Newsletters

Tom Uren is on leave this week so Risky Business publisher Patrick Gray wrote this week's edition.

Good security happens when the incentives are right. Sometimes that's because a company is operating under a strict compliance regime, or it has customers that really, really care about security, or it's in a frequently attacked vertical like banking. 

Academics have discovered a new variation of the network loop attack that can crash servers by putting them in an infinite loop of data exchange.

The new attack is named Loop DoS and was discovered by Yepeng Pan and Professor Dr. Christian Rossow from the CISPA German research institute.

It is a variation of classic network loops but one that takes place at the application layer instead of the network routing level.

Microsoft has developed a new security protection for its Edge web browser.

The new feature—which has no official name—aims to stop sandbox escape attacks.

In a super simplified explanation—the new protection works by crashing the JavaScript rendering process when an attacker tries to escape the sandbox (where a website's code is executed) and then pivot to a more high-privileged internal browser component.

For more than a month, staff at the US National Institute of Standards and Technology (NIST) has stopped enriching CVE vulnerability data added to the National Vulnerability Database (NVD).

More than 2,100 CVE entries have been published without crucial metadata information—a process called "enrichment."

Enrichment data is crucial to anyone viewing the NVD. It provides basic details such as the name of software products impacted by the CVE, the vulnerability's CVSS severity scores, CVE and CWE data, a basic description of the bug, and patching status.

The Russian Foreign Intelligence Service (SVR)-linked group that initially breached Microsoft in November is still accessing the vendor’s systems. 

Microsoft originally disclosed the breach in late January and attributed it to a group it calls Midnight Blizzard, which has been linked to Russia's SVR by the US and UK governments. 

Last Friday, Microsoft announced in a blog post and SEC filing that Midnight Blizzard was continuing to gain access to Microsoft systems including "some of the company’s source code repositories and internal systems". Microsoft writes:

The Tor Project has launched this week a new anti-censorship tool named WebTunnel.

WebTunnel is a new type of Tor bridge, a type of secret server that are not listed in Tor's public directory. 

Because they are not public, Tor bridges are typically used in oppressive countries to allow users to connect to the Tor network.

Microsoft says that Russian state-sponsored hackers successfully gained access to some of its internal systems and source code repositories.

The intrusions are the latest part of a security breach that began in November of last year and which Microsoft first disclosed in mid-January.

Initially, the company said hackers breached corporate email servers and stole inboxes from the company's senior leadership, legal, and cybersecurity teams.

The FBI has published its yearly Internet Crime Report [PDF], and the main takeaway from this year's edition is that Americans are really bad at spotting cryptocurrency-themed investment scams.

For the first time since the FBI started putting out its yearly report in the early 2010s, last year, Americans lost more money to crypto-investment scams than all BEC incidents combined.

Americans lost $4.57 billion to investment scams last year, of which $3.94 billion were linked to crypto schemes.

A senior Russian media figure has published a recording of German Ministry of Defence (Bundeswehr) officials discussing the implications of providing Ukraine with medium-range cruise missiles. 

The story here is not that German security is poor, but that Russia is publishing raw intelligence to sow discord in the country. 

Margarita Simonyan, editor-in-chief at RT, the Russian state-controlled TV outlet, published the 38-minute audio recording on Friday 1 March saying "comrades in uniforms" had given her the recording. 

Chinese company ACEMAGIC has confirmed that early batches of some of its new mini PC models were shipped with pre-installed malware.

Malware such as the Redline infostealer and the Bladabindi backdoor were found in the Windows OS system recovery section of its mini PCs. In some cases, malware was also found in the mini PCs' RGB lighting driver.

The infections were initially found by YouTube hardware review channel The Net Guy Reviews, later confirmed by The Gadgeteer and reconfirmed by other reviewers and some of the company's customers.