Newsletters

Google has discovered exploits developed by commercial spyware vendors being used by Russian government espionage groups.

Per Google's Threat Analysis Group (TAG): 

TAG does not know how these attackers acquired these exploits. However, by the time attackers used them, they had been patched and were no longer 0days.

The White House has published a roadmap this week with its top recommendations for improving the security of internet routing protocols.

The document [PDF] specifically looks at ways of improving the security of the Border Gateway Protocol (BGP), the technology responsible for directing internet traffic between different networks across  all the globe.

The White House started looking into BGP security in 2022 as part of a concerted US government effort to secure internet routing and prevent foreign actors from hijacking traffic from American networks using attacks known as BGP hijacks.

The US Department of Justice has charged a Romanian and a Serbian man for a years-long swatting campaign that terrorized US citizens, including multiple senior government officials.

Officials say a 26-year-old Romanian named Thomasz Szabo was the moderator of an online chatroom called "Shenanigans," where he planned swatting and fake bomb threats since December 2020.

Szabo allegedly worked closely with a 21-year-old from Serbia named Nemanja Radovanovic.

An Iranian cyber contractor has been moonlighting as an initial access broker and providing support for ransomware gangs as a way to fill their personal coffers.

In a joint report published this week, CISA, the FBI, and the DOD's cybercrime division say that an Iranian group tracked as Pioneer Kitten (Fox Kitten, UNC757, Parisite, RUBIDIUM, Lemon Sandstorm) has created successful personas on the criminal underground where it sells access to the networks of hacked companies.

The group has operated using hacker names such as "Br0k3r" and "xplfinder" and has been observed selling access to affiliates for the AlphV, NoEscape, and RansomHouse ransomware operations.

Telegram founder and CEO Pavel Durov has been released from custody by French authorities on €5m bail and banned from leaving French territory over charges related to illegal activity on the app. 

Durov was detained last weekend after he flew into Paris-Le Bourget airport on a private jet and was bailed on Wednesday.  

Although the investigation is being framed by some as an attack on free speech, the charges centre around deliberately avoiding responsibilities to tackle illegal and abhorrent content on Telegram.

Chinese cyber-espionage group Volt Typhoon has used a zero-day in a network virtualization server to breach the infrastructure of US ISPs and managed service providers.

The attacks began in June and are still ongoing, according to internet infrastructure company Lumen.

They target Versa Director [PDF], a type of server that allows companies to virtualize or segment their networks on a large scale—hence why its customers typically include large corporations, cloud providers, and internet service providers.

An academic study presented last week at the USENIX security conference has detailed several vulnerabilities in the modern financial ecosystem that can be exploited by threat actors to add stolen cards to digital wallet apps and conduct transactions with stolen funds without being detected.

The paper—titled "In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping"—is an eye-opener and wake-up call for app makers and banks that they need to improve the security of some of their underlying processes.

The study looked at the services of several major US banks (AMEX, Bank of America, Chase, Citi, Discover, US Bank, etc.) and three of today's top digital wallet providers in Apple, Google, and PayPal.

Recent improvements made to mobile banking apps and mobile operating systems are forcing threat actors to evolve their tactics with new and never-before-seen techniques.

One such example was recently uncovered in Czechia by local authorities, which called on security firm ESET to help with their investigation.

This new technique involves the cloning of a victim's NFC card data and sending it to an attacker, who then abuses it to make payments at PoS terminals or withdraw money from ATMs.

The Australian Government plans to build a digital trust and identity infrastructure spanning the entire economy. The initiative aims to fill a real need as there is no robust way to prove your real-world identity online, despite it being a common and important requirement.  

The Minister for Government Services, Bill Shorten, announced the Trust Exchange or TEx initiative last week. The unstated/apparent hope for the TEx is that it becomes the standard for Australians to prove their identity and confirm personal attributes across government and the private sector. Part of the intent of TEx is that robust verification is done with less sharing of personal information.

"TEx would take all the hassle out of finding dozens of documents to prove who you are when you're doing things like setting up a bank account or buying a mobile phone or even trying to rent a property", Shorten said. "TEx will connect the bank or telco or real estate agent with your digital wallet and you then consent to share only the identity attributes or credentials you choose to."

After making a mess of its comms earlier this year in May, Microsoft has published a more detailed timeline about its plan to enforce multi-factor authentication for all users accessing Azure and other admin portals.

The company says that by October this year, MFA will be required to access the Azure portal, Microsoft Entra admin center, and Intune admin center.

Admins will receive emails and notifications in the Azure Service Health portal to enable MFA for their accounts or face losing access to their paid services.