Newsletters

Written content from the Risky Business Media team

Risky Bulletin: Chrome 140 comes with new hardened cookies

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Google has released version 140 of its Chrome browser this week, with support for a new security feature designed to protect server-set cookies from client-side tampering.

The new feature is a cookie prefix, a piece of text added before the names of a browser's cookie files.

Cookie prefixes are different from cookie headers and, in the words of security firm ERNW, are a lesser-known browser security feature that is rarely used by web developers.

Google Sharpens its Cyber Knife

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Google has announced it is starting a cyber "disruption unit" that will seek out opportunities to proactively disrupt threat actor campaigns. This move reflects increased industry and government appetite for more aggressive private sector approaches and also indicates a sensible incremental step towards government-endorsed private sector hacking. 

Per CyberScoop's coverage:

Google has already been involved in the court-endorsed botnet takedowns of Glupteba in 2021 and BadBox 2.0 in July. To put this in perspective, Microsoft pioneered court-ordered disruption operations way back in 2010 and has been involved in a string of takedowns since then. 

Risky Bulletin: YouTubers unmask and help dismantle giant Chinese scam ring

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Two YouTube channels named Scammer Payback and Trilogy Media played a crucial role in unmasking and identifying members of a giant scam network that stole more than $65 million from US seniors.

The US Department of Justice used videos posted by the two channels in 2020 and 2021 to identify and then track down the network. Officials arrested 25 of the 28 suspects they identified during this investigation.

The group allegedly used call centers based in India to call US seniors, posing as government officials, bank employees, and tech support agents.

Risky Bulletin: Noem fires FEMA IT team over alleged cybersecurity failures

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

DHS head Kristi Noem has fired 24 employees of the FEMA IT department, citing an alleged data breach and a string of cybersecurity failures.

The firings included FEMA CIO Charles Armstrong and FEMA CISO Gregory Edwards.

Noem claims the DHS discovered a breach of FEMA systems and stopped it before any data was stolen.

Risky Bulletin: npm attack uses AI prompts to steal creds, crypto-wallet keys

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

A novel supply chain attack has hit the users of NX, a popular developer tool used to automate and optimize CI/CD pipelines.

The incident took place on Tuesday, after a threat actor compromised the npm token for one of the NX developers, and then released malicious updates for several NX tools to the npm package repository.

The new versions contained a malicious script that:

America Wants to Hack the Planet

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

Private sector cyber operators in the United States would be allowed to hack foreign cybercrime enterprises that target American citizens and infrastructure under new legislation being proposed by US Congressman David Schweikert (R). The legislation won't pass in its current form, but we like the idea of US private sector hacking capacity being let loose in some circumstances.

The Scam Farms Marque and Reprisal Authorization Act riffs on old-time letters of marque and reprisal. These were government licenses that authorised private operators (privateers) to attack and capture sailing vessels and goods from specified foreign states. Letters of marque were last issued by the US in 1815.

Since at least 2013, cyber letters of marque have regularly been suggested as a policy response to deal with rampant cybercrime and espionage. If we can't defend ourselves, let's make ourselves feel better by hacking back!

Risky Bulletin: FCC removes 1,200 voice providers from US phone network

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

The US Federal Communications Commission has banned more than 1,200 voice service providers from the US telephone network after they failed to deploy robocall protections.

The number is almost half of the 2,411 voice providers the agency notified and ordered last year to become compliant with its new anti-robocall rules.

Voice providers had to deploy the STIR/SHAKEN protocol, provide accurate registration and ownership details, and a contact for reporting robocall abuse and issues.

Risky Bulletin: Hackers sabotage Iranian ships at sea, again

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

For the second time this year, an Iranian hacktivist group has crippled the satellite communications systems on 64 Iranian ships at sea.

The incident took place last week and impacted 39 oil tankers and 25 cargo ships operated by the National Iranian Tanker Company (NITC) and the Islamic Republic of Iran Shipping Lines (IRISL).

The hack didn't target the ships directly, but Fannava, an Iranian tech company that provides satellite communication terminals for the ships.

Risky Bulletin: A decade later, Russian hackers are still using SYNful Knock, and it's still working

Presented by

Catalin Cimpanu
Catalin Cimpanu

News Editor

Cisco and the FBI have asked "the public, private sector, and international community"—also known as "anyone willing to listen"—to patch their stupid end-of-life Cisco routers for an ancient 2018 vulnerability that's being "broadly" exploited by Russian hackers linked to the country's FSB intelligence service.

A group known as Static Tundra has been abusing a bug tracked as CVE-2018-0171 over the past year to install backdoors on old and outdated Cisco routers that are still haunting many corporate and government networks.

Static Tundra has been abusing the vulnerability ever since it was discovered back in 2018, but they expanded operations in 2022 and then again last year, as Russia's war in Ukraine has forced the FSB to ramp up intelligence collection capabilities.

When the Chips Were Down, Russian Cyber Security Picked a Side

Presented by

Tom Uren
Tom Uren

Policy & Intelligence

A new report has taken a look at how the relationships between Russian cyber security firms and their government have changed since the country's 2022 invasion of Ukraine. 

The analysis by the CNA think tank shows that when it comes to cyber security and great power competition, it pays in record-making margins for companies to choose sides.

The report thoroughly explores three Russian firms that offer different cyber security services: Kaspersky, Security Code and Positive Technologies. All three had ties to the Russian state predating the war. Unsurprisingly, these ties have strengthened.