Newsletters

On Monday this week, the US and UK denounced PRC cyber espionage activity that focused on interfering with democracies and their institutions, and announced sanctions and indictments. 

The US Department of Justice (DoJ) indicted seven Chinese nationals it said were linked to the APT31 hacking group. The DoJ's indictment said the named individuals had been involved in cyber espionage campaigns on behalf of the Hubei province arm of the PRC's Ministry of State Security (MSS) since 2010. 

The governments of Australia, New Zealand, the UK, the US, and the EU have called out China again over its broad, clumsy, and sometimes illegal hacking campaigns.

The push behind this latest round of diplomacy finger-pointing came from the UK and US, the two countries that appear to have seen the brunt of these campaigns.

Western officials are miffed—and deservedly so—about China's targeting and attempts to meddle in their democratic and election processes.

The EU Parliament has passed new anti-money laundering legislation that bans anonymous cryptocurrency payments.

The legislation applies to payments made through online service providers, also known as hosted wallets. It also applies to platforms that exchange virtual for regular fiat currency. It does not apply to owners of hardware and self-hosted wallets.

The new rules come to complement the EU's MiCA (Markets in Crypto-Assets) framework, which passed last year and is scheduled to go into effect on December 30, 2024.

The US government has sanctioned two Russian nationals and their respective companies for running years-long Russian disinformation campaigns across Latin America.

The US Treasury Department has levied sanctions against Ilya Andreevich Gambashidze, the founder of the Moscow-based company Social Design Agency (SDA), and Nikolai Aleksandrovich Tupikin, the CEO of Russian company Structura.

The sanctions come six months after a State Department report identified the two and their companies as the central pieces in Russia's disinformation effort across Latin America.

Tom Uren is on leave this week so Risky Business publisher Patrick Gray wrote this week's edition.

Good security happens when the incentives are right. Sometimes that's because a company is operating under a strict compliance regime, or it has customers that really, really care about security, or it's in a frequently attacked vertical like banking. 

Academics have discovered a new variation of the network loop attack that can crash servers by putting them in an infinite loop of data exchange.

The new attack is named Loop DoS and was discovered by Yepeng Pan and Professor Dr. Christian Rossow from the CISPA German research institute.

It is a variation of classic network loops but one that takes place at the application layer instead of the network routing level.

Microsoft has developed a new security protection for its Edge web browser.

The new feature—which has no official name—aims to stop sandbox escape attacks.

In a super simplified explanation—the new protection works by crashing the JavaScript rendering process when an attacker tries to escape the sandbox (where a website's code is executed) and then pivot to a more high-privileged internal browser component.

For more than a month, staff at the US National Institute of Standards and Technology (NIST) has stopped enriching CVE vulnerability data added to the National Vulnerability Database (NVD).

More than 2,100 CVE entries have been published without crucial metadata information—a process called "enrichment."

Enrichment data is crucial to anyone viewing the NVD. It provides basic details such as the name of software products impacted by the CVE, the vulnerability's CVSS severity scores, CVE and CWE data, a basic description of the bug, and patching status.

The Russian Foreign Intelligence Service (SVR)-linked group that initially breached Microsoft in November is still accessing the vendor’s systems. 

Microsoft originally disclosed the breach in late January and attributed it to a group it calls Midnight Blizzard, which has been linked to Russia's SVR by the US and UK governments. 

Last Friday, Microsoft announced in a blog post and SEC filing that Midnight Blizzard was continuing to gain access to Microsoft systems including "some of the company’s source code repositories and internal systems". Microsoft writes:

The Tor Project has launched this week a new anti-censorship tool named WebTunnel.

WebTunnel is a new type of Tor bridge, a type of secret server that are not listed in Tor's public directory. 

Because they are not public, Tor bridges are typically used in oppressive countries to allow users to connect to the Tor network.