Newsletters

Cybersecurity firm Sophos' counterintelligence efforts against malicious actors targeting its firewall products will set new standards for acceptable and desirable behaviour from vendors.

Last week, Sophos released details of an evolving, five-year effort to counter China-based groups targeting its firewalls. The report details the cut and thrust between Sophos and a loose collection of Chinese hacking groups, and how each responded and adapted to the others' actions. 

The saga started in 2018 with the compromise of a computer driving a wall-mounted display at Cyberoam, an Indian subsidiary of Sophos. This breach appeared mundane, but pulling on the string revealed that the actor had compromised other machines on Cyberoam's network with a sophisticated rootkit. Wired reports that "in retrospect, the company believes that initial intrusion was designed to gain intelligence about Sophos products that would enable follow-on attacks on its customers". 

Microsoft will add a new security system to Windows 11 that will protect admin accounts when they perform highly privileged and sensitive actions.

Named "Admin Protection," the system is currently being tested in Windows 11 canary builds.

The new feature works by taking all the elevated privileges an admin needs and putting them into a separate super admin account that's—most of the time—disabled and locked away inside the core of the operating system.

Something is rotten in the state of Cambodia, according to an increasing number of reports that cyber scam compound operators are now receiving protection from local police and government officials.

The perfect example of this new reality is the incident surrounding the recent "arrests" at Mango Park, a cyber scam compound in the country's Kampong Speu province.

A report from South Korean national television KBS presented the story of a South Korean who was duped by the promise of a high-paying job to travel to Cambodia, where he was held against and forced to work on online scams at Mango Park. He was freed after his family paid a ransom, and once back home, he shared with reporters how local police had protected the scam compound when he tried to complain.

DHL tracking system hack: A cyberattack has disrupted a package tracking tool used by German logistics giant DHL. DHL has confirmed the incident and says it's working with the tracking tool's developer to restore systems. According to a report from Better Retailing, the tool was developed by British company Microlise.

Interbank security breach: Peru's fourth-largest bank has confirmed that a threat actor managed to steal data on some of its customers from a third-party company. The admission comes after Interbank suffered a technical glitch earlier this week and after its customer data was flaunted on hacking forums shortly after. The bank is believed to have between 2 and 3 million customers. [Additional coverage in Infobae America]

Colorado election system password leaks: The Colorado Department of State has accidentally posted a document online that contained the partial passwords for the state's voting machines. Officials have since removed the document and changed passwords. They also notified CISA and said the incident won't affect next week's election. [Additional coverage in StateScoop]

Law enforcement agencies from multiple countries have disrupted the operations of the Redline and META infostealers.

The takedown took place on Monday as part of what authorities called Operation Magnus.

Officials seized three servers in the Netherlands, took control of two domain names, and arrested two other suspects in Belgium.

Russian authorities have sentenced four members of the REvil ransomware gang to prison on hacking and money laundering charges.

The sentence was announced last week by a St. Petersburg military court in a case that has taken more than two years to unfold.

Artem Zayets was sentenced to 4.5 years, Alexey Malozemov to five years, Daniil Puzyrevsky to 5.5 years, and Ruslan Khansvyarov to six years in a general regime penal colony.

The US government is offering a $10 million reward for information on four members of an Iranian hacking group named Shahid Hemmat.

The group allegedly "works" for Iran's Islamic Revolutionary Guard Corps Cyber-Electronic Command (IRGC-CEC), an agency inside the Iranian armed forces that specializes in cyber operations.

US officials say the four—Manuchehr Akbari, Amir Hosein Hoseini, Mohammad Hosein Moradi, and Mohammad Reza Rafatinezhad—conducted cyber and intelligence operations that targeted US critical infrastructure.

The EU and US are taking very different approaches to the introduction of liability for software products. While the US kicks the can down the road, the EU is rolling a hand grenade down it to see what happens. 

Under the status quo, the software industry is extensively protected from liability for defects or issues and this results in systemic underinvestment in product security. Authorities believe that by making software companies liable for damages when they peddle crapware, those companies will be motivated to improve product security. 

Introducing software liability is a big idea of the Biden administration's 2023 Cyber Security Strategy. Per the strategy:

Apple has put forward a proposal to gradually reduce the lifespan of TLS certificates from the current 398 days to only 45.

The planned move will take place across four phases between September next year and April 2027.

TLS lifespan will be reduced to 200 days in September 2025, to 100 in September 2026, and just 45 in April 2027.

The European Union has updated its product liability law to cover software and associated risks, like security flaws and planned obsolescence.

The new EU Directive on Liability for Defective Products [PDF] replaces one of the EU's oldest directives and will provide consumers with the legal tools to hold companies liable in court if they sell defective products.

The biggest change to the old directive is the addition of software products to the list of covered goods.