Risky Bulletin New phishing technique bypasses FIDO keys
pIn other news Surveillance vendor deploys new SS7 exploit South Koreas largest insurance provider gets ransomed law enforcement agencies take down NoName057 serversppThis newsletter is brought to you by Zero Networks You can subscribe to an audio version of this newsletter as a podcast by searching for Risky Business in your podcatcher or subscribing via this RSS feed ppAt least one cybercrime group is using a new phishing technique that bypasses FIDO keys and grants attackers access to user accountsppThe new technique has been used in the wild by a threat actor known as PoisonSeedppEarlier this year the group was involved in phishing campaigns targeting the cryptocurrency community and designed to steal assets from their cryptowalletsppSecurity firm Expel says it believes the group has now developed a new technique that allows it to bypass FIDO keys and access accounts that were previously unreachableppThe technique doesnt exploit any vulnerability in the FIDO protocol but targets gaps in how online user authentication services are designedppThe technique is hard to explain but once you understand it you appreciate its simplicity Ill just try to simplify it as much as possible in the steps below Expel also has an infographic that takes you through all the stepsppThis new phishing technique resembles the structure of AttackerintheMiddle phishing kits that have been using reverse proxies to intercept SMS MFA challenges for the past decadeppIt also vaguely resembles or at least is inspired by a similar technique described by Tobia Righi back in FebruaryppExpel says that while the PoisonSeed is known for crypto thefts this technique can be easily repurposed for any type of target that was previously thought to be unphishable because of active FIDO keysppIn this edition of Seriously Risky Business Tom Uren and Amberleigh Jack talk about Huaweis contract to manage storage for Spains lawful intercept system News broke this week that Spain had signed a 12 million contract but it turns out Huawei has been involved in the system since 2004ppSouth Koreas largest insurer ransomed South Koreas largest insurance company got hit by ransomware on Monday The incident has severely disrupted the activity of Seoul Guarantee Insurance The company has been issuing handwritten loan guarantees to customers all week as it works to restore affected systems This is the third major South Korean company to experience severe business disruptions this year due to a cyberattack The countrys largest telecom and its largest online bookstore suffered similar disruptions Additional coverage in the Korea HeraldppUAP ransomware attack The United Australia Party has fallen victim to a ransomware attack The incident took place on June 23 The AUP says hackers exfiltrated data from their servers The data includes personal data banking records and employee details The stolen files also included data from the Trumpets of Patriots party Both parties were founded by Australian mining magnate Clive PalmerppUNF loses 400mil from ransomware attack Grocery distributor United Natural Foods expects to lose up to 400 million in sales this year due to a cyberattack The company fell victim to a ransomware attack last month and took multiple systems offline for days The downtime affected its ability to fulfill and distribute customer orders Additional coverage in SecurityWeekppQantas gets an injunction for its hacked data Australian airline Qantas has obtained an injunction to prevent individuals and organizations from using or publishing data stolen in a recent ransomware attack The court injunction suggests the company is not willing to pay the ransom and is expecting the hackers to leak the data No ransomware group has taken credit for the incident so far Additional coverage in CyberDailyppUK MoD leak exposed spies and special forces A data breach that exposed the names of Afghans who helped the UK military during the Afghan war was far larger than previously thought The leak also exposed the personal data of UK spies and special forces A small number of senior military officials MPs and other government officials were also affected According to the BBC the leak originated at the UK Special Forces headquarters The incident took place in 2023 and was kept secret until this week through a special superinjunctionppSeychelles Commercial Bank confirms hack Hackers have stolen customer data from the Seychelles Commercial Bank The organization confirmed the breach in a notification sent to customers last Friday The bank said no money was stolen in the incident A hacker is allegedly trying to extort the bank which has refused to engage in negotiations so far Additional coverage in BankInfoSecurityppAir Serbia hacked Hackers have breached Serbias national airline Air Serbia IT staff have been allegedly working for days to recover systems although no flights were delayed Additional coverage in InsajderppBigONE cryptoheist Hackers have breached and stolen 27 million worth of