Newsletters

A threat actor has used a zero-day vulnerability in the Lemmy platform to hack and deface multiple Lemmy instances over the weekend.

If the name sounds familiar, Lemmy is to Reddit what Mastodon is to Twitter. It is an open-source news aggregation and discussion forum modeled after the Reddit platform. Lemmy-based websites are where many Reddit communities have moved in the aftermath of the recent Reddit API controversy and site-wide protests.

On the night between Sunday to Monday, an attacker used a cross-site scripting (XSS) vulnerability to inject malicious code into the websites of some Lemmy-based communities.

A Citizen Lab analysis of Chinese social networking app WeChat has entirely missed the point by over indexing on the app’s privacy policy. WeChat is a ubiquitous, surveillance-friendly application that provides the PRC with unfettered access to its users' messages. Fiddling with its privacy policy won't fix that.

WeChat's domestic Chinese version, WeiXin, is what is known as a "super-app". Primarily a messaging app, it also serves as a major financial transaction platform and can run "Mini Programs", WeChat's equivalent of apps from an app store. These Mini Programs cover the entire spectrum from ecommerce, health, gaming, and also include government service apps such as COVID-19 contact tracing apps that were compulsory during the pandemic.

WeChat's international version isn't so all-encompassing, but it does contain many similar features. Tencent, the company behind WeChat, separates the international (WeChat) and domestic version of the app (Weixin) into two "services" run by separate subsidiaries in Singapore and Shenzhen respectively. WeChat considers the mainland Chinese version, Weixin, to be a "third party". So, funnily enough, it has a completely different privacy policy.

Microsoft has revoked more than 100 malicious drivers that received valid signatures via the company's Windows Hardware Compatibility Program (WHCP).

The malicious drivers were added to the company's driver revocation list and will be blocked from running on Windows systems going forward.

Microsoft credited security firms Sophos, Cisco Talos, and Trend Micro for discovering the malicious drivers and how they were being submitted to its developer portal.

Roughly $126 million worth of crypto-assets have been mysteriously transferred from the accounts of cryptocurrency platform Multichain in an apparent hack, according to blockchain security firms PeckShield, SlowMist, Lookonchain, and CertiK.

The incident took place on Friday, June 7.

Multichain—which is a platform that interconnects different blockchain platforms and allows users to exchange tokens—has shut down to investigate the incident.

Cybersecurity agencies from the US and Canada have issued a joint security alert and are warning about malicious campaigns spreading new versions of the Truebot malware.

First spotted way back in 2017, Truebot is a malware downloader that was created and is operated by Silence, a financially motivated cybercrime crew. It is typically used as an initial infection point through which second-stage payloads are delivered on compromised hosts.

According to US and Canadian officials, new versions of the Truebot malware are currently being distributed through phishing campaigns containing malicious redirect hyperlinks.

Authorities in Kazakhstan have detained Nikita Kislitsin, a Russian cyber security executive, following an international arrest warrant issued by the United States.

This newsletter's sister publication, Risky Business News, described how this has triggered a "diplomatic tug-of-war" between the US and Russia, because Russian authorities are now also seeking to extradite Kislitsin.

The US government alleges Kislitsin stole and sold information, including logins from former social media site Formspring. Kitslitsin subsequently worked for Group-IB, a cyber security company once headquartered in Russia, and is now employed by FACCT, a company that spun out of Group-IB's Russia-based operations company in April this year.

More than $922 million worth of cryptocurrency assets were stolen in the first half of 2023 across a total of 185 security incidents, blockchain security firm SlowMist reports.

The number is less than half compared to the first half of 2022, when hackers stole $2 billion worth of crypto across 187 incidents.

Almost half of the funds stolen this year were taken from NFT, DeFi, and cross-chain bridge platforms, which lost $487 million across 131 incidents.

Several Russia-based news outlets are reporting that Yevgeny Prigozhin is shutting down his Patriot media company in the aftermath of his failed mutiny at the head of the Wagner PMC last month.

The Patriot media group is a holding company for a dozen of Russian-language propaganda and fake news sites, such as RIA FAN, Politika Segodnya (Politics Today), Ekonomika Segodnya (Economics Today), Nevskiye Novosti (Nevsky News), and Narodnye Novosti (People's News). It is also the holding company for the Internet Research Agency—Russia's infamous "troll farm" linked to multiple instances of election interference across the world.

Prigozhin has allegedly fired all employees and plans to shut down all news sites. All this information comes from Patriot media group insiders, and Prigozhin has not made a formal statement or has been seen or heard from since leaving Russia for Belarus.

Authorities in Kazakhstan have decided to kick a hornet's nest and arrested Nikita Kislitsin, the top executive for Russian cybersecurity firm FACCT—the former Russian branch of Group-IB, which split from its parent company earlier this year.

Kislitsin was detained following an international arrest warrant issued by the United States. US authorities are seeking his extradition in relation to a case where he's accused of selling login credentials for Formspring accounts way back in 2012.

All of this happened on June 22. Six days later, on June 28, a Moscow court issued an arrest warrant in absentia in Kislitin's name on some mysterious hacking charge. No details provided.

SolarWinds executives have been formally warned by the US Securities and Exchange Commission that it plans to bring enforcement actions against them over the 2020 supply chain attack that involved compromise of the company's Orion software platform.

In its SEC filing this week, SolarWinds announced that "certain current and former executive officers and employees of the Company, including the Company’s Chief Financial Officer and Chief Information Security Officer received 'Wells Notices'". A Wells Notice indicates that SEC staff have recommended the commission pursue a civil enforcement action against the recipients because the SEC believes they may have broken US federal securities laws.

The filing doesn't make it exactly clear what the executives are thought to have done wrong, but SolarWinds' last quarterly report provides some clues. Back in October 2022, the company as a whole received its own Wells Notice, which alleged "violations of certain provisions of the U.S. federal securities laws with respect to our cybersecurity disclosures and public statements, as well as our internal controls and disclosure controls and procedures".