Newsletters

An emergency certificate revocation initiated by DigiCert earlier this week has met a brick wall after the company got sued by one of its customers and several critical infrastructure operators raised safety concerns.

DigiCert initiated the certificate revocation on Monday as part of the normal procedures and agreements between Certificate Authorities (CAs) and browser and OS makers like Microsoft, Apple, Google, and Mozilla.

According to rules established by the CA/B Forum, DigiCert is mandated to revoke any certificates it issued through invalid procedures.

An apparent leak from its Ministry of Justice suggests the Israeli government seized documents and computers from NSO Group to prevent potentially damaging material from being provided to litigants in a US court case. 

WhatsApp filed suit against NSO Group in 2019 after the company discovered that NSO Group had targeted about 1,400 of its users with Pegasus malware, which has been used to facilitate human rights violations around the world. WhatsApp is seeking an injunction blocking NSO Group from accessing its computer systems, which would effectively end NSO Group's ability to target WhatsApp users. 

The court process includes a formal discovery phase in which parties to a case exchange relevant information, including otherwise sensitive documents. 

New numbers released at the end of last week suggest that US NIST is unlikely to make any significant progress in addressing a backlog of unprocessed vulnerabilities at the National Vulnerability Database (NVD).

The backlog began in February when NIST analysts slowed down the rate at which they were processing and enriching NVD entries, releasing many CVEs with little to no information about the nature of the security flaw, severity scores, and fixed or vulnerable software versions.

The slowdown had a major impact on the vulnerability management section of the cybersecurity community, which was relying on these entries to help inform customers about which bugs to patch first.

The Secure Boot system on more than 800 motherboard models across 10 different vendors is basically useless now after an extremely sensitive cryptographic key was accidentally leaked online last year.

The key was leaked via a now-removed GitHub repository in 2023 and discovered earlier this year by firmware security firm Binarly.

It allegedly came from an (unnamed) Original Device Manufacturer (ODM), which in turn received it from American Megatrends International (AMI), a company known for developing BIOS/UEFI products.

A team of Chinese academics has discovered a new type of DNS attack that impacts almost a quarter of all open DNS resolvers running on the internet.

Named TuDoor, the attack uses malformed DNS packets to trigger logic errors inside DNS software. The attack specifically targets the part of the DNS resolver that prepares DNS responses for user queries.

Academics say they can use a quick succession of malformed packets to poison a DNS resolver's cache, cause a denial of service, or increase a server's resource consumption.

An eye-opening report describes a cyber crime supply chain with connections to Chinese organised crime, illegal online gambling, money laundering, human trafficking and even sponsorships with European sports teams.

Infoblox, the security firm that authored the report, said this supply chain was controlled by a single actor it calls Vigorish Viper. The main purpose of the enterprise was to facilitate illegal online gambling for residents of what the report calls 'Greater China'. (This term isn't defined in the report, but from our reading of it we think it includes mainland China, Hong Kong, and Macau, but not Taiwan).  

Infoblox said the supply chain was organised into multiple entities performing different functions to "shield the operators from scrutiny and legal consequences". In OPSEC terms, Vigorish Viper compartmentalises its operations so the disruption of any single entity (such as a money launderer, hosting provider or payment service) by law enforcement action does not cripple the entire operation. 

In January this year, Russian hackers used a novel piece of ICS malware to cut the heating and hot water to over 600 apartment buildings in the city of Lviv, Ukraine.

The incident is believed to have impacted apartment blocks in Lviv's Sykhiv residential area. More than 100,000 people are believed to have been left without heating for almost two days as one of the city's heating providers, Lvivteploenergo, restored service.

The attack used a malware strain named FrostyGoop, according to a report released by industrial security firm Dragos this week.

Around 8.5 million Windows systems went down on Friday in one of the worst IT outages in history.

The incident was caused by a faulty configuration update to the CrowdStrike Falcon security software that caused Windows computers to crash with a Blue Screen of Death (BSOD).

Since CrowdStrike Falcon is an enterprise-centric EDR, the incident caused crucial IT systems to go down in all the places you don't usually want them to go out.

Russian authorities have allegedly arrested a member of the Trickbot cybercrime gang in Moscow this week.

According to a report from Russian news channel Baza, authorities have detained a 37-year-old man named Fedor Andreev on the morning of July 15 in a house in South Moscow.

Andreev was allegedly detained based on an Interpol red notice issued by Germany in May.

Western cyber security agencies are co-authoring reports with an increasing number of overseas agencies into Chinese cyber activity. And China doesn't seem to like it. 

The Australian Signals Directorate last week issued an advisory co-authored with German, Korean and Japanese intelligence, cyber security and law enforcement agencies, as well as the standard Five Eyes agencies that regularly contribute to advisories.

The advisory documented two successful compromises of Australian organisations and resulting investigations by the Australian Cyber Security Centre (ACSC).