Newsletters

In a Telegram post, Alexander Malkevich, the General Director of the St Petersburg TV Channel, blamed the incident on... and I kid you not... "Anglo-Saxon IT terrorists from Ukraine... whatever that means.

Greenway says that since the disruptions, Russian TV stations have constantly been changing their satellite signal configurations in an effort to outrun Ukraine's jamming.

The incident marks the most successful jamming and hijacking of Russian TV broadcasts inside occupied territories after Ukrainian IT specialists also hijacked Russian TV stations in September and August last year as well.

RedZei: William Thomas has discovered a new threat actor. He named the group RedZei, which he said engages in scam calls from Chinese-speaking fraudsters targeting Chinese international students at universities in the UK.

Data leak site on I2P: The BianLian group has become the first ransomware gang to establish a data leak portal on the I2P network.

BitRAT campaign: Qualys has an analysis of a malspam campaign distributing the BitRAT malware.

BitKeep wallet crypto-heists: Cryptocurrency wallet app BitKeep confirmed that hackers modified some of its Android APK files and deployed malicious code on the devices of some of its customers. Losses from this incident are estimated at around $8 million worth of crypto assets.

BTC.com crypto-heist: Cryptocurrency mining pool BTC.com said it was the victim of a cyber-attack that took place at the start of the month.

Defrost Finance crypto-heist: DeFi platform Defrost Finance was the victim of a flash-loan attack. Losses are estimated at $12 million, but the hacker returned the funds after three days.

Client-side encryption for Gmail: Google is adding E2EE support for Gmail's web client. The feature is currently available for Google Workspace users via a beta program. Users allowed in the beta trial will be able to send and receive encrypted emails within and outside their email domain. It's unclear when this will become available for regular Gmail personal accounts.

IE update: Microsoft says that an Edge browser update that will be released on February 14, 2023, will permanently disable Internet Explorer 11 on Windows 10. Talk about the perfect Valentine's Day gift! Lovely!

Epic Games settlement: The US FTC has settled with Epic Games, and the gaming company has agreed to pay a $520 million fine in two lawsuits that accused the company of (1) breaching COPPA and collecting data on small children, (2) and employing dark patterns to trick customers into making unintentional purchases.

Meta's numbers are eye-opening for anyone today thinking social media influence operations don't work. They obviously do; otherwise, they wouldn't have been around after five years and certainly not exploded like they did this past year.

But Meta says that we all have a skewed view of what influence operations really are and what they're used for.

While back in 2017, when Meta began tracking CIB networks, these operations would target foreign audiences, this has quickly turned, and for the past few years, the vast majority of CIB networks target internal audiences—which explains why we see influence ops in places like Uganda, Finland, or Zimbabwe.

Risky Business publishes sponsored product demos to YouTube. They're a great way for you to save the time and hassle of trying to actually get useful information out of security vendors. You can subscribe to our product demo page on YouTube here.

In our latest demo, Brett Winterford and Harish Chakravarthy demonstrate to host Patrick Grey how Okta can be used for passwordless authentication. These phishing resistant authentication flows — even if they are not rolled out to all users — can also be used as a high-quality signal of phishing attempts that can be used to trigger automated follow-on actions.

People are already examining how ChatGPT, which describes itself as "the most advanced artificial intelligence on the market" and claims to "deliver stunningly accurate responses to your every question and comment" can be used maliciously.

Twitter’s failed attempt to block bot farms: After Elon Musk, Twitter's controversial CEO, bragged on social media that he had a surprise for all the bot farms, Twitter managed to spectacularly shoot itself in the foot on Monday when the company blocked entire IP address blocks for around 30 mobile carriers across Asia. According to Platformer, this included the primary telecom providers in India and Russia, as well as the second-largest telecom in Indonesia. However, the block was short-lived, as Twitter had to revert its decision a few hours later after telcos and users complained all over Asia about not being able to access the service—go figure! The social network also officially dissolved its Trust and Safety Board as well on Monday, as, let's face it, it was getting in the way of Musk's attempts to influence US politics at this point.

Manipulated academic imagery: Dr. Neal Krawetz has an interesting write-up on the practice of forging and editing images in academic studies and how these can be spotted.

Vivaldi gets Mastodon support: Vivaldi browser version 5.6, released last week, now comes with a Mastodon widget.

Rackspace faces three CALs: Cloud hosting provider Rackspace will have to defend at least three different class-action lawsuits related to a ransomware attack that hit a part of its server infrastructure and has left countless companies without access to their email servers. In an interview last week, Rackspace suggested they might not be able to recover all their customers' data, which they referred to as "legacy data." The company also appears to have given up on hosting Exchange email servers in its cloud and said it was migrating all its existing customers to Microsoft 365. Migrating its Exchange customers to a rival will cost the company $30 million, according to documents Rackspace filed with the SEC.

Lodestar Finance crypto-heist: A threat actor has abused an exploit in the smart contract of the Lodestar Finance DeFi platform and has stolen more than $5.8 million worth of cryptocurrency. The platform said it already recovered $2.4 million of the stolen funds and is still working to secure the rest. Just like most cryptocurrency platforms that get popped these days, Lodestar has offered to let the hacker keep some of the stolen funds and hide the intrusion under a "white-hat agreement."

Edge support on Windows 7/8: Microsoft plans to end support for its Edge web browser on Windows 7 and Windows 8/8.1 versions next year, on January 10, 2023. This is the same date when both Windows 7 and Windows 8/8.1 will reach End-Of-Life (EOL) after their extended support periods expire. Google also announced earlier this fall that Chrome version 110 would be the last to support both Windows 7 and Windows 8/8.1. Chrome 110 is scheduled for release in February 2023.

Finally, the third and most positively welcomed feature is Advanced Data Protection for iCloud, which lets users encrypt their iCloud data, including iCloud Backup, Photos, Notes, and others. According to an Apple documentation page, 23 different iCloud data categories can be encrypted.

The feature is also opt-in, so users will have to manually enable it.

Furthermore, Advanced Data Protection for iCloud uses an end-to-end encryption (E2EE) scheme, meaning there's a chance that if you lose access to your devices, you may lose all your encrypted backups and their respective data.

Microsoft continues to position itself as a bulwark against digital authoritarianism, but keeps pushing its rhetoric beyond the available evidence. This is consequential stuff, and we're disappointed that Microsoft seems more interested in hyping threats as opposed to seeking to help people understand them.

A few recent examples:

On Saturday, Microsoft released an article on "Preparing for a Russian cyber offensive against Ukraine this winter". In this article, Microsoft promotes the view that Russia is launching coordinated cyber and conventional attacks: