Newsletters

Russian espionage, disruption, disinformation and real-world interference in Europe is ramping up in the lead up to European Union elections and the Paris Olympics.

Juhan Lepassaar, the head of the EU's cyber security agency ENISA, last week told The Associated Press disruptive attacks against European infrastructure had doubled in recent months. 

"This is part of the Russian war of aggression, which they fight physically in Ukraine, but digitally also across Europe," Lepassaar said. 

The Linux Kernel project was made an official CVE Numbering Authority (CNA) with exclusive rights to issue CVE identifiers for the Linux kernal in February this year.

While initially this looked like good news, almost three months later, this has turned into a complete and utter disaster.

Over the past months, the Linux Kernel team has issued thousands of CVE identifiers, with the vast majority being for trivial bug fixes and not just security flaws.

Cloud data platform Snowflake is dealing with a cybersecurity incident that is the perfect example of why every major *-as-a-platform company should be enforcing multi-factor authentication (MFA) by default for all their customer accounts.

The company began investigating a possible security breach after threat actors bragged on cybercrime forums about using access to its platform to scrape, collect, and then sell data from two major companies—Santander Bank and Ticketmaster.

An initial report from a cybersecurity vendor floated the idea that the threat actors may have gained access to a Snowflake employee's account and then pivoted to customer infrastructure.

A coalition of law enforcement agencies orchestrated the largest cybercrime takedown to date and seized servers and domains used by six of the world's largest malware botnets.

Named Operation Endgame, the takedown specifically targeted the botnets of "malware loaders," a type of malware that infects systems and then rents access to other cybercrime groups.

Europol says the coalition specifically targeted these botnets because of their role in helping deploy ransomware as part of their "host rental" business model.

TikTok has released a report covering covert influence operations on its platform, but this will do precisely nothing to allay fears the video sharing application is insulated from PRC influence.

TikTok's report described influence campaigns it had detected and disrupted from January through April this year. The 15 campaigns spanned 3,000 accounts and reached millions of followers. A domestically targeted pro-Ukrainian campaign reached 2.6 million followers and a domestically-aimed Iraqi campaign nearly 500,000, but the rest of the campaigns reached a relatively small number of followers. The report even called out a Chinese campaign that targeted a US audience with positive narratives about Chinese policy and culture.

Courts in three countries have now ruled that incident response and forensic reports are not protected legal documents and must be made available in other court cases or to authorities on request.

Legal precedents now exist in Australia, Canada, and the US.

In Australia, the precedent was in a class-action lawsuit related to the Optus September 2022 data breach. Optus argued that an incident response report it ordered from Deloitte was protected by client-attorney legal professional privilege. A federal court rejected the company's claim last November, and the company lost the appeal this week.

Google is removing GlobalTrust TLS certificates from the Chrome browser's certificate root store.

The ban will apply to any new certificate issued by GlobalTrust after June 30 this year.

Chrome will continue to trust older/existing GlobalTrust certificates, and websites using them will work as before.

Cybersecurity researchers from Rapid7 and S2W have found a backdoor trojan inside a popular app used for recording courtroom and jury meetings.

The malware was found in the installer for JAVS Viewer, version 8.3.7, an app from Justice AV Solutions that allows customers to play back older recordings.

JAVS customers who downloaded the official installer from the company's website between April 1 and mid-May are likely infected with a version of the GateDoor backdoor.

The Record this week reports the UK government will propose a range of strong counter-ransomware measures, including mandatory reporting of all ransomware attacks, a licensing regime for payments and a ransom payment ban for organisations involved in critical national infrastructure.

Multiple sources told The Record these proposals will be published in a public consultation next month. This may lead to new laws, but it is unlikely that they will arrive any time soon.

Despite recent law enforcement success against the LockBit ransomware gang, ransomware crime still causes extensive harm (see Change Healthcare in the US, for example). Governments still need to keep pulling levers to try to reduce the impact of these events. 

A team of academics from Tsinghua University in Beijing, China has discovered a new method of launching large-scale DDoS attacks using DNS traffic.

The new attack is named DNSBomb, and is a variation of a 2003 paper that described a DDoS attack technique using TCP pulses.

DNSBomb takes the same concept but re-implements it using DNS software and modern-day DNS server infrastructure, such as recursive resolvers and authoritative nameservers.