Newsletters

Potocki says that since January 2022, MSI has been shipping MSI firmware updates that contain the new insecure Secure Boot defaults.

Tens of MSI motherboard models currently ship with these new settings for both Intel and AMD CPUs, impacting both Windows and Linux distros. A full list of impacted MSI motherboard models is available here.

While it may take some time for MSI to ship new firmware versions with fixed settings for its Secure Boot section, Potocki recommends that all MSI motherboard owners who rely on Secure Boot go into their UEFI/BIOS and change away from "Always Execute" to another policy.

Throughout the past year, the group has targeted countries and private companies that showed any kind of public support for Ukraine and its fight against Russia's invasion.

For example, the group targeted Finnish government websites shortly after the country announced its intention to join NATO and Lithuanian railways shortly after they blocked Russian goods transiting to Russia's Kaliningrad exclave.

Other targets included Ukrainian newspapers and schools, and entities across Norway, Estonia, and Poland.

Risky Business publishes sponsored product demos to YouTube. They're a great way for you to save the time and hassle of trying to actually get useful information out of security vendors. You can subscribe to our product demo page on YouTube here.

In our latest demo, Brett Winterford and Harish Chakravarthy demonstrate to host Patrick Grey how Okta can be used for passwordless authentication. These phishing resistant authentication flows — even if they are not rolled out to all users — can also be used as a high-quality signal of phishing attempts that can be used to trigger automated follow-on actions.

We briefly examined the possible cyber security threats presented by ChatGPT in our final newsletter edition of 2022 and since then new research has been published that explores how it could be used by criminals and how it actually is being used.

SugarCRM released an official patch a week after public disclosure. The company said that all users who run on-premise servers of its SugarCRM Sell, Serve, Enterprise, Professional, and Ultimate services should apply the update to avoid future attacks.

The company says it has hired a forensics firm to investigate the one-week time window during which its cloud platform was exposed to possible attacks.

No CVE has been assigned to this issue yet.

In a Telegram post, Alexander Malkevich, the General Director of the St Petersburg TV Channel, blamed the incident on... and I kid you not... "Anglo-Saxon IT terrorists from Ukraine... whatever that means.

Greenway says that since the disruptions, Russian TV stations have constantly been changing their satellite signal configurations in an effort to outrun Ukraine's jamming.

The incident marks the most successful jamming and hijacking of Russian TV broadcasts inside occupied territories after Ukrainian IT specialists also hijacked Russian TV stations in September and August last year as well.

RedZei: William Thomas has discovered a new threat actor. He named the group RedZei, which he said engages in scam calls from Chinese-speaking fraudsters targeting Chinese international students at universities in the UK.

Data leak site on I2P: The BianLian group has become the first ransomware gang to establish a data leak portal on the I2P network.

BitRAT campaign: Qualys has an analysis of a malspam campaign distributing the BitRAT malware.

BitKeep wallet crypto-heists: Cryptocurrency wallet app BitKeep confirmed that hackers modified some of its Android APK files and deployed malicious code on the devices of some of its customers. Losses from this incident are estimated at around $8 million worth of crypto assets.

BTC.com crypto-heist: Cryptocurrency mining pool BTC.com said it was the victim of a cyber-attack that took place at the start of the month.

Defrost Finance crypto-heist: DeFi platform Defrost Finance was the victim of a flash-loan attack. Losses are estimated at $12 million, but the hacker returned the funds after three days.

Client-side encryption for Gmail: Google is adding E2EE support for Gmail's web client. The feature is currently available for Google Workspace users via a beta program. Users allowed in the beta trial will be able to send and receive encrypted emails within and outside their email domain. It's unclear when this will become available for regular Gmail personal accounts.

IE update: Microsoft says that an Edge browser update that will be released on February 14, 2023, will permanently disable Internet Explorer 11 on Windows 10. Talk about the perfect Valentine's Day gift! Lovely!

Epic Games settlement: The US FTC has settled with Epic Games, and the gaming company has agreed to pay a $520 million fine in two lawsuits that accused the company of (1) breaching COPPA and collecting data on small children, (2) and employing dark patterns to trick customers into making unintentional purchases.

Meta's numbers are eye-opening for anyone today thinking social media influence operations don't work. They obviously do; otherwise, they wouldn't have been around after five years and certainly not exploded like they did this past year.

But Meta says that we all have a skewed view of what influence operations really are and what they're used for.

While back in 2017, when Meta began tracking CIB networks, these operations would target foreign audiences, this has quickly turned, and for the past few years, the vast majority of CIB networks target internal audiences—which explains why we see influence ops in places like Uganda, Finland, or Zimbabwe.

Risky Business publishes sponsored product demos to YouTube. They're a great way for you to save the time and hassle of trying to actually get useful information out of security vendors. You can subscribe to our product demo page on YouTube here.

In our latest demo, Brett Winterford and Harish Chakravarthy demonstrate to host Patrick Grey how Okta can be used for passwordless authentication. These phishing resistant authentication flows — even if they are not rolled out to all users — can also be used as a high-quality signal of phishing attempts that can be used to trigger automated follow-on actions.

People are already examining how ChatGPT, which describes itself as "the most advanced artificial intelligence on the market" and claims to "deliver stunningly accurate responses to your every question and comment" can be used maliciously.