Newsletters

The US intelligence community is seriously concerned about the foreign intelligence risks that stem from its porous data ecosystem, according to the newly released 2024 US National Counterintelligence Strategy. 

The 2024 strategy calls for robust action to counter what it calls foreign intelligence entities (FIEs). It describes an "unprecedented" array of threats:

It says that the PRC and Russia represent the most significant threats and that:

A ransomware attack has hit the IT systems of the French national museum network, crippling financial systems at over 40 museums, including two that were repurposed to host two Olympic events.

The attack hit over the weekend and took down an IT system that was aggregating financial data from Réunion des Musées Nationaux (RMN), an organization under the French Ministry of Culture that manages museums around Paris, including the Louvre.

The incident also impacted Grand Palais and the Château de Versailles, two museums hosting events for the Paris 2024 Olympics.

German and US authorities have seized a crypto-wallet service named Cryptonator on charges of money laundering and operating an unlicensed money service business.

The service allowed individuals to set up crypto-wallet funds that could receive and send funds from and to any type of blockchain service, effectively operating as a "personal cryptocurrency exchange" for each customer.

Officials say Cryptonator failed to implement anti-money laundering protections and knowingly allowed its service to be used for illegal activities.

An emergency certificate revocation initiated by DigiCert earlier this week has met a brick wall after the company got sued by one of its customers and several critical infrastructure operators raised safety concerns.

DigiCert initiated the certificate revocation on Monday as part of the normal procedures and agreements between Certificate Authorities (CAs) and browser and OS makers like Microsoft, Apple, Google, and Mozilla.

According to rules established by the CA/B Forum, DigiCert is mandated to revoke any certificates it issued through invalid procedures.

An apparent leak from its Ministry of Justice suggests the Israeli government seized documents and computers from NSO Group to prevent potentially damaging material from being provided to litigants in a US court case. 

WhatsApp filed suit against NSO Group in 2019 after the company discovered that NSO Group had targeted about 1,400 of its users with Pegasus malware, which has been used to facilitate human rights violations around the world. WhatsApp is seeking an injunction blocking NSO Group from accessing its computer systems, which would effectively end NSO Group's ability to target WhatsApp users. 

The court process includes a formal discovery phase in which parties to a case exchange relevant information, including otherwise sensitive documents. 

New numbers released at the end of last week suggest that US NIST is unlikely to make any significant progress in addressing a backlog of unprocessed vulnerabilities at the National Vulnerability Database (NVD).

The backlog began in February when NIST analysts slowed down the rate at which they were processing and enriching NVD entries, releasing many CVEs with little to no information about the nature of the security flaw, severity scores, and fixed or vulnerable software versions.

The slowdown had a major impact on the vulnerability management section of the cybersecurity community, which was relying on these entries to help inform customers about which bugs to patch first.

The Secure Boot system on more than 800 motherboard models across 10 different vendors is basically useless now after an extremely sensitive cryptographic key was accidentally leaked online last year.

The key was leaked via a now-removed GitHub repository in 2023 and discovered earlier this year by firmware security firm Binarly.

It allegedly came from an (unnamed) Original Device Manufacturer (ODM), which in turn received it from American Megatrends International (AMI), a company known for developing BIOS/UEFI products.

A team of Chinese academics has discovered a new type of DNS attack that impacts almost a quarter of all open DNS resolvers running on the internet.

Named TuDoor, the attack uses malformed DNS packets to trigger logic errors inside DNS software. The attack specifically targets the part of the DNS resolver that prepares DNS responses for user queries.

Academics say they can use a quick succession of malformed packets to poison a DNS resolver's cache, cause a denial of service, or increase a server's resource consumption.

An eye-opening report describes a cyber crime supply chain with connections to Chinese organised crime, illegal online gambling, money laundering, human trafficking and even sponsorships with European sports teams.

Infoblox, the security firm that authored the report, said this supply chain was controlled by a single actor it calls Vigorish Viper. The main purpose of the enterprise was to facilitate illegal online gambling for residents of what the report calls 'Greater China'. (This term isn't defined in the report, but from our reading of it we think it includes mainland China, Hong Kong, and Macau, but not Taiwan).  

Infoblox said the supply chain was organised into multiple entities performing different functions to "shield the operators from scrutiny and legal consequences". In OPSEC terms, Vigorish Viper compartmentalises its operations so the disruption of any single entity (such as a money launderer, hosting provider or payment service) by law enforcement action does not cripple the entire operation. 

In January this year, Russian hackers used a novel piece of ICS malware to cut the heating and hot water to over 600 apartment buildings in the city of Lviv, Ukraine.

The incident is believed to have impacted apartment blocks in Lviv's Sykhiv residential area. More than 100,000 people are believed to have been left without heating for almost two days as one of the city's heating providers, Lvivteploenergo, restored service.

The attack used a malware strain named FrostyGoop, according to a report released by industrial security firm Dragos this week.