Newsletters

A new report highlights the need to crack down on Telegram’s role as a massive enabler of transnational criminal organisations. It says Telegram is used to facilitate criminal activity ranging from cyber-enabled fraud and illegal gambling to money laundering and criminal marketplaces that sell malware, stolen data and even murder for hire. 

The report, authored by the UN Office on Drugs and Crime, examined the criminal adoption of technology and described the rapid evolution of the criminal ecosystem in Southeast Asia. 

It noted criminal groups started out running illegal or under-regulated gambling facilities, particularly in weakly governed regions including locations in Myanmar. These groups developed money laundering capabilities to handle the cash their activities generated. 

The European Council adopted on Tuesday a new sanctions framework designed to counter Russia's hybrid attacks against EU member states.

The new framework expands the type of actions the EU can leverage sanctions against the Russian government, organizations, and individuals involved in the Kremlin's ever-increasing aggression.

It's been expanded to cover:

LG and Samsung smart TVs are shipping with intrusive technology that takes snapshots of the screen in order to track what users are watching.

The technology is named "Automatic Content Recognition" (ACR) and was pioneered in the early 2010s by Shazam.

It was initially offered via software libraries and SDKs, and was found only in a few apps, such as Netflix, Hulu, and others. However, over the past few years, ACR tracking tech has slowly crept into the core firmware of almost all modern-day smart TVs—making it almost impossible to avoid if you've bought a recent TV.

Russian authorities have arrested 96 individuals linked to the Cryptex cryptocurrency exchange, the UAPS anonymous money transfer system, and 33 other illegal payment systems.

The arrests took place following house searches at 148 locations across 14 Russian regions in what Russian media has called one of the country's largest crackdowns against cybercrime and cryptocurrency gangs.

According to Russian news agency Interfax, one of the detained suspects was identified as Sergey Ivanov, the administrator of Cryptex and UAPS.

The US Department of Justice has announced the indictment of three Iranians allegedly responsible for a hack and leak operation targeting the Trump presidential campaign.

In addition to the hack and leak operation, the indictment alleges the three had been involved in a "wide-ranging hacking campaign" since 2020 and were employed by Iran's Islamic Revolutionary Guard Corp (IRGC). 

The operation was first reported by Politico on August 10 and by August 19 US agencies including the FBI and CISA had attributed it to Iran. The indictment was unsealed on September 27. This is operating at warp speed when responding to state-sponsored hacking.

This week, the Counter Ransomware Initiative is holding its yearly summit in Washington, and the US-led coalition decided to celebrate its fourth anniversary with a crackdown on everybody's "favorite" cybercrime groups—LockBit and EvilCorp.

Announcements included new LockBit arrests and server seizures, and more sanctions on newly uncovered EvilCorp members—including a former FSB Spetsnaz officer who has been quietly protecting the group from local authorities.

New LockBit ransomware arrests, server seizures, indictments

Threat actors are scanning the internet for UNIX systems that are exposing their printing ports in an attempt to exploit a set of four vulnerabilities in the CUPS printing component.

The vulnerabilities were discovered by Italian security researcher Simone Margaritelli earlier this year and were disclosed at the end of last week.

They impact CUPS, the Common UNIX Printing System, an open-source component to allow UNIX systems to function as print servers.

The US Department of Justice has charged a Russian national for operating the now-defunct Joker's Stash carding forum.

Officials say Timur Shakhmametov went online under the aliases of JokerStash and Vega. He launched Joker's Stash in October 2014 and shut down operations in February 2021, two months after Interpol and the FBI seized some of its front-facing server infrastructure.

Threat intel companies have estimated the forum made between $280 million to $1 billion by selling more than 40 million payment card details.

Corporate leaders and elected officials often ask, "What will it take to deter Volt Typhoon's operations?", but we think that is the wrong question. Perhaps a better question is "Could disrupting Volt Typhoon's operations deter China's military activities?"

Sentinel One argues the Chinese group known as Volt Typhoon cannot be deterred from its mission of compromising US critical infrastructure to enable future disruption operations in the event of a conflict with the PRC. 

Per Sentinel One:

China's main intelligence agency on Monday accused Taiwan of running an influence operation inside its borders using a fake hacktivist group named Anonymous 64.

China's Ministry of State Security says the group is run by a cyber warfare center operating under Taiwan's military, inside its Information, Communications, and Electronic Force Command (ICEFCOM).

"The center is responsible for implementing cyber cognitive warfare and public opinion warfare against the Mainland," officials wrote in a WeChat post.