Newsletters

A Ukrainian man who developed and managed the IcedID malware botnet faked his own death in an attempt to escape the FBI and jail time in the US.

The unnamed suspect bribed Ukrainian cops to falsify a dead man's documents and issue a death certificate in his name.

This happened in April 2024, a month before Europol and the FBI seized IcedID servers during Operation Endgame—suggesting there was either a leak in the investigation or that the suspect saw law enforcement agencies probing his servers.

For a brief time, Microsoft appeared to be making security a priority. As with all good things, though, it appears that period has come to an end with personnel changes at the organisation signaling a shift in priorities. We fear Microsoft's goal now is not to make secure products, so much as to sell security products. 

Last week, CEO Satya Nadella announced that Microsoft's Executive Vice President of Security Charlie Bell had been replaced by Hayete Gallot, who was most recently President of customer experience at Google Cloud. Bell is stepping back from leading Microsoft's security organisation to become an individual contributor engineer. 

Now that Bell has gone, it appears the guise of "security first" has been tossed aside, and we fear the company may slip back into being a security disaster.

Singapore's cybersecurity agency says that a Chinese cyber-espionage group has breached all of the country's four major telecom providers—M1, SIMBA Telecom, Singtel, and StarHub.

The Cyber Security Agency of Singapore (CSA) attributed the attacks to a group tracked as UNC3886.

The breaches took place last year and the agency spent 11 months with industry groups investigating and evicting the hackers from the compromised networks.

SmarterTools, the company behind the SmarterMail email server, was hacked via a vulnerability in its own product.

The incident took place at the end of last month, on January 29.

The Warlock ransomware group breached 30 email servers running on the company's office network and inside a data center used for quality control testing.

Denmark's military intelligence service has launched a campaign to recruit cybersecurity specialists for offensive cyber operations.

The recruits will work "to compromise the opponents’ networks and obtain information for the benefit of Denmark’s security," the Forsvarets Efterretningstjeneste (Danish Defence Intelligence Service, or DDIS) said in a press release last week.

The new recruits will go through a five-month training course at the agency's hacker academy.

Google's announcement last week that it had disrupted the world's largest residential proxy network, IPIDEA, was welcome news. These networks are key enablers of cybercrime, and Google's action will make a significant dent in the residential proxy ecosystem. 

Residential proxy networks sell the ability to route traffic through home and business IP addresses so attackers can evade IP blocklists. Traffic in these networks is routed through everything from compromised smart devices to home users' computers. Sometimes the home users actually opt in to joining these networks, willingly installing the enabling software to earn "passive income" from their spare bandwidth. Most of the time, however, device owners are unaware. The proxy functionality is pre-loaded on devices or inadvertently installed via malware or trojanised software.

When it comes to IPIDEA, one way it acquired proxies was to pay developers to embed its software into applications via malicious SDKs. These applications would then proxy traffic for IPIDEA in addition to carrying out their main function, typically without the knowledge or consent of end users. 

Plone, a Python-based content management system, has avoided a supply chain attack at the start of this year.

A threat actor inserted malicious code in five of the organization's repositories but the modifications were spotted before they made it to any official release.

The incident was traced back to a single developer's account.

StopICE, an app that lets Americans track the location of US Immigration and Customs Enforcement (ICE) raids, has played down a recent security breach and claims to have linked the hack to "a personal server associated with a CBP agent here in SoCal."

Administrators said this wasn't the first time the same agent tried to hack or disrupt their systems.

The latest incident took place on Friday when users started receiving SMS alerts warning them to uninstall the app.

Cybersecurity firm MicroWorld Technologies, the maker of the eScan antivirus, has fallen victim to a cyberattack after an unidentified threat actor breached its software update infrastructure and deployed malware to customer environments.

The incident took place last week, on January 20, and only lasted for about an hour, according to reports from rival security firms Morphisec and Kaspersky, both of which spotted the malware being delivered to customer systems.

The final payload in the attack was a new backdoor hidden in the Reload.exe file that modified the eScan configuration to disable future updates and established a scheduled task for persistence on the infected host.

The Pall Mall Process, an international effort to reign in abusive commercial spyware, is turning its efforts toward developing opt-in industry standards. 

These kinds of voluntary, non-binding standards are all well and good, but relatively useless without strong government action.

CyberScoop has a good wrap of issues raised at a Chatham House discussion about the process in Washington DC last weekend. The topics included who the rules would apply to, plus "how to incentivize and measure compliance and what to do with companies with a chequered past".