cryptoassets from the BigONE cryptocurrency exchange The funds were stolen from one of the companys hot wallets on Wednesday BigONE promised to reimburse any affected userppCloudflare starts blocking piracy sites Cloudflare has given in to pressure and is now helping the UK government block access to piracy sites within the UK Additional coverage in TorrentFreakppEU stalls Twitter investigation The EU has effectively stopped its investigation into Twitter for breaking the EU DSA following pressure from the White House Additional coverage in ReutersppRoblox to test face age estimation tech The Roblox video game will test a new technology that can estimate a users age based on a facial scanppSteam bans thousands of games Valve has banned thousands of games from Steam following pressure from payment providers Most of the games contain adult content Additional coverage in EurogamerppExchange gets 6 months of ESUs Microsoft will provide extended security updates for Microsoft Exchange 2016 and 2019 servers for six months past their EOL date of October 14 this year Security updates will be available until April 14 2026 The news comes after Microsoft said two weeks ago it was not planning on offering ESUs for these two productsppEU imposes new sanctions on Russias propaganda machine The European Union has imposed new sanctions on Russias propaganda machine New sanctions were imposed on the Russian Television and Radio Broadcasting Network and the MD24 TV station in Moldova Sanctions were also levied against Simeon Boikov an Australian blogger known as Aussie Cossack The EU also sanctioned TigerWeb a Crimeabased company behind an influence operation known as Portal KombatppUS House hearing on Stuxnet Its the year of the lord 2025 and the US House Homeland Committee is holding a hearing on the old Stuxnet attacks Lawmakers hope the operations lessons might guide new legislation in the field of critical infrastructure Well if a Stuxnet meeting is gonna get ICS operators to patch then have all the Stuxnet meetings you want Additional coverage in CyberScoopppFCC to ban Chinese gear in submarine cables The US FCC wants to ban companies from using Chinese equipment when laying out new submarine cables Additional coverage in The RecordppAustralia will establish a cyber reserves force The Australian government will establish a cyber reserves branch as part of its defense forces The new branch will be made up of civilian cybersecurity experts and will focus on defending Australias critical networks The new force is expected to launch early next year Additional coverage in DefenceConnectppRussia to fine improper web searches The Russian Duma passed a new law this week that criminalizes searching the internet for what the government considers extremist content Russians can be fined up to 65 for searching for prohibited content This includes search terms related to the LGBTQ movement terrorist groups and fascist ideology Fines will also be imposed for users searching for VPNs and other censorship evasion technologies Additional coverage in Forbes RussiaEnglish coverage in the Washington PostppNew advances in internet censorship Punishment not for saying the wrong things online but just for searching for themppIn this Risky Bulletin sponsor interview Zero Networks Field CTO Chris Boehm discusses the everyonegetsanAI future with Casey Ellis Zero Networks makes network microsegmentation achievable without simply handing an AI control of the network Will generative artificial intelligence ever be trusted to make hard access control decisionsppEuropol disrupts NoName05716 An international law enforcement operation has disrupted the activity of proKremlin hacktivist group NoName05716 Authorities seized over 100 servers detained two members and issued arrests for seven other individuals The NoName057 launched after Russias invasion of Ukraine and carried out thousands of DDoS attacks against Western countries It used Telegram channels and a gamified experience to recruit new individuals to its cause Authorities say theyve identified more than 1000 supporters and notified them of possible legal repercussions Press releases from Europol Dutch police Swedish police Swiss police German policeppwhoa r u telling me criminals had an association with the state shocked pikachuppRyuk member extradited to US The US has extradited an Armenian national from Ukraine for his role in Ryuk ransomware attacks Karen Serobovich Vardanyan was part of a group that extorted over 15 million from victims The group also included another Armenian and two Ukrainians The Armenian was arrested in France and is still subject to extradition proceedingsppScattered Spider members released on bail A British court has released four members of the Scattered Spider group on bail The four were arrested last week Theyve been charged with hacking UK retailers Marks Spencer Coop and Harrods Additional coverage in Nation Cymru ht Kevin BeaumontppCambodia detains 1k scammers Cambodian authorities have arrested more than 1000 suspects linked to online scams and cybercrime operations Police raids took place across six provinces between Monday and Wednesday Prime Minister Hun Manet ordered government bodies to crack down on cybercrime operations following pressure from international partners According to the Camboja News major scam compounds connected to political elites remain untouchedppCAMBODIA English translation of PM order that was leaked before the wave of scam compound raids that have taken place in recent days 12 wwwkhmertimeskhcom501718152roppThai scam center raids Thai officials have raided properties connected to a Cambodian senator and business tycoon in connection with a local network of cyber scam call centers Additional coverage in the Bangkok PostppBelgium uses bread bags to warn about cybercrime Belgian authorities are using messages printed on bread bags to warn the elderly about cybercrime threats Police have distributed more than 10000 bags to bakers across the Pajottenland region as part of a recent experiment The bags contain tips on dealing with scammers who request PINs and passwords Additional coverage in VRTppGoogle sues BADBOX botnet Google has filed a lawsuit against the operators of the BADBOX botnet The group is known for infecting Androidbased smart TVs with malware that engages in ad fraud The botnet is believed to have infected over 10 million devicesppAbacus Market exit scam According to TRM Labs the Abacus dark web market appears to have exitscammed Abacus was one of the largest marketplaces on the dark web before its disappearanceppSurveillance vendor deploys new SS7 exploit A mobile surveillance vendor is exploiting a vulnerability in the SS7 telecommunications protocol The exploit allows the attacker to bypass SS7 security defenses and trick mobile operators into disclosing a subscribers location ENEA has seen attacks dating back to the last quarter of 2024 ht Cathal McDaidppNew Massistant phone forensics tool Chinese authorities are using a new forensics toolkit to extract data from seized Android phones The new Massistant tool is allegedly used at border checkpoints and by local police forces It can extract geolocation data images SMS messages contacts and data from thirdparty messaging apps According to mobile security firm Lookout Massistant appears to be the successor of a previous tool used by authorities named MFSocketppFortinet shells in the wild Security researchers have found webshells on almost 80 Fortinet FortiWeb firewalls The Shadowserver Foundation believes the webshells were installed after hackers exploited a recently patched vulnerability CVE202525257 The bug is a preauth SQL injection in the firewalls web panel Fortinet has not yet confirmed inthewild exploitationppUNC6148 targets SonicWall SMAs A hacking group linked to ransomware attacks is targeting SonicWall SMA appliances again Google says the group is using credentials and onetime password seeds stolen during previous intrusions to gain access even to fullypatched devices The group deploys a new backdoor and usermode rootkit named OVERSTEP to modify the boot process and hide its components Google tracks the attackers as UNC6148 They were previously linked to attacks with the Abyss ransomwareppcloudgooglecomblogtopics
An interesting ongoing deployment of a backdoor for older SonicWall appliances documented by Mandiant
According to the report it is assumed to be linked to criminal activities not spying which kind of rare for network device backdooringppSilverFox ops The DomainTools analyzes infrastructure used by the SilverFox threat actor to target users in China with Windows malware This is part three of a deeper analysis of Chinese malware opsppLARVA208 switches to Web3 devs A known ransomware IAB and affiliate specialized in phishing operations and known as LARVA208 and EncryptHub is now targeting Web3 crypto devsppOcto Tempest Microsoft has published a blog post with new TTPs from Octo Tempest Scattered Spider attacksppBaqiyatlock313 ransomware A proPalestine hacktivist group named Liwaa Mohammad has launched its own ransomware strain named Baqiyatlock313ppMaison Receipts service GroupIB profiles Maison Receipts a service for generating fake receipts for major retail brands The service is used by groups that sell counterfeit products or online scammers who run fake shopping portalsppNew protestware spreads on npm AntiRussian protestware has been spotted in 28 npm packages The libraries contain hidden functionality that activates for Russianlanguage users visiting Russian domains in a browser The code breaks the websites or prevents them from loading According to Socket Security some libraries disclose their behavior while others do notppCryptojacking is still alive Security firm cside has spotted new websites engaged in cryptojackinginbrowser cryptomining Since cryptojacking is banned in web browsers this one tried a stealthier approach via WebAssemblyppPQC support in SSH servers According to a new Forescout report only 6 of over 186 million SSH servers today use postquantum cryptographic algorithmