Newsletters

The reasons for this demise are layered and complex and not the simple and straightforward answer that we can usually find in most cases.

The war in Ukraine, the US Treasury's sanctions crackdown on cryptocurrency money launderers, major law enforcement busts, and the general collapse of the cryptocurrency ecosystem as a whole have all had their role in slowing down criminal operations.

For example, as Chainalysis experts put it—people are less likely to fall for scams if they think the entire ecosystem is down and aren't interested in making new investments.

Blockchain analysis firm Elliptic, which documented and confirmed the hack, says Solaris was one of the largest drug markets on the dark web last year, processing around $150 million in sales of drugs and other illegal goods and services in its short lifespan.

Elliptic says the market was closely associated with Killnet, a pro-Kremlin hacktivist group, although it's unclear if the group was also in charge of the market itself.

In December last year, Alex Holden, a US security researcher with Ukrainian roots, claimed to have hacked Solaris and stolen $25,000 worth of cryptocurrency, which he later donated to Ukrainian charity organizations.

Risky Business publishes sponsored product demos to YouTube. They're a great way for you to save the time and hassle of trying to actually get useful information out of security vendors. You can subscribe to our product demo page on YouTube here.

In our latest demo, Brett Winterford and Harish Chakravarthy demonstrate to host Patrick Grey how Okta can be used for passwordless authentication. These phishing resistant authentication flows — even if they are not rolled out to all users — can also be used as a high-quality signal of phishing attempts that can be used to trigger automated follow-on actions.

Russian cyber security firms have found that hackers have used the fear of "moblisation", i.e. conscription into Russia's war effort, to steal Telegram credentials in a successful large-scale campaign. The lure used was a link to a site that purportedly contained the list of people who could be drafted into the Russian army to fight in Ukraine this February.

Primarily because of its dominance in both online search and ads, Google hosts most of these campaigns.

The most annoying part of all of this is that Google's support and security teams appear to have been caught on the back foot and are completely unprepared for what's currently going on. Both security researchers and companies who had their brands abused say they've found it difficult to get Google to act and remove the malicious content from search results, a situation that invites more abuse for the foreseeable future.

Hacked Harmony funds move: North Korean hackers have moved and laundered more than $63.5 million worth of Ether from funds stolen in June last year from the Harmony bridge platform. The stolen funds were laundered and then deposited in accounts at cryptocurrency platforms Binance, Huobi, and OKX. Binance and Huobi froze a small portion of the funds, but the bulk is still under the hackers' control. The hack is believed to have been carried out by the Lazarus Group, a group of government-backed North Korean hackers.

Potocki says that since January 2022, MSI has been shipping MSI firmware updates that contain the new insecure Secure Boot defaults.

Tens of MSI motherboard models currently ship with these new settings for both Intel and AMD CPUs, impacting both Windows and Linux distros. A full list of impacted MSI motherboard models is available here.

While it may take some time for MSI to ship new firmware versions with fixed settings for its Secure Boot section, Potocki recommends that all MSI motherboard owners who rely on Secure Boot go into their UEFI/BIOS and change away from "Always Execute" to another policy.

Throughout the past year, the group has targeted countries and private companies that showed any kind of public support for Ukraine and its fight against Russia's invasion.

For example, the group targeted Finnish government websites shortly after the country announced its intention to join NATO and Lithuanian railways shortly after they blocked Russian goods transiting to Russia's Kaliningrad exclave.

Other targets included Ukrainian newspapers and schools, and entities across Norway, Estonia, and Poland.

Risky Business publishes sponsored product demos to YouTube. They're a great way for you to save the time and hassle of trying to actually get useful information out of security vendors. You can subscribe to our product demo page on YouTube here.

In our latest demo, Brett Winterford and Harish Chakravarthy demonstrate to host Patrick Grey how Okta can be used for passwordless authentication. These phishing resistant authentication flows — even if they are not rolled out to all users — can also be used as a high-quality signal of phishing attempts that can be used to trigger automated follow-on actions.

We briefly examined the possible cyber security threats presented by ChatGPT in our final newsletter edition of 2022 and since then new research has been published that explores how it could be used by criminals and how it actually is being used.

SugarCRM released an official patch a week after public disclosure. The company said that all users who run on-premise servers of its SugarCRM Sell, Serve, Enterprise, Professional, and Ultimate services should apply the update to avoid future attacks.

The company says it has hired a forensics firm to investigate the one-week time window during which its cloud platform was exposed to possible attacks.

No CVE has been assigned to this issue yet.

In a Telegram post, Alexander Malkevich, the General Director of the St Petersburg TV Channel, blamed the incident on... and I kid you not... "Anglo-Saxon IT terrorists from Ukraine... whatever that means.

Greenway says that since the disruptions, Russian TV stations have constantly been changing their satellite signal configurations in an effort to outrun Ukraine's jamming.

The incident marks the most successful jamming and hijacking of Russian TV broadcasts inside occupied territories after Ukrainian IT specialists also hijacked Russian TV stations in September and August last year as well.

RedZei: William Thomas has discovered a new threat actor. He named the group RedZei, which he said engages in scam calls from Chinese-speaking fraudsters targeting Chinese international students at universities in the UK.

Data leak site on I2P: The BianLian group has become the first ransomware gang to establish a data leak portal on the I2P network.

BitRAT campaign: Qualys has an analysis of a malspam campaign distributing the BitRAT malware.