Newsletters

The developers of several of today's top infostealers have found several ways to bypass Chrome's new App-Bound Encryption security feature.

Infostealers such as Lumar, Lumma, Meduza, Vidar, and WhiteSnake have told their "customers" they can now bypass the feature and retrieve authentication cookies that were recently coming back encrypted.

Added in Chrome v127, released in mid-July, the App-Bound Encryption feature works by encrypting data related to the Chrome browser process. This data can be decrypted only from an admin-level account.

The Tor Project says that regular Tor browser users are not affected by a deanonymization attack used by German law enforcement to catch the administrator of a dark web CSAM forum named Boystown.

German TV network NDR reported on Wednesday that German police had been secretly recording traffic entering the Tor network via nodes located in Germany over the past years.

According to technical documents obtained by NDR reporters and reviewed by security experts from Germany's infamous Chaos Computer Club (CCC), authorities used a "timing attack" to analyze traffic entering and leaving Tor nodes and correlate users visiting certain Tor sites to their real-life IP addresses.

The US government has imposed a new set of sanctions against Intellexa, the company behind the Predator commercial spyware.

New sanctions were levied against five individuals and a company associated with the Intellexa Consortium—the parent entity at the top of a network of shell companies and resellers designed to obfuscate its affairs.

Recipients of the new US Treasury sanctions include executives of Intellexa's smaller business units.

The US government says that RT (formerly known as Russia Today) has morphed from a news organization into a fully active intelligence asset for the Russian government.

The US State Department says that at the start of 2023, the Russian government embedded a Russian intelligence unit with cyber capabilities inside RT.

State officials did not explain the role of this unit but say that since then, RT has engaged in "information operations, covert influence, and military procurement" across Europe, Africa, and North and South America.

A mysterious threat actor has built a giant botnet by infecting over 1.3 million Android TV set-top boxes across the globe.

The devices were infected with a new backdoor named Vo1d.

The malware's main function is to gain reboot persistence on the device through three different methods and then watch a folder and install any Android APK file placed there.

A new report finds the global spyware market is concentrated in Israel, India and Italy and that a few individuals have founded a number of spyware vendors. 

Mythical Beasts and Where to Find Them, from the Atlantic Council's Digital Forensics Research Lab (DFRLab), attempts to map the global spyware market and identify links between firms, based on public reporting coupled with searches of corporate registries and databases. 

DFRLab found information on:

A UK anti-corruption organization has published a report this week warning that the UK's top police investigative body—the UK National Crime Agency (NCA)—is close to a critical collapse, describing it's current state as "on its knees."

According to the Spotlight on Corruption, the NCA is dealing with huge staff turnover, recruitment issues, and chronically low pay. The study's results are below:

Eleven years after its creation, the study highlights the agency's stagnation and the lack of attention and reform from the British government.

Microsoft announced last week two changes to its products designed to boost the company's security posture.

Redmond plans to disable ActiveX in Office apps in October and then harden the Windows CFLS logging service against logic bugs in future versions of Windows 11.

Both are important steps that address some of today's biggest attack surfaces in Windows.

The US government orchestrated its largest crackdown against Russia's disinformation apparatus on Wednesday, coming out with indictments, sanctions, visa restrictions, site takedowns, and rewards for information on some of the individuals involved.

US officials have formally accused the Kremlin of interfering again in the US Presidential Election, mainly through the work of several of its entities pushing to promote Donald Trump and the Republican Party.

The actions hit well-known purveyors of Russian propaganda, such as Doppelganger, Structura, RRN, SDA, and even RT (formerly Russia Today).

Google has discovered exploits developed by commercial spyware vendors being used by Russian government espionage groups.

Per Google's Threat Analysis Group (TAG): 

TAG does not know how these attackers acquired these exploits. However, by the time attackers used them, they had been patched and were no longer 0days.