Newsletters

The infrastructure that supports the Resource Public Key Infrastructure (RPKI) security standard is not as secure as one would believe and is prone to multiple attacks that could hinder or crash global internet routing.

A new research paper that will be presented next week at the Network and Distributed System Security (NDSS) Symposium looks at a type of server that is part of the RPKI infrastructure known as PP, standing for Publishing Point, and how attacking these servers can prevent routers from validating routing information.

The topic of internet routing and its security protocols is a complex one, so here are the main acronyms and terms that we'll be using and what they mean:

A groundswell of officials are calling for European countries to build cyber capabilities to  strike back against adversaries. It's a fine sentiment, but if Europe had the cojones to strike back it could have done so already with the options it currently has. 

Last week, speaking on the sidelines of the Munich Security Conference, the European Commission's Executive Vice President for Tech Sovereignty, Security and Democracy, Henna Virkkunen, told Politico that "it's not enough that we are just defending ... We also have to have offensive capacity". 

At the same conference, other European officials, including intelligence chiefs expressed similar sentiments. NATO Deputy Secretary General Radmila Shekerinska said that collectively, the alliance's objective should be, "to take action and to be able to strike back" against cyber threats. Shekerinska called out Russia and China as significant threats. 

A supply chain attack has planted backdoors inside the firmware of multiple Android tablet makers. Incidents of tainted firmware updates have been traced back to as far as August 2023.

The firmware images were infected with a new backdoor named Keenadu.

Spotted and analyzed by Kaspersky in a report released on Tuesday, the backdoor is injected in Zygote, the central core process of the Android operating system from where it cannot be removed without a full device flash and reinstall.

Following growing international pressure, the Cambodian government has promised to crack down and dismantle cyber scam networks operating within its borders by April this year.

The government says it raided 190 locations in January alone, and arrested more than 2,500 suspects.

More than 110,000 foreigners who used to work in the scam compounds, by force or voluntary, have also been freed and left the country already, according to the country's Commission for Combating Online Scams (CCOS).

A Ukrainian man who developed and managed the IcedID malware botnet faked his own death in an attempt to escape the FBI and jail time in the US.

The unnamed suspect bribed Ukrainian cops to falsify a dead man's documents and issue a death certificate in his name.

This happened in April 2024, a month before Europol and the FBI seized IcedID servers during Operation Endgame—suggesting there was either a leak in the investigation or that the suspect saw law enforcement agencies probing his servers.

For a brief time, Microsoft appeared to be making security a priority. As with all good things, though, it appears that period has come to an end with personnel changes at the organisation signaling a shift in priorities. We fear Microsoft's goal now is not to make secure products, so much as to sell security products. 

Last week, CEO Satya Nadella announced that Microsoft's Executive Vice President of Security Charlie Bell had been replaced by Hayete Gallot, who was most recently President of customer experience at Google Cloud. Bell is stepping back from leading Microsoft's security organisation to become an individual contributor engineer. 

Now that Bell has gone, it appears the guise of "security first" has been tossed aside, and we fear the company may slip back into being a security disaster.

Singapore's cybersecurity agency says that a Chinese cyber-espionage group has breached all of the country's four major telecom providers—M1, SIMBA Telecom, Singtel, and StarHub.

The Cyber Security Agency of Singapore (CSA) attributed the attacks to a group tracked as UNC3886.

The breaches took place last year and the agency spent 11 months with industry groups investigating and evicting the hackers from the compromised networks.

SmarterTools, the company behind the SmarterMail email server, was hacked via a vulnerability in its own product.

The incident took place at the end of last month, on January 29.

The Warlock ransomware group breached 30 email servers running on the company's office network and inside a data center used for quality control testing.

Denmark's military intelligence service has launched a campaign to recruit cybersecurity specialists for offensive cyber operations.

The recruits will work "to compromise the opponents’ networks and obtain information for the benefit of Denmark’s security," the Forsvarets Efterretningstjeneste (Danish Defence Intelligence Service, or DDIS) said in a press release last week.

The new recruits will go through a five-month training course at the agency's hacker academy.

Google's announcement last week that it had disrupted the world's largest residential proxy network, IPIDEA, was welcome news. These networks are key enablers of cybercrime, and Google's action will make a significant dent in the residential proxy ecosystem. 

Residential proxy networks sell the ability to route traffic through home and business IP addresses so attackers can evade IP blocklists. Traffic in these networks is routed through everything from compromised smart devices to home users' computers. Sometimes the home users actually opt in to joining these networks, willingly installing the enabling software to earn "passive income" from their spare bandwidth. Most of the time, however, device owners are unaware. The proxy functionality is pre-loaded on devices or inadvertently installed via malware or trojanised software.

When it comes to IPIDEA, one way it acquired proxies was to pay developers to embed its software into applications via malicious SDKs. These applications would then proxy traffic for IPIDEA in addition to carrying out their main function, typically without the knowledge or consent of end users.