Newsletters

A harrowing new UN report describes how hundreds of thousands of trafficked people are forced into working in online scam operations.

These operations cover the gamut from online fraud such as romance scams and fake cryptocurrency investment schemes to illegal gambling. They take place in online scam centres known as "boiler rooms" or "pig-butchering farms".

The human toll is staggering. The report says that at least 120,000 people across Myanmar and 100,000 in Cambodia are thought to be forced to work on online scams. The report cites Myanmar's military coup, ongoing violence and breakdown in the rule of law as significant factors in the proliferation of boiler rooms in the country.

Back in June, the Chinese ambassador in Myanmar asked the country's military junta to crack down on the ever-growing number of illegal call centers operating in Myanmar's north conducting online and telecom scams targeting Chinese citizens.

Three months later, Myanmarese officials have delivered on their promise and have put high-profitable criminal operations on alert after a long string of arrests.

Six suspects were detained in June, seven last month, then two, then 24, and now 269 in the largest crackdown to date.

The German government says Chinese APTs are hijacking SOHO routers, NAS devices, and smart home automation systems to conduct cyber-espionage operations.

The hacked devices are used as a giant mesh of proxies that relay and hide the origin of the attack.

Chinese cyber-espionage groups like APT15 (Vixen Panda, Ke3chang) and APT31 (Zirconium, Judgement Panda) have been observed utilizing the tactic, according to a security advisory published by the German Federal Office for the Protection of the Constitution (BfV) last week. A Google Translate machine-translated version of the alert is here.

An anonymous researcher has sifted through the changelogs of open-source projects and obtained CVE identifiers for old bugs that experts say may not be security flaws.

All the fake CVEs were obtained on August 22nd, and all were filed for open-source projects.

According to a list compiled by Chainguard at RiskyBusiness' request, 138 CVEs were filed in projects such as cURL, PostgreSQL, Python, the Netwide Assembler, ImageMagick, and many smaller libraries.

Fears that proposed amendments to the UK's Investigatory Powers Act will prevent vendors from issuing software updates are overblown.

Early last month the UK government opened a consultation period on proposed changes to its Investigatory Powers Act (IPA), the legislation that governs law enforcement and intelligence agencies’ use of intrusive investigatory powers such as telco-mediated lawful interception.

The IPA has been in force since 2016 when it combined existing statutory powers granted to UK authorities into a single piece of legislation. It also strengthened approval and oversight processes, with use of the most intrusive powers requiring a 'double-lock' approval from a government minister and an independent judicial commissioner.

The FBI has seized server infrastructure that hosted the Qakbot botnet and mass-uninstalled the malware from infected systems.

Also known as Qbot and Pinkslipbot, the botnet has been active since 2008. It initially launched as a banking trojan but changed to operating as a "loader" in the mid-2010s, infecting systems via malspam campaigns and then selling access to infected systems to other cybercrime groups.

Over the past three years, Qakbot has served as an initial entry point for many ransomware attacks. Groups that have worked with Qakbot include the likes of Conti, ProLock, Egregor, REvil, MegaCortex, and Black Basta.

Seven malicious packages have been found and removed from Crates, the official package repository for the Rust programming language, marking the second time malware has been found on the portal. [This is the first-known incident, if anyone's curious.]

The packages were discovered by DevSecOps company Phylum, which described them as showing "the hallmarks of early preparations for a broader campaign."

All seven packages were initially published with no content and then received incremental updates over a few days with suspicious code.

In a joint Risky Business and Geopolitics Decanted feature interview, Patrick Gray and Dmitri Alperovitch spoke with Ilia Vitiuik, the Head of the Department of Cyber and Information Security of the Security Service of Ukraine (SBU) about how Ukraine has countered Russia's cyber operations.

Vitiuk described Russian cyber operations against Ukraine as a "cyber war" with destructive campaigns against Ukraine starting in 2014, eight years before the full-scale invasion. Significant destructive cyber operations he cited included NotPetya, electricity network attacks in 2015 and 2016 and a less well-known attempt to cause a train collision by interfering with a railroad control system.

Vitiuk said these incidents motivated Ukraine to improve its cyber security.

Hackers have used a zero-day vulnerability in the WinRAR file compression utility to install malware on user devices and steal funds from stock and cryptocurrency trading accounts.

The zero-day was discovered by security researchers from Group-IB, who spotted the attacks while investigating a DarkMe malware campaign.

Researchers tracked the earliest exploits to April this year.

South Korea's National Intelligence Service (NIS) has found malicious code embedded in the chips of weather-measuring instruments made in China and used by the Korean Meteorological Administration.

The malicious code was described as a "spy chip" that can eavesdrop on its surroundings and "steal information through radio frequencies," South Korean TV network Channel A reported this week.

A representative for the Korean Meteorological Administration told KBS, South Korea's national broadcaster, that the malicious code was found four months ago but didn't elaborate on how it was discovered.