Newsletters

Intellexa—the holding company that sells and operates the Predator spyware—has taken servers offline after two security firms exposed the company's brand-new infrastructure.

Reports from Sekoia and Recorded Future provided details on new domains and servers used as part of the Predatory attack and delivery platform.

The reports provided insights on how and from where Intellexa customers were launching operations against their targets. It included details on suspected phishing and social engineering domains and "delivery servers" that hosted and sent the Predator spyware to devices that needed to be infected.

The White House has issued an executive order to ban the sale of Americans' personal data to hostile countries, such as China, Russia, and Iran.

The executive order directs the Department of Justice to issue regulations for the data brokerage market.

The new rules will bar data brokers from selling or transferring abroad certain types of data that are considered to be too sensitive.

This week the US Office of the National Cyber Director (ONCD) published a report calling for the adoption of memory safe programming languages. 

It's remarkable such a technical document has been published by the White House.

The report has the overarching goal of addressing what the ONCD calls in its fact sheet the "urgent need to address undiscovered vulnerabilities''. It notes that if every single known vulnerability were fixed, undiscovered vulnerabilities would still present additional risk.

The US Commerce Department has sanctioned Canadian company Sandvine for providing internet mass surveillance technology to the Egyptian government.

In a press release, US government officials said Sandvine's networking equipment was used to monitor and censor internet traffic in Egypt and target local political figures and human rights activists.

Sandvine Canada and five of its subsidiaries were added to the Commerce Department's Bureau of Industry and Security (BIS) Entity List. 

A malicious backdoor has been found inside the user interface component of the Tornado Cash cryptocurrency mixing project.

The code has been exploited in the wild to hijack assets deposited in Tornado Cash installations.

The malicious code was added to the project by one of its developers.

Google has released this week version 122 of its Chrome browser, which comes with a new security feature meant to reduce the browser's attack surface.

The feature has no catchy name but can be found in the Chrome settings section and enabled with only a few clicks.

It allows Chrome users to disable performance features for V8, the engine inside Chrome that processes JavaScript and WebAssembly code.

Written with Catalin Cimpanu of Risky Business News

An unknown individual or entity has leaked files that suggest a Chinese cyber security company is developing malware and carrying out cyber espionage on behalf of the Chinese government.

The data allegedly belongs to i-SOON, a company based in Chengdu, that also does business as Sichuan Anxun (四川安洵信息技术有限公司).

Law enforcement agencies from 11 countries have disrupted the LockBit ransomware operation in the most thorough and coordinated takedown of a cybercrime portal that has been seen to date.

As part of what they codenamed Operation Cronos, officials seized LockBit server infrastructure, froze cryptocurrency wallets holding past ransoms, released decryption tools, arrested members, filed additional charges, and imposed international sanctions.

The operation began months ago and was led by the UK's National Crime Agency (NCA). The agency claims it infiltrated the gang's servers, mapped out infrastructure, collected encryption keys, and accessed the LockBit backend, where admins and affiliates collected stats about attacks and negotiated with victims.

ENEA, a Sweden-based telecom security firm, claims it reproduced a user fingerprinting technique advertised and sold by Israeli spyware vendor NSO Group.

Named MMS Fingerprinting, the technique can collect information on a target's smartphone and operating system just by sending an MMS message.

NSO Group claims no user interaction is needed besides knowing the target's phone number.

Microsoft has released this week an optional servicing update that rotates digital certificates used by the Secure Boot feature.

The update is likely to unclench some sphincters in the IT administration and cybersecurity community, as the certificates were set to expire in 2026.

Once the certificates expired, Windows systems where Secure Boot was enabled would have failed to boot. The issue would have also impacted some Linux systems that use Microsoft certificates for their bootloader, such as Ubuntu.