Newsletters

The Russian Foreign Intelligence Service (SVR)-linked group that initially breached Microsoft in November is still accessing the vendor’s systems. 

Microsoft originally disclosed the breach in late January and attributed it to a group it calls Midnight Blizzard, which has been linked to Russia's SVR by the US and UK governments. 

Last Friday, Microsoft announced in a blog post and SEC filing that Midnight Blizzard was continuing to gain access to Microsoft systems including "some of the company’s source code repositories and internal systems". Microsoft writes:

The Tor Project has launched this week a new anti-censorship tool named WebTunnel.

WebTunnel is a new type of Tor bridge, a type of secret server that are not listed in Tor's public directory. 

Because they are not public, Tor bridges are typically used in oppressive countries to allow users to connect to the Tor network.

Microsoft says that Russian state-sponsored hackers successfully gained access to some of its internal systems and source code repositories.

The intrusions are the latest part of a security breach that began in November of last year and which Microsoft first disclosed in mid-January.

Initially, the company said hackers breached corporate email servers and stole inboxes from the company's senior leadership, legal, and cybersecurity teams.

The FBI has published its yearly Internet Crime Report [PDF], and the main takeaway from this year's edition is that Americans are really bad at spotting cryptocurrency-themed investment scams.

For the first time since the FBI started putting out its yearly report in the early 2010s, last year, Americans lost more money to crypto-investment scams than all BEC incidents combined.

Americans lost $4.57 billion to investment scams last year, of which $3.94 billion were linked to crypto schemes.

A senior Russian media figure has published a recording of German Ministry of Defence (Bundeswehr) officials discussing the implications of providing Ukraine with medium-range cruise missiles. 

The story here is not that German security is poor, but that Russia is publishing raw intelligence to sow discord in the country. 

Margarita Simonyan, editor-in-chief at RT, the Russian state-controlled TV outlet, published the 38-minute audio recording on Friday 1 March saying "comrades in uniforms" had given her the recording. 

Chinese company ACEMAGIC has confirmed that early batches of some of its new mini PC models were shipped with pre-installed malware.

Malware such as the Redline infostealer and the Bladabindi backdoor were found in the Windows OS system recovery section of its mini PCs. In some cases, malware was also found in the mini PCs' RGB lighting driver.

The infections were initially found by YouTube hardware review channel The Net Guy Reviews, later confirmed by The Gadgeteer and reconfirmed by other reviewers and some of the company's customers.

Intellexa—the holding company that sells and operates the Predator spyware—has taken servers offline after two security firms exposed the company's brand-new infrastructure.

Reports from Sekoia and Recorded Future provided details on new domains and servers used as part of the Predatory attack and delivery platform.

The reports provided insights on how and from where Intellexa customers were launching operations against their targets. It included details on suspected phishing and social engineering domains and "delivery servers" that hosted and sent the Predator spyware to devices that needed to be infected.

The White House has issued an executive order to ban the sale of Americans' personal data to hostile countries, such as China, Russia, and Iran.

The executive order directs the Department of Justice to issue regulations for the data brokerage market.

The new rules will bar data brokers from selling or transferring abroad certain types of data that are considered to be too sensitive.

This week the US Office of the National Cyber Director (ONCD) published a report calling for the adoption of memory safe programming languages. 

It's remarkable such a technical document has been published by the White House.

The report has the overarching goal of addressing what the ONCD calls in its fact sheet the "urgent need to address undiscovered vulnerabilities''. It notes that if every single known vulnerability were fixed, undiscovered vulnerabilities would still present additional risk.

The US Commerce Department has sanctioned Canadian company Sandvine for providing internet mass surveillance technology to the Egyptian government.

In a press release, US government officials said Sandvine's networking equipment was used to monitor and censor internet traffic in Egypt and target local political figures and human rights activists.

Sandvine Canada and five of its subsidiaries were added to the Commerce Department's Bureau of Industry and Security (BIS) Entity List.