Newsletters

New clues discovered by threat intelligence analysts suggest that the Lockbit ransomware group may be having technical difficulties, which have contributed to the operation losing some of its top affiliates over the past months.

According to a report published by Analyst1's Jon DiMaggio, the Lockbit gang is having problems publishing and leaking victim data on its dark web leak site.

The gang has run out of server storage, DiMaggio says. It often claims that a victim's files have been published, but the files can't be downloaded.

The DHS Cyber Safety Review Board (CSRB) has picked up the unenviable task of investigating the security practices of US cloud service providers and plans to use the recent breach of Microsoft email systems as the figurehead of an upcoming report.

The CSRB may have couched its press release as a generic investigation of cloud security providers, but it is, without a doubt, an investigation into Microsoft's carelessness when it comes to its cloud infrastructure, which underpins a vast section of the US government's IT systems.

The CSRB investigation was announced two weeks after Sen. Ron Wyden asked the DHS—together with the FTC and DOJ—to investigate Microsoft's "lax cybersecurity practices" that led to the breach in the first place.

Russian internet users are reporting that VPN clients using the OpenVPN and WireGuard protocols have stopped working as of this week.

The unofficial ban has been reported primarily by users of Russian mobile internet operators, such as Beeline, Megafon, MTS, Tele2, Tinkoff, and Yota.

OpenVPN and WireGuard traffic does not appear to be blocked on landline connections and especially on business accounts, where they're most likely to be used by the few foreign companies still doing business in Russia.

The Russian government wants to protect its intelligence and law enforcement officials from journalists, activists and foreign intelligence agencies by giving itself the power to change personal information in the systems of local data operators.

This is shutting the gate after the horse has bolted, but we can see why they want to try.

Our colleague Catalin Cimpanu reported on the draft legislation in Risky Business News on August 7:

The US Department of Homeland Security has linked a Twitter disinformation campaign to a media organization managed by the municipal government of Chongqing, China's fourth largest city.

The US government says that the Chongqing International Communications Center (CICC) is behind a network of more than 800 Twitter accounts that consistently published anti-US and pro-PRC content.

The DHS says it tracked this network under the name of SPICYPANDA, and it believes it's part of a larger Chinese-backed disinformation effort tracked as DRAGONBRIDGE, or Operation Spamouflage.

The Russian government has submitted a bill to the Duma (the Russian Parliament) that would grant the military, law enforcement, and intelligence agencies the power to edit, anonymize, or delete the personal data of certain groups of people—presumably their own employees.

At first reading, the proposed law appears to allow these agencies to freely edit the personal information of their own employees in order to protect their identities or hide deep cover agents.

As TASS reports, the draft law allows the Russian president to place certain groups of individuals into a special category, for which special rules will be in place when processing their personal data by local data operators.

Amit Yoran, the CEO of vulnerability management platform Tenable, has accused Microsoft of being grossly irresponsible and blatantly negligent when it comes to addressing security flaws in its Azure cloud platform.

Yoran's scathing criticism is in relation to a security flaw a Tenable researcher found in the Azure platform that could have allowed unauthenticated attackers to access cross-tenant applications and grab any Azure customer's data.

The Tenable CEO says they notified Microsoft of the issue, but the company dealt with what appears to be a catastrophic vulnerability in the most unprofessional manner possible.

Microsoft's lacklustre cloud product security is finally biting it on its ass. In a strongly worded open letter to key US government agency heads, Senator Ron Wyden, a member of the Senate's Intelligence Committee, asked them to investigate what he called "negligent cybersecurity practices" by Microsoft that enabled a recent hack of the company's cloud services by a hostile actor, likely from the PRC.

Wyden's letter requests action on the issue from several different US government agencies, including the Federal Trade Commission (FTC), the Department of Justice and the Cybersecurity and Infrastructure Security Agency (CISA).

He asked the FTC to investigate whether Microsoft's security practices violated a prior consent decree and its regulations, and the Department of Justice to explore whether Microsoft had violated federal contracting laws through negligent security practices.

The Russian government passed last week a series of laws aimed at cracking down on the use of foreign IT services inside Russia and driving citizens to Russian alternatives where it can easily exert pressure through its state apparatus.

Law amendments have been passed to limit the use of foreign web hosting providers, foreign email services, and foreign news aggregators.

In addition, the government also passed a generic law banning Russian citizens from participating in the activities of foreign non-profit organizations, which theoretically criminalizes participation in foreign open-source projects.

The European Union has sanctioned the operators of a Russian disinformation network known as "RRN" (Recent Reliable News) for spreading fake news and propaganda about Russia's invasion of Ukraine.

The EU says Russian government bodies participated in creating, running, and disseminating RNN's fakes on social media.

Five organizations and seven individuals managing them, including GRU agents, were added to the EU's sanctions list.