Newsletters

The Tor Project has removed an estimated 1,000 relay servers from its network, citing their involvement with a for-profit cryptocurrency scheme.

The scheme allegedly promised cryptocurrency tokens for users who set up and ran Tor relays.

In a blog post on Monday, Tor admins said they removed participating servers to protect the integrity and reputation of their project. The removal was subject to a community vote that passed last week.

Turkish security researcher Yunus Çadirci has discovered vulnerabilities in the DIAL protocol and misconfigurations in vendor equipment that can be used to force TVs and other capable devices into forcibly playing an attacker's video content.

The vulnerabilities have been collectively named DIALStranger, and details about the flaws were disclosed for the first time at the Black Hat Middle East and Africa security conference last week.

The DIALStranger flaws were discovered way back in 2019, but Çadirci kept the original report private for four years as the protocol received patches and vendors slowly updated devices.

The US Federal Communications Commission (FCC) has adopted new rules designed to protect US consumers from SIM-swapping attacks and port-out scams.

Under the new rules, US wireless providers are required to use "secure methods of authenticating a customer" when they request porting a SIM card to a new device (aka SIM swapping) or their phone number to a new carrier (aka port-out).

The Commission did not specify what the "secure methods" should be, and it appears the agency is leaving this up to each of the US carriers and their own internal procedures.

Ransomware criminals continue to make hay despite increased government efforts worldwide to clamp down on the ecosystem. What's next?

Last week, the US financial services division of China's biggest bank, the state-owned Industrial and Commercial Bank of China (ICBC), was hit by ransomware that reportedly affected trading in US Treasuries. According to The Financial Times, "the attack prevented ICBC from settling Treasury trades on behalf of other market participants" and that "with its systems compromised, ICBC Financial Services proposed sending a USB stick with trading data to BNY Mellon to help it settle trades". I mean, this is very serious, but lol.

This left ICBC's US unit owing BNY Mellon USD$9bn for unsettled trades, with the subsidiary requiring a capital injection from its parent company to pay the debt. Yikes.

Russian state-sponsored hackers have breached at least 22 Danish companies operating in the country's energy sector.

Denmark's CERT team for the critical infrastructure sector (SektorCERT) described the intrusions as the largest cyber-attack in the country's history.

In a report [Danish PDF, machine-translated English file] published over the weekend, SektorCERT tentatively attributed the attacks to Sandworm, a cyber unit inside Russia's military intelligence service GRU.

Malaysian police have dismantled Phishing-as-a-Service provider BulletProftLink and have detained eight suspects, including the platform's main administrator.

The service launched in 2015 and grew to become one of the largest on-demand phishing platforms known to date.

It operated like your regular SaaS platform—but for email phishing gangs. For a $2,000 monthly fee, the service would provide hosting for phishing sites and access to phishing kits, email templates, and tutorials.

The infamous Clop ransomware gang is exploiting a zero-day vulnerability in on-prem SysAid IT automation servers.

The attacks were discovered last week by SysAid's security team, and the company released a software update to patch the exploited bug.

Tracked as CVE-2023-47246, SysAid's team described the zero-day as a "path traversal vulnerability leading to code execution."

Last week, Microsoft announced a “Secure Future Initiative" to improve its ability to cope with increasingly sophisticated cyber security threats.

This reminds us of Microsoft's last security epiphany, the Trustworthy Computing initiative, launched in 2002. Unfortunately, compared to the clarity, focus and commitment of the Trustworthy Computing initiative, this announcement is disappointing.

In a post describing the Secure Future Initiative, Microsoft President and Vice Chair Brad Smith wrote that the new initiative was required because of the "increasing speed, scale and sophistication of cyberattacks".

Chinese state-sponsored hacking operations have undergone a major shift in recent years, with groups growing in sophistication and abandoning noisy and high-volume campaigns for stealthy and extremely targeted attacks.

If you read APT reports for a living—like this newsletter's author—then nothing in the above sentence is new to you.

Over the past two or three years, there have been numerous reports across the infosec industry about how Chinese APT group "XX" or how Chinese APT group "YY" has changed their modus operandi.

The US Treasury has sanctioned a Russian businesswoman named Ekaterina Zhdanova for helping Russian oligarchs and cybercrime gangs evade sanctions and launder stolen cryptocurrency.

Officials say Zhdanova worked as an intermediary in order to obfuscate the real nature of various illegal transactions.

She disguised operations using traditional businesses operating overseas but also used accounts at cryptocurrency platforms that did not enforce anti-money laundering (AML/CFT) controls.