Newsletters

Microsoft says that Russian state-sponsored hackers successfully gained access to some of its internal systems and source code repositories.

The intrusions are the latest part of a security breach that began in November of last year and which Microsoft first disclosed in mid-January.

Initially, the company said hackers breached corporate email servers and stole inboxes from the company's senior leadership, legal, and cybersecurity teams.

The FBI has published its yearly Internet Crime Report [PDF], and the main takeaway from this year's edition is that Americans are really bad at spotting cryptocurrency-themed investment scams.

For the first time since the FBI started putting out its yearly report in the early 2010s, last year, Americans lost more money to crypto-investment scams than all BEC incidents combined.

Americans lost $4.57 billion to investment scams last year, of which $3.94 billion were linked to crypto schemes.

A senior Russian media figure has published a recording of German Ministry of Defence (Bundeswehr) officials discussing the implications of providing Ukraine with medium-range cruise missiles. 

The story here is not that German security is poor, but that Russia is publishing raw intelligence to sow discord in the country. 

Margarita Simonyan, editor-in-chief at RT, the Russian state-controlled TV outlet, published the 38-minute audio recording on Friday 1 March saying "comrades in uniforms" had given her the recording. 

Chinese company ACEMAGIC has confirmed that early batches of some of its new mini PC models were shipped with pre-installed malware.

Malware such as the Redline infostealer and the Bladabindi backdoor were found in the Windows OS system recovery section of its mini PCs. In some cases, malware was also found in the mini PCs' RGB lighting driver.

The infections were initially found by YouTube hardware review channel The Net Guy Reviews, later confirmed by The Gadgeteer and reconfirmed by other reviewers and some of the company's customers.

Intellexa—the holding company that sells and operates the Predator spyware—has taken servers offline after two security firms exposed the company's brand-new infrastructure.

Reports from Sekoia and Recorded Future provided details on new domains and servers used as part of the Predatory attack and delivery platform.

The reports provided insights on how and from where Intellexa customers were launching operations against their targets. It included details on suspected phishing and social engineering domains and "delivery servers" that hosted and sent the Predator spyware to devices that needed to be infected.

The White House has issued an executive order to ban the sale of Americans' personal data to hostile countries, such as China, Russia, and Iran.

The executive order directs the Department of Justice to issue regulations for the data brokerage market.

The new rules will bar data brokers from selling or transferring abroad certain types of data that are considered to be too sensitive.

This week the US Office of the National Cyber Director (ONCD) published a report calling for the adoption of memory safe programming languages. 

It's remarkable such a technical document has been published by the White House.

The report has the overarching goal of addressing what the ONCD calls in its fact sheet the "urgent need to address undiscovered vulnerabilities''. It notes that if every single known vulnerability were fixed, undiscovered vulnerabilities would still present additional risk.

The US Commerce Department has sanctioned Canadian company Sandvine for providing internet mass surveillance technology to the Egyptian government.

In a press release, US government officials said Sandvine's networking equipment was used to monitor and censor internet traffic in Egypt and target local political figures and human rights activists.

Sandvine Canada and five of its subsidiaries were added to the Commerce Department's Bureau of Industry and Security (BIS) Entity List. 

A malicious backdoor has been found inside the user interface component of the Tornado Cash cryptocurrency mixing project.

The code has been exploited in the wild to hijack assets deposited in Tornado Cash installations.

The malicious code was added to the project by one of its developers.

Google has released this week version 122 of its Chrome browser, which comes with a new security feature meant to reduce the browser's attack surface.

The feature has no catchy name but can be found in the Chrome settings section and enabled with only a few clicks.

It allows Chrome users to disable performance features for V8, the engine inside Chrome that processes JavaScript and WebAssembly code.