Newsletters

A new report explores how effectively the Chinese state leverages civilian talent for state-sponsored cyber operations. 

From Vegas to Chengdu, by Eugenio Benincasa from the Center for Security Studies at ETH Zurich, focuses on the links between Chinese hacking contests and bug bounties and the country's cyber espionage programs. Interestingly, it finds that PRC vulnerability discovery efforts in recent years depend highly on just 'a handful' of Chinese researchers

The report pulls together information made public over the past several years to comprehensively summarise evidence the PRC funnels vulnerability research into state-sponsored espionage efforts.

Apple is holding its yearly Worldwide Developers Conference (WWDC) this week in Cupertino, and the company has announced several security-related features on the first day of the event.

This year's biggest announcement is Private Cloud Compute, a new feature that will take user data and process it inside an encrypted cloud server. This feature will be used for new Apple AI services that require more processing power than is available on the user's device.

Apple says the data will be stored on servers that use custom-built hardware and run a custom operating system. Data is sent to PCC servers only with the user's approval, and Apple says that even its staff with administrative rights can't access or view it. Everything, of course, is wrapped in cryptographic protocols.

GetResponse data breach: The email marketing platform GetResponse disclosed a security breach after a threat actor gained access to one of its employees' accounts. The company says the attacker used the account to pivot to less than 10 of its customers. So far, the GetResponse breach has been linked to at least one other breach—at cryptocurrency platform CoinGecko. The company says the hacker stole the email addresses of almost two million CoinGecko subscribers.

LendingTree breach: Loan comparison site LendingTree has confirmed that its QuoteWizard subsidiary had data stolen from its Snowflake account. [Additional coverage in TechCrunch]

Bangladesh data leak: The Bangladesh intelligence agency has caught two police officers from its anti-terror unit selling citizen data to criminals on Telegram. According to TechCrunch, the officers sold both PII and classified data via a Telegram channel. The Bangladesh government says the two officers had access to government systems suspended as they are being investigated. The NTMC intelligence agency caught the two after reviewing logs of its own systems.

Moldavian authorities have arrested four individuals suspected of sharing information about Interpol Red Notices with wanted fugitives, including cybercrime suspects.

The scheme was uncovered earlier this year by the UK NCA during a separate cybercrime investigation. Authorities say a criminal group paid bribes of several millions of US dollars to Moldavian public servants to provide early warning of Interpol Red Notice arrest warrants.

The early warning allowed wanted individuals to seek asylum or refugee status in Moldova or other countries, a process that triggers the deletion of Red Notices from the Interpol database.

Russian espionage, disruption, disinformation and real-world interference in Europe is ramping up in the lead up to European Union elections and the Paris Olympics.

Juhan Lepassaar, the head of the EU's cyber security agency ENISA, last week told The Associated Press disruptive attacks against European infrastructure had doubled in recent months. 

"This is part of the Russian war of aggression, which they fight physically in Ukraine, but digitally also across Europe," Lepassaar said. 

The Linux Kernel project was made an official CVE Numbering Authority (CNA) with exclusive rights to issue CVE identifiers for the Linux kernal in February this year.

While initially this looked like good news, almost three months later, this has turned into a complete and utter disaster.

Over the past months, the Linux Kernel team has issued thousands of CVE identifiers, with the vast majority being for trivial bug fixes and not just security flaws.

Cloud data platform Snowflake is dealing with a cybersecurity incident that is the perfect example of why every major *-as-a-platform company should be enforcing multi-factor authentication (MFA) by default for all their customer accounts.

The company began investigating a possible security breach after threat actors bragged on cybercrime forums about using access to its platform to scrape, collect, and then sell data from two major companies—Santander Bank and Ticketmaster.

An initial report from a cybersecurity vendor floated the idea that the threat actors may have gained access to a Snowflake employee's account and then pivoted to customer infrastructure.

A coalition of law enforcement agencies orchestrated the largest cybercrime takedown to date and seized servers and domains used by six of the world's largest malware botnets.

Named Operation Endgame, the takedown specifically targeted the botnets of "malware loaders," a type of malware that infects systems and then rents access to other cybercrime groups.

Europol says the coalition specifically targeted these botnets because of their role in helping deploy ransomware as part of their "host rental" business model.

TikTok has released a report covering covert influence operations on its platform, but this will do precisely nothing to allay fears the video sharing application is insulated from PRC influence.

TikTok's report described influence campaigns it had detected and disrupted from January through April this year. The 15 campaigns spanned 3,000 accounts and reached millions of followers. A domestically targeted pro-Ukrainian campaign reached 2.6 million followers and a domestically-aimed Iraqi campaign nearly 500,000, but the rest of the campaigns reached a relatively small number of followers. The report even called out a Chinese campaign that targeted a US audience with positive narratives about Chinese policy and culture.

Courts in three countries have now ruled that incident response and forensic reports are not protected legal documents and must be made available in other court cases or to authorities on request.

Legal precedents now exist in Australia, Canada, and the US.

In Australia, the precedent was in a class-action lawsuit related to the Optus September 2022 data breach. Optus argued that an incident response report it ordered from Deloitte was protected by client-attorney legal professional privilege. A federal court rejected the company's claim last November, and the company lost the appeal this week.