Newsletters

Both the clear web and dark web versions of BreachForums went down on Monday, and it was initially believed the downtime was most likely caused by Baphomet's attempts to move the site to new servers.

This was, however, not the case. In a follow-up message posted on Tuesday, Baphomet said BreachForums would shut down for good because the site "is not safe anymore."

Baphomet says that while migrating the site, they found evidence that "the glowies" (aka government agents) gained access to Pompompurin's machine and had accessed some CDN servers that were part of the BreachForums backend.

GitHub stars black market: DevOps company Dagster has a deep dive into how to spot projects that have bought GitHub stars off the black market.

Safe npm: DevOps company Socket has released what it calls "safe npm," a security wrapper for the npm package manager utility that pauses installations whenever it detects a malicious or risky package.

NordVPN goes FOSS: NordVPN has open-sourced its Linux VPN client, Libtelio, a networking library used across NordVPN apps, and Libdrop, a library used to share files over Meshnet.

ChipMixer: US and European law enforcement authorities have taken down ChipMixer, a dark web-based cryptocurrency mixing service. Officials say the portal launched in 2017 and has helped criminal groups launder more than $3 billion worth of assets. As part of the operation, officials took control of servers in Germany, seized Bitcoin worth €44 million, and charged the service's owner, Minh Quốc Nguyễn, a 49-year-old man from Hanoi, Vietnam. Below are some of the funds ChipMixer processed through the years, per the US DOJ:

ViLE members charged: The US government has charged two members of the ViLE hacking crew that broke in May 2022 into a law enforcement portal operated by the US Drug Enforcement Administration (DEA). US officials say that Sagar Steven Singh, who went online as Weep, and Nicholas Ceraolo, known as Convict, used the stolen passwords of US and foreign police officers to access the portal. The duo collected personal data and extorted victims for money, threatening to release their personal information on the internet. In addition, US officials say Singh and Ceraolo also used the portal to file fake emergency requests with US tech companies in order to deanonymize online accounts and identify future extortion victims. According to KrebsOnSecurity, doxes would typically be posted on Doxbin, a doxing site where both suspects were allegedly staff members. US authorities arrested Singh this week while Ceraolo remains at large.

NFT hackers on the hook: A Florida judge has ruled in favor of a plaintiff who had their NFTs stolen by hackers in December 2021. The judge ruled that the unidentified hackers must pay the plaintiff $971,291 worth of USDT (Tether), plus interest, for the NFT assets they stole. The case marks the first instance where a judge issues a default judgement against NFT hackers, giving victims the means to recover stolen funds once the hackers are identified. [Read more in Decrypt]

Last week a bipartisan group of US senators unveiled the RESTRICT Act, legislation designed to give the executive branch new powers to deal with the threats posed by technology from six "foreign adversaries" — China, Russia, Iran, North Korea, Cuba and Venezuela. This legislation has broad bi-partisan support, with a dozen senators across both the Democratic and Republican parties supporting it.

In a press conference announcing the legislation one of the bill's chief sponsors, Senator Mark Warner, cited Kaspersky anti-virus, Huawei and now TikTok as evidence of the ongoing problems posed by foreign technologies. Warner described current tools to deal with these kinds of threats as "limited", adding that the US "lack[s], at this moment in time, a holistic, interagency, whole-of-government approach".

The RESTRICT Act is intended to fix that by directing the Department of Commerce to establish processes to identify and mitigate risks posed by foreign interests in information and communications technology products. The Act doesn't require any particular response to a threat, but instead gives the Secretary of Commerce new powers to deal with them. Warner described these as a "series of mitigation tools… up to and including the opportunity to ban [a firm]".

Kali Linux Purple edition: The Kali Linux project has released Kali Purple, a version of the Kali Linux operating system that includes features and toolkits typically used by defensive security teams, also known as blue or purple teams. More than 100 defensive tools are included with the new Kali Purple distro, such as Elasticsearch SIEM, CyberChef, Suricata IDS, and more.

New UK National Protective Security Authority: The UK government has announced this week the creation of a new security agency. Named the National Protective Security Authority (NPSA), the agency will be tasked with helping UK businesses combat national security threats, such as state-sponsored attempts to steal their research and sensitive information. According to the UK government, the new NPSA will absorb the responsibilities of the Centre for the Protection of National Infrastructure, will operate under the MI5, and collaborate with the National Cyber Security Centre and the National Counter Terrorism Security Office.

Russian to build GitHub alternative: The Russian Ministry of Digital Development wants to use a reserve it created 16 years ago to fund a Russian source code hosting platform. To build its GitHub-like clone, the Russian government has chosen ANO Open Source, a non-profit organization that counts VKontakte, Rostelecom, and the Innopolis University as its founders. The total investment is 1.3 billion rubles ($17.2 million). The Chinese government took a similar approach, and most Chinese developers today are storing their code on a platform named Gitee. [More in Vedomosti]

But things get interesting when we break down the numbers per category. While BEC ($2.7 billion) lost the top spot to investment fraud ($3.3 billion), both crime types combined accounted for more than half of the losses reported last year.

Furthermore, both BEC and investment fraud were also the only crime types that had losses in the realm of "billions," while everything else was in the millions mark.

For industry analysts, the shake-up at the top of the FBI IC3 report was surprising but not a total shock.

LSA protection coming to Windows 11: Microsoft plans to add an option to protect the Local Security Authority (LSA) user login service from attacks that may dump its memory and allow malicious apps to steal secrets and credentials. The LSA protection feature will be added to Windows 11 Canary builds before being rolled out broadly to the Windows 11 userbase.

Google discontinues Chrome Cleanup Tool: Google has discontinued the Chrome Cleanup Tool, an application that was pre-installed inside the Chrome browser on Windows. The app worked by scanning for any unexpected changes to Chrome settings and could remove unwanted software that was installed via Chrome. Google says the app, which it initially rolled out in 2015, had played its role and that in recent months it was detecting an increasingly smaller number of threats with each scan. The browser maker says that with Chrome v111, released last week, users won't be able to request new scans and cleanups, and they plan to gradually disable and remove the utility from user browsers.

Google and Meta sue SK's privacy agency: Google and Meta have sued South Korea's privacy watchdog (the Personal Information Protection Commission) after the agency imposed massive fines against both companies last year. PIPC imposed a 69 billion won ($52 million) fine on Google and a 31 billion won ($23 million) fine on Meta for breaking the country's privacy laws by not obtaining lawful consent from users and tracking their online activity for advertising purposes. In lawsuits filed last month, the two companies are now arguing that website operators should be responsible for obtaining user consent and not their platforms, which only receive and aggregate this data. [More in local media]

The White House released its Cyber Security Strategy last week and — by and large — it looks pretty decent.

The strategy divides activities into five different "pillars":

Some of these pillars, such as "Defend Critical Infrastructure" and "Invest in a Resilient Future", are ones you'd expect in any cyber security strategy, but there are some genuinely new ideas here.

Acer confirms hack: Taiwanese hardware vendor Acer has confirmed a security breach after a hacker began selling more than 160GB of data they stole from one of the company's servers. According to the seller, an individual going by the name of Kernelware, the stolen data includes details about the Acer BIOS, confidential presentations, product documentation, ROM, and other binary files. Acer says the files originated from a server for repair technicians.

Facebook's LLaMA leak: LLaMA (Large Language Model Meta AI), a collection of large language models developed internally at Meta, was leaked on 4chan last week, marking the first time when a major tech company's proprietary AI model has leaked in full. Prior to the leak, Meta, Facebook's parent company, had provided access to the LLaMA model to select researchers from the AI community. While the leaker hid their identity using the "llamanon" 4chan username, AnalyticsIndiaMag notes that the LLaMA torrent file contained a unique identifier that would, theoretically, allow Meta to track down who received and leaked the files. Motherboard reported that Meta did not deny or confirm the leak, nor has it taken any steps to have the torrent removed.

LaunchZone crypto-heist: The LaunchZone cryptocurrency portal announced this week a compensation plan for users who lost funds in a hack that took place at the end of February. At the time, the company lost $700,000 following an exploit against one of its contracts that drained around 80% of the funds from its liquidity pools.

In this Risky Business demo, Tines CEO and co-founder Eoin Hinchy demonstrates the Tines no-code automation platform to host Patrick Gray.

Australia's critical infrastructure plan: Australia's Cyber and Infrastructure Security Centre (CISC) has published its Critical Infrastructure Resilience Strategy and Plan, a guide to help secure Australia's critical infrastructure interests from 2023 to 2028.

Australia and UK sign spam cooperation memorandum: Australia and the UK's privacy watchdogs have signed a joint memorandum of understanding to coordinate their efforts against nuisance calls and spam messaging.