Newsletters

Microsoft announced last week two changes to its products designed to boost the company's security posture.

Redmond plans to disable ActiveX in Office apps in October and then harden the Windows CFLS logging service against logic bugs in future versions of Windows 11.

Both are important steps that address some of today's biggest attack surfaces in Windows.

The US government orchestrated its largest crackdown against Russia's disinformation apparatus on Wednesday, coming out with indictments, sanctions, visa restrictions, site takedowns, and rewards for information on some of the individuals involved.

US officials have formally accused the Kremlin of interfering again in the US Presidential Election, mainly through the work of several of its entities pushing to promote Donald Trump and the Republican Party.

The actions hit well-known purveyors of Russian propaganda, such as Doppelganger, Structura, RRN, SDA, and even RT (formerly Russia Today).

Google has discovered exploits developed by commercial spyware vendors being used by Russian government espionage groups.

Per Google's Threat Analysis Group (TAG): 

TAG does not know how these attackers acquired these exploits. However, by the time attackers used them, they had been patched and were no longer 0days.

The White House has published a roadmap this week with its top recommendations for improving the security of internet routing protocols.

The document [PDF] specifically looks at ways of improving the security of the Border Gateway Protocol (BGP), the technology responsible for directing internet traffic between different networks across  all the globe.

The White House started looking into BGP security in 2022 as part of a concerted US government effort to secure internet routing and prevent foreign actors from hijacking traffic from American networks using attacks known as BGP hijacks.

The US Department of Justice has charged a Romanian and a Serbian man for a years-long swatting campaign that terrorized US citizens, including multiple senior government officials.

Officials say a 26-year-old Romanian named Thomasz Szabo was the moderator of an online chatroom called "Shenanigans," where he planned swatting and fake bomb threats since December 2020.

Szabo allegedly worked closely with a 21-year-old from Serbia named Nemanja Radovanovic.

An Iranian cyber contractor has been moonlighting as an initial access broker and providing support for ransomware gangs as a way to fill their personal coffers.

In a joint report published this week, CISA, the FBI, and the DOD's cybercrime division say that an Iranian group tracked as Pioneer Kitten (Fox Kitten, UNC757, Parisite, RUBIDIUM, Lemon Sandstorm) has created successful personas on the criminal underground where it sells access to the networks of hacked companies.

The group has operated using hacker names such as "Br0k3r" and "xplfinder" and has been observed selling access to affiliates for the AlphV, NoEscape, and RansomHouse ransomware operations.

Telegram founder and CEO Pavel Durov has been released from custody by French authorities on €5m bail and banned from leaving French territory over charges related to illegal activity on the app. 

Durov was detained last weekend after he flew into Paris-Le Bourget airport on a private jet and was bailed on Wednesday.  

Although the investigation is being framed by some as an attack on free speech, the charges centre around deliberately avoiding responsibilities to tackle illegal and abhorrent content on Telegram.

Chinese cyber-espionage group Volt Typhoon has used a zero-day in a network virtualization server to breach the infrastructure of US ISPs and managed service providers.

The attacks began in June and are still ongoing, according to internet infrastructure company Lumen.

They target Versa Director [PDF], a type of server that allows companies to virtualize or segment their networks on a large scale—hence why its customers typically include large corporations, cloud providers, and internet service providers.

An academic study presented last week at the USENIX security conference has detailed several vulnerabilities in the modern financial ecosystem that can be exploited by threat actors to add stolen cards to digital wallet apps and conduct transactions with stolen funds without being detected.

The paper—titled "In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping"—is an eye-opener and wake-up call for app makers and banks that they need to improve the security of some of their underlying processes.

The study looked at the services of several major US banks (AMEX, Bank of America, Chase, Citi, Discover, US Bank, etc.) and three of today's top digital wallet providers in Apple, Google, and PayPal.

Recent improvements made to mobile banking apps and mobile operating systems are forcing threat actors to evolve their tactics with new and never-before-seen techniques.

One such example was recently uncovered in Czechia by local authorities, which called on security firm ESET to help with their investigation.

This new technique involves the cloning of a victim's NFC card data and sending it to an attacker, who then abuses it to make payments at PoS terminals or withdraw money from ATMs.