This profile is from a federated server and may be incomplete. Browse more on the original instance.
-UK summons Russian ambassador over hacking campaigns
-US charges two FSB APT members
-Former security exec sues Twitter
-Reuters temporarily removes Appin hacker-for-hire article
-23AndMe activates the lawyers
-Meta rolls out E2EE for Messenger
-Law enforcement have been using push notifications for surveillanec
-VPN users explode in Russia
-Windows 12 to come in June 2024
-Chrome 120 is out
-CISA recommends memory-safe langs
Is Twitch just endless commercials now?
PwC's security team has published a report going over SnappyTCP, a Linux reverse shell used in attacks by the Teal Kurma (Sea Turtle) APT: https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/tortoise-and-malwahare.html
Previous reporting linked the group to Türkiye.
Meta has started enabling end-to-end encryption (E2EE) conversations for all Facebook Messenger users.
The company says the roll-out phase will take a few months to complete, but it will cover all of its one billion Messenger users.
Atlassian has released four security updates to patch RCE vulnerabilities across several products.
They're all pretty bad, so patch ASAP.
Microsoft has a new CISO in Igor Tsyganskiy
UK summons Russian ambassador over hacking campaigns: https://www.gov.uk/government/news/uk-exposes-attempted-russian-cyber-interference-in-politics-and-democratic-processes
NCSC report on Star Blizzard (ColdRiver) activity is here: https://www.ncsc.gov.uk/news/star-blizzard-continues-spear-phishing-campaigns
Microsoft also released IOCs and TTPs: https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/
Sanctions were also levied against two Russians, including an FSB officer, for their role in the APT group
Just a reminder that even if you get the RiskyBizNews newsletter via email, you can always find it on the web at https://riskybiznews.substack.com
The web version is better because I will often update it to fix typos, broken links, or add better links (i.e., English coverage for some articles that appeared in local press).
The amount of Russian propaganda in the social media and news site comments in Romania is absolutely staggering.
Literally everything is about the "evil EU" and the "degenerate left."
It could be an article about sports or cooking, it's still the EU or the left's fault somehow.
Security firm Group-IB has discovered a new Linux malware strain that has been secretly infecting systems since at least 2021.
Named Krasue, the malware is primarily used to serve as initial access for other cybercrime operations.
Group-IB says the botnet appears to have been created by the author of the infamous XorDDoS malware or at least by someone who had access to its original source code.
The CEO of the Bitzlato cryptocurrency exchange has pleaded guilty to money laundering-related charges
(this is the exchange used by Conti to convert stolen funds to rubles)
Top exploited CVEs, per Cisco Talos
CISA has published its second Secure by Design alert, with this one urging software developers to transition to memory-safe programming languages.
WordPress 6.4.2 is out.
It's a security update that fixes an extremely RCE in the CMS
DirectDefense have developed a three-exploit jailbreak for Chromecast
SecurityScorecard has identified six IP addresses used by Iranian group CyberAv3ngers to scan the internet for unsecured Unitronics PLCs.
The DOD IG has published a document with 24 recommendations for addressing cybersecurity vulnerabilities among DoD contractors.
-US government agencies lag on logging compliance
-Windows 10 gets three years of paid security updates
-Andariel steals South Korea's laser weapons secrets
-There are still 23,000 backdoored Cisco IOS XE devices
-New SLAM CPU attack disclosed
-15k Go packages vulnerable to repo-jacking
-1.6k Hugging Face API tokens leak online
-HIBP is 10 years now (Feel old yet?)
-ColdFusion zero-day exploited against US govt
New CPU attack just dropped: SLAM
CISA says a threat actor has compromised US govt systems via an Adobe Cold Fusion vulnerability.
The vuln was a zero-day when patched in March, but CISA says the attacks took place in June/July... so apply patches