Newsletters

Written content from the Risky Business Media team

Risky Biz News: NIST NVD stopped enriching CVEs a month ago

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

For more than a month, staff at the US National Institute of Standards and Technology (NIST) has stopped enriching CVE vulnerability data added to the National Vulnerability Database (NVD).

More than 2,100 CVE entries have been published without crucial metadata information—a process called "enrichment."

Enrichment data is crucial to anyone viewing the NVD. It provides basic details such as the name of software products impacted by the CVE, the vulnerability's CVSS severity scores, CVE and CWE data, a basic description of the bug, and patching status.

The Microsoft Breach That Won't End

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

The Russian Foreign Intelligence Service (SVR)-linked group that initially breached Microsoft in November is still accessing the vendor’s systems. 

Microsoft originally disclosed the breach in late January and attributed it to a group it calls Midnight Blizzard, which has been linked to Russia's SVR by the US and UK governments. 

Last Friday, Microsoft announced in a blog post and SEC filing that Midnight Blizzard was continuing to gain access to Microsoft systems including "some of the company’s source code repositories and internal systems". Microsoft writes:

Risky Biz News: Tor launches new WebTunnel anti-censorship protocol

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The Tor Project has launched this week a new anti-censorship tool named WebTunnel.

WebTunnel is a new type of Tor bridge, a type of secret server that are not listed in Tor's public directory. 

Because they are not public, Tor bridges are typically used in oppressive countries to allow users to connect to the Tor network.

Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Microsoft says that Russian state-sponsored hackers successfully gained access to some of its internal systems and source code repositories.

The intrusions are the latest part of a security breach that began in November of last year and which Microsoft first disclosed in mid-January.

Initially, the company said hackers breached corporate email servers and stole inboxes from the company's senior leadership, legal, and cybersecurity teams.

Risky Biz News: Crypto-fraud is now bigger than BEC

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The FBI has published its yearly Internet Crime Report [PDF], and the main takeaway from this year's edition is that Americans are really bad at spotting cryptocurrency-themed investment scams.

For the first time since the FBI started putting out its yearly report in the early 2010s, last year, Americans lost more money to crypto-investment scams than all BEC incidents combined.

Americans lost $4.57 billion to investment scams last year, of which $3.94 billion were linked to crypto schemes.

Why the German Military's Use of WebEx Is Fine, Actually

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A senior Russian media figure has published a recording of German Ministry of Defence (Bundeswehr) officials discussing the implications of providing Ukraine with medium-range cruise missiles. 

The story here is not that German security is poor, but that Russia is publishing raw intelligence to sow discord in the country. 

Margarita Simonyan, editor-in-chief at RT, the Russian state-controlled TV outlet, published the 38-minute audio recording on Friday 1 March saying "comrades in uniforms" had given her the recording. 

Risky Biz News: ACEMAGIC mini PCs shipped with pre-installed malware

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Chinese company ACEMAGIC has confirmed that early batches of some of its new mini PC models were shipped with pre-installed malware.

Malware such as the Redline infostealer and the Bladabindi backdoor were found in the Windows OS system recovery section of its mini PCs. In some cases, malware was also found in the mini PCs' RGB lighting driver.

The infections were initially found by YouTube hardware review channel The Net Guy Reviews, later confirmed by The Gadgeteer and reconfirmed by other reviewers and some of the company's customers.

Risky Biz News: Intellexa pulls new Predator spyware infra after thorough undressing

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Intellexa—the holding company that sells and operates the Predator spyware—has taken servers offline after two security firms exposed the company's brand-new infrastructure.

Reports from Sekoia and Recorded Future provided details on new domains and servers used as part of the Predatory attack and delivery platform.

The reports provided insights on how and from where Intellexa customers were launching operations against their targets. It included details on suspected phishing and social engineering domains and "delivery servers" that hosted and sent the Predator spyware to devices that needed to be infected.

Risky Biz News: US restricts sale of personal data to hostile nations

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The White House has issued an executive order to ban the sale of Americans' personal data to hostile countries, such as China, Russia, and Iran.

The executive order directs the Department of Justice to issue regulations for the data brokerage market.

The new rules will bar data brokers from selling or transferring abroad certain types of data that are considered to be too sensitive.

The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

This week the US Office of the National Cyber Director (ONCD) published a report calling for the adoption of memory safe programming languages. 

It's remarkable such a technical document has been published by the White House.

The report has the overarching goal of addressing what the ONCD calls in its fact sheet the "urgent need to address undiscovered vulnerabilities''. It notes that if every single known vulnerability were fixed, undiscovered vulnerabilities would still present additional risk.