Newsletters

A threat actor is hacking and extorting companies that have misconfigured their cloud server infrastructure.

The data extortion campaign has been taking place since earlier this year and involves a large-scale scan of the internet for companies that have exposed their environment variable files.

Also known as .ENV, these files act as a centralized location for storing configuration data by multiple software solutions.

In sharp contrast to events during the 2016 US presidential election campaign, an apparent hack and leak operation targeting the Trump campaign is being treated responsibly by America’s mainstream media. 

For us, 'responsible' behaviour means verifying the documents, assessing the material's newsworthiness, and giving readers context of the potential operation.    

On Saturday, after being approached by news outlet Politico with leaked documents, the Trump campaign claimed it had been hacked in an attempt to interfere with the 2024 election. 

US officials have seized server infrastructure linked to a data extortion group known as Dispossessor and RADAR.

Officials from the DOJ and FBI have seized nine domains and 24 servers linked to the gang's operations.

A criminal complaint was also filed against an individual going by the hacker pseudonym of "Brain," which officials believe is based out of Europe—possibly Poland.

The Trump campaign claims it was hacked by Iran after a trove of sensitive documents were leaked to Politico at the end of July.

The news outlet says it received the documents from an individual using the name Robert and an AOL email address.

The documents allegedly contained vetting materials pertaining to J.D. Vance and Marco Rubio, which were compiled by the Trump team as part of the Vice President nomination process. The documents are allegedly part of a larger collection of files stolen from the campaign.

The US State Department is offering a $10 million reward for any information on six Iranians behind Cyber Av3ngers, an Iranian hacktivist group that has repeatedly attacked critical infrastructure across the US and other countries.

The six were identified as members of an Iranian cyber unit known as the Iranian Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC).

The six were sanctioned by the US Treasury in February this year, but this marks the first time the US has formally linked the six to the Cyber Av3ngers persona.

The US intelligence community is seriously concerned about the foreign intelligence risks that stem from its porous data ecosystem, according to the newly released 2024 US National Counterintelligence Strategy. 

The 2024 strategy calls for robust action to counter what it calls foreign intelligence entities (FIEs). It describes an "unprecedented" array of threats:

It says that the PRC and Russia represent the most significant threats and that:

A ransomware attack has hit the IT systems of the French national museum network, crippling financial systems at over 40 museums, including two that were repurposed to host two Olympic events.

The attack hit over the weekend and took down an IT system that was aggregating financial data from Réunion des Musées Nationaux (RMN), an organization under the French Ministry of Culture that manages museums around Paris, including the Louvre.

The incident also impacted Grand Palais and the Château de Versailles, two museums hosting events for the Paris 2024 Olympics.

German and US authorities have seized a crypto-wallet service named Cryptonator on charges of money laundering and operating an unlicensed money service business.

The service allowed individuals to set up crypto-wallet funds that could receive and send funds from and to any type of blockchain service, effectively operating as a "personal cryptocurrency exchange" for each customer.

Officials say Cryptonator failed to implement anti-money laundering protections and knowingly allowed its service to be used for illegal activities.

An emergency certificate revocation initiated by DigiCert earlier this week has met a brick wall after the company got sued by one of its customers and several critical infrastructure operators raised safety concerns.

DigiCert initiated the certificate revocation on Monday as part of the normal procedures and agreements between Certificate Authorities (CAs) and browser and OS makers like Microsoft, Apple, Google, and Mozilla.

According to rules established by the CA/B Forum, DigiCert is mandated to revoke any certificates it issued through invalid procedures.

An apparent leak from its Ministry of Justice suggests the Israeli government seized documents and computers from NSO Group to prevent potentially damaging material from being provided to litigants in a US court case. 

WhatsApp filed suit against NSO Group in 2019 after the company discovered that NSO Group had targeted about 1,400 of its users with Pegasus malware, which has been used to facilitate human rights violations around the world. WhatsApp is seeking an injunction blocking NSO Group from accessing its computer systems, which would effectively end NSO Group's ability to target WhatsApp users. 

The court process includes a formal discovery phase in which parties to a case exchange relevant information, including otherwise sensitive documents.