Newsletters

An Iranian cyber contractor has been moonlighting as an initial access broker and providing support for ransomware gangs as a way to fill their personal coffers.

In a joint report published this week, CISA, the FBI, and the DOD's cybercrime division say that an Iranian group tracked as Pioneer Kitten (Fox Kitten, UNC757, Parisite, RUBIDIUM, Lemon Sandstorm) has created successful personas on the criminal underground where it sells access to the networks of hacked companies.

The group has operated using hacker names such as "Br0k3r" and "xplfinder" and has been observed selling access to affiliates for the AlphV, NoEscape, and RansomHouse ransomware operations.

Telegram founder and CEO Pavel Durov has been released from custody by French authorities on €5m bail and banned from leaving French territory over charges related to illegal activity on the app. 

Durov was detained last weekend after he flew into Paris-Le Bourget airport on a private jet and was bailed on Wednesday.  

Although the investigation is being framed by some as an attack on free speech, the charges centre around deliberately avoiding responsibilities to tackle illegal and abhorrent content on Telegram.

Chinese cyber-espionage group Volt Typhoon has used a zero-day in a network virtualization server to breach the infrastructure of US ISPs and managed service providers.

The attacks began in June and are still ongoing, according to internet infrastructure company Lumen.

They target Versa Director [PDF], a type of server that allows companies to virtualize or segment their networks on a large scale—hence why its customers typically include large corporations, cloud providers, and internet service providers.

An academic study presented last week at the USENIX security conference has detailed several vulnerabilities in the modern financial ecosystem that can be exploited by threat actors to add stolen cards to digital wallet apps and conduct transactions with stolen funds without being detected.

The paper—titled "In Wallet We Trust: Bypassing the Digital Wallets Payment Security for Free Shopping"—is an eye-opener and wake-up call for app makers and banks that they need to improve the security of some of their underlying processes.

The study looked at the services of several major US banks (AMEX, Bank of America, Chase, Citi, Discover, US Bank, etc.) and three of today's top digital wallet providers in Apple, Google, and PayPal.

Recent improvements made to mobile banking apps and mobile operating systems are forcing threat actors to evolve their tactics with new and never-before-seen techniques.

One such example was recently uncovered in Czechia by local authorities, which called on security firm ESET to help with their investigation.

This new technique involves the cloning of a victim's NFC card data and sending it to an attacker, who then abuses it to make payments at PoS terminals or withdraw money from ATMs.

The Australian Government plans to build a digital trust and identity infrastructure spanning the entire economy. The initiative aims to fill a real need as there is no robust way to prove your real-world identity online, despite it being a common and important requirement.  

The Minister for Government Services, Bill Shorten, announced the Trust Exchange or TEx initiative last week. The unstated/apparent hope for the TEx is that it becomes the standard for Australians to prove their identity and confirm personal attributes across government and the private sector. Part of the intent of TEx is that robust verification is done with less sharing of personal information.

"TEx would take all the hassle out of finding dozens of documents to prove who you are when you're doing things like setting up a bank account or buying a mobile phone or even trying to rent a property", Shorten said. "TEx will connect the bank or telco or real estate agent with your digital wallet and you then consent to share only the identity attributes or credentials you choose to."

After making a mess of its comms earlier this year in May, Microsoft has published a more detailed timeline about its plan to enforce multi-factor authentication for all users accessing Azure and other admin portals.

The company says that by October this year, MFA will be required to access the Azure portal, Microsoft Entra admin center, and Intune admin center.

Admins will receive emails and notifications in the Azure Service Health portal to enable MFA for their accounts or face losing access to their paid services.

A security researcher has discovered secret hardware backdoors in RFID key cards manufactured by a major Chinese company.

The backdoors can allow threat actors to clone affected smart cards within minutes and access secure areas.

They impact smart cards manufactured by Chinese company Shanghai Fudan Microelectronics that were built using MIFARE Classic chips from NXP.

A threat actor is hacking and extorting companies that have misconfigured their cloud server infrastructure.

The data extortion campaign has been taking place since earlier this year and involves a large-scale scan of the internet for companies that have exposed their environment variable files.

Also known as .ENV, these files act as a centralized location for storing configuration data by multiple software solutions.

In sharp contrast to events during the 2016 US presidential election campaign, an apparent hack and leak operation targeting the Trump campaign is being treated responsibly by America’s mainstream media. 

For us, 'responsible' behaviour means verifying the documents, assessing the material's newsworthiness, and giving readers context of the potential operation.    

On Saturday, after being approached by news outlet Politico with leaked documents, the Trump campaign claimed it had been hacked in an attempt to interfere with the 2024 election.