edge that will automatically prevent Windows users from launching the browser with elevated admin privileges.

The new feature stops and relaunches the browser with normal user-level permissions every time a user tries to run it as an Administrator.

Chrome will only run with admin rights if passed special command-line arguments or when it's started in Automation Mode—to prevent the browser from breaking complex software automation chains.

Chinese Mobile App Encryption is Suspiciously Awful

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A new paper, from researchers at Princeton and The Citizen Lab, has found that apps from the Xiaomi's Mi Store, which services mainland China, are an encryption horror show. Compared to apps found in Google's Play Store, Mi Store apps send significantly more unencrypted traffic. And the encrypted traffic they do send is typically vulnerable to decryption by eavesdroppers.

The researchers examined the top 1,699 apps from the Google Play Store and the Mi Store (more than 800 from each store) and ran them through a measurement pipeline they called WireWatch. The researchers developed WireWatch to automatically identify non-standard encryption. 

It found that nearly half of the top Mi Store apps used proprietary encryption. Only 3.51% of the top Google Play Store apps do the same. The authors then reverse-engineered the nine most popular cryptosystems identified by WireWatch. They found that eight of them sent network traffic that was vulnerable to decryption by adversaries. 

Risky Bulletin: EU launches its own vulnerability database

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The EU's cybersecurity agency ENISA has launched its own vulnerability database designed to aggregate information on software bugs across the European ecosystem.

Although some infosec researchers might think this is the EU's reaction to the recent MITRE funding issues in the US, the new EUVD database was coming anyway, regardless of what was happening to the CVE program.

The EU actually ordered ENISA to create the new database via the NIS2 directive that passed in December 2022—see paragraphs 62 and 63.

Risky Bulletin: Kaleidoscope ad fraud network infects 2.5mil new devices each month

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Security researchers have discovered a new ad fraud operation named Kaleidoscope that uses the "evil twin app" technique to disguise the origin of its ad impressions.

The botnet consists of clean apps uploaded to the official Play Store and doppelgangers distributed through third-party stores.

These clones are the heart of the botnet and are the ones that use a malicious advertising SDK to bombard users with unwanted and unskippable ads.

Risky Bulletin: France says Russian influence operations are getting better, achieving results

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

VIGINUM, the French government's agency that hunts down and exposes foreign disinformation networks, says that Russian influence operations have now reached a mature level and are often achieving notable results.

The agency published a report this week on Storm-1516—what appears to be one of the Russian government's most sprawling and active disinformation clusters.

Unlike many previous disinformation reports that tend to play down the effectiveness of such operations, VIGINUM doesn't mince words and describes Storm-1516's efforts as successful and "a significant threat to French and European public debate."

It's Like Signal, but Dumb

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The use of encrypted messaging apps by senior Trump officials has become a rolling security disaster. We've now learned that rather than using actual Signal, they've been using a bastardised version that undermines the app's security guarantees.  

Last week, President Trump's then-national security advisor Mike Waltz was photographed surreptitiously checking his phone for messages during a cabinet meeting. It gave a decent view of exactly what was on Waltz' screen. Rather than the official Signal app, he appeared to be using something called TM SGNL to communicate with Secretary of State Marco Rubio, Vice President JD Vance, Director of National Intelligence Tulsi Gabbard and special envoy Mike Wiktoff.

It turns out TM SGNL is a forked version of Signal maintained by a company called TeleMessage. The company makes clones of popular consumer messaging apps with the addition of archiving functions to store messages. 

Risky Bulletin: Microsoft joins industry crackdown on bulk email senders

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft has joined rivals in the consumer email inbox market, such as Apple, Google, and Yahoo, and implemented stronger anti-spam features for its Outlook.com email platform.

The new rules entered into effect on Monday, May 5, and apply only to bulk senders, which are domains that send more than 5,000 emails per day to Outlook users.

Bulk senders must now authenticate their domains using modern email security standards such as DKIM, DMARC, and SPF.

Risky Bulletin: Six-years-old backdoor comes to life to hijack Magento stores

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Hackers activated secret backdoors they planted six years ago inside Magento plugins to hijack almost 1,000 Magento online stores.

The initial compromises took place in 2019 when the attackers allegedly gained access to the servers of three Magento software developers—Magesolution, Meetanshi, and Tigren.

According to security firm Sansec, the hackers modified the source code of 21 plugins. The backdoor was hidden in the License.php file, which is typically included in most plugins to check if the user holds a valid license.