Newsletters

Security firm Sekoia says most Chinese cyber operations are now conducted by China's Ministry of State Security. The ministry is one of the big three Chinese government bodies with offensive cyber capabilities, alongside the People's Liberation Army (PLA) and the Ministry of Public Safety (MPS).

MSS cyber activity has increased while the once-active Chinese military has slowed down considerably. Sekoia says MSS cyber operations have dominated since at least 2021.

Activity from PLA-linked APTs like BlackTech, Naikon, Tonto Team, and Tick has gone down, while more MSS-linked groups have emerged, such as APT10, APT31, APT40, APT41, Mustang Panda, and Lucky Mouse.

Predicting Trump’s second-term moves is a mug’s game, but here’s our best guess: cybersecurity policy initiatives will be sensible but unambitious, while the intelligence community (IC) will be asked to carry out bold—and maybe even bonkers—operations.

This is based on our examination of Trump's first term which, from a narrow cyber security perspective, was just fine. 

In 2017, for example, Trump issued an executive order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, and expanded on this in 2018 with the release of a National Cyber Strategy. These were both sensible efforts, not as ambitious as the Biden administration's 2023 strategy, but entirely appropriate for the time. 

Ten of the 15 most frequently exploited vulnerabilities last year were initially zero-days, CISA said in a joint report published with cybersecurity agencies from Five Eyes countries on Tuesday.

This includes ifamous zero-days, such as the one that forced Barracuda to tell customers to replace all ESG appliances, the zero-day used in the MOVEit hacking spree, and the CitrixBleed vulnerability.

Because zero-days dominated last year's Top 15, 2023 marks the first time CISA's Top Exploited Vulnerabilities list is dominated by new CVEs.

The European Union has told Chinese e-commerce giant Temu to follow consumer protection laws or face major fines.

The EU says Temu uses fake discounts, pressure selling tactics, forced gamification, and fake reviews to trick users into buying products from its online marketplace.

The company also allegedly displays incomplete or incorrect information about consumers' rights to return goods and receive their refund backs, and also hides contact details so customers cannot file complaints.

Russia's internet watchdog agency, the Roskomnadzor, has blocked traffic to Cloudflare-hosted websites that use the new Encrypted Client Hello (ECH) technology.

Users in Russia and abroad started reporting issues with accessing a large number of websites on Wednesday, November 6.

Roskomnadzor, through its Center for Monitoring and Control of Public Communications Networks department, says it took the decision after Cloudflare enabled ECH by default for customer accounts in October.

Cybersecurity firm Sophos' counterintelligence efforts against malicious actors targeting its firewall products will set new standards for acceptable and desirable behaviour from vendors.

Last week, Sophos released details of an evolving, five-year effort to counter China-based groups targeting its firewalls. The report details the cut and thrust between Sophos and a loose collection of Chinese hacking groups, and how each responded and adapted to the others' actions. 

The saga started in 2018 with the compromise of a computer driving a wall-mounted display at Cyberoam, an Indian subsidiary of Sophos. This breach appeared mundane, but pulling on the string revealed that the actor had compromised other machines on Cyberoam's network with a sophisticated rootkit. Wired reports that "in retrospect, the company believes that initial intrusion was designed to gain intelligence about Sophos products that would enable follow-on attacks on its customers". 

Microsoft will add a new security system to Windows 11 that will protect admin accounts when they perform highly privileged and sensitive actions.

Named "Admin Protection," the system is currently being tested in Windows 11 canary builds.

The new feature works by taking all the elevated privileges an admin needs and putting them into a separate super admin account that's—most of the time—disabled and locked away inside the core of the operating system.

Something is rotten in the state of Cambodia, according to an increasing number of reports that cyber scam compound operators are now receiving protection from local police and government officials.

The perfect example of this new reality is the incident surrounding the recent "arrests" at Mango Park, a cyber scam compound in the country's Kampong Speu province.

A report from South Korean national television KBS presented the story of a South Korean who was duped by the promise of a high-paying job to travel to Cambodia, where he was held against and forced to work on online scams at Mango Park. He was freed after his family paid a ransom, and once back home, he shared with reporters how local police had protected the scam compound when he tried to complain.

DHL tracking system hack: A cyberattack has disrupted a package tracking tool used by German logistics giant DHL. DHL has confirmed the incident and says it's working with the tracking tool's developer to restore systems. According to a report from Better Retailing, the tool was developed by British company Microlise.

Interbank security breach: Peru's fourth-largest bank has confirmed that a threat actor managed to steal data on some of its customers from a third-party company. The admission comes after Interbank suffered a technical glitch earlier this week and after its customer data was flaunted on hacking forums shortly after. The bank is believed to have between 2 and 3 million customers. [Additional coverage in Infobae America]

Colorado election system password leaks: The Colorado Department of State has accidentally posted a document online that contained the partial passwords for the state's voting machines. Officials have since removed the document and changed passwords. They also notified CISA and said the incident won't affect next week's election. [Additional coverage in StateScoop]

Law enforcement agencies from multiple countries have disrupted the operations of the Redline and META infostealers.

The takedown took place on Monday as part of what authorities called Operation Magnus.

Officials seized three servers in the Netherlands, took control of two domain names, and arrested two other suspects in Belgium.