Newsletters

This week, the Counter Ransomware Initiative is holding its yearly summit in Washington, and the US-led coalition decided to celebrate its fourth anniversary with a crackdown on everybody's "favorite" cybercrime groups—LockBit and EvilCorp.

Announcements included new LockBit arrests and server seizures, and more sanctions on newly uncovered EvilCorp members—including a former FSB Spetsnaz officer who has been quietly protecting the group from local authorities.

New LockBit ransomware arrests, server seizures, indictments

Threat actors are scanning the internet for UNIX systems that are exposing their printing ports in an attempt to exploit a set of four vulnerabilities in the CUPS printing component.

The vulnerabilities were discovered by Italian security researcher Simone Margaritelli earlier this year and were disclosed at the end of last week.

They impact CUPS, the Common UNIX Printing System, an open-source component to allow UNIX systems to function as print servers.

The US Department of Justice has charged a Russian national for operating the now-defunct Joker's Stash carding forum.

Officials say Timur Shakhmametov went online under the aliases of JokerStash and Vega. He launched Joker's Stash in October 2014 and shut down operations in February 2021, two months after Interpol and the FBI seized some of its front-facing server infrastructure.

Threat intel companies have estimated the forum made between $280 million to $1 billion by selling more than 40 million payment card details.

Corporate leaders and elected officials often ask, "What will it take to deter Volt Typhoon's operations?", but we think that is the wrong question. Perhaps a better question is "Could disrupting Volt Typhoon's operations deter China's military activities?"

Sentinel One argues the Chinese group known as Volt Typhoon cannot be deterred from its mission of compromising US critical infrastructure to enable future disruption operations in the event of a conflict with the PRC. 

Per Sentinel One:

China's main intelligence agency on Monday accused Taiwan of running an influence operation inside its borders using a fake hacktivist group named Anonymous 64.

China's Ministry of State Security says the group is run by a cyber warfare center operating under Taiwan's military, inside its Information, Communications, and Electronic Force Command (ICEFCOM).

"The center is responsible for implementing cyber cognitive warfare and public opinion warfare against the Mainland," officials wrote in a WeChat post.

The developers of several of today's top infostealers have found several ways to bypass Chrome's new App-Bound Encryption security feature.

Infostealers such as Lumar, Lumma, Meduza, Vidar, and WhiteSnake have told their "customers" they can now bypass the feature and retrieve authentication cookies that were recently coming back encrypted.

Added in Chrome v127, released in mid-July, the App-Bound Encryption feature works by encrypting data related to the Chrome browser process. This data can be decrypted only from an admin-level account.

The Tor Project says that regular Tor browser users are not affected by a deanonymization attack used by German law enforcement to catch the administrator of a dark web CSAM forum named Boystown.

German TV network NDR reported on Wednesday that German police had been secretly recording traffic entering the Tor network via nodes located in Germany over the past years.

According to technical documents obtained by NDR reporters and reviewed by security experts from Germany's infamous Chaos Computer Club (CCC), authorities used a "timing attack" to analyze traffic entering and leaving Tor nodes and correlate users visiting certain Tor sites to their real-life IP addresses.

The US government has imposed a new set of sanctions against Intellexa, the company behind the Predator commercial spyware.

New sanctions were levied against five individuals and a company associated with the Intellexa Consortium—the parent entity at the top of a network of shell companies and resellers designed to obfuscate its affairs.

Recipients of the new US Treasury sanctions include executives of Intellexa's smaller business units.

The US government says that RT (formerly known as Russia Today) has morphed from a news organization into a fully active intelligence asset for the Russian government.

The US State Department says that at the start of 2023, the Russian government embedded a Russian intelligence unit with cyber capabilities inside RT.

State officials did not explain the role of this unit but say that since then, RT has engaged in "information operations, covert influence, and military procurement" across Europe, Africa, and North and South America.

A mysterious threat actor has built a giant botnet by infecting over 1.3 million Android TV set-top boxes across the globe.

The devices were infected with a new backdoor named Vo1d.

The malware's main function is to gain reboot persistence on the device through three different methods and then watch a folder and install any Android APK file placed there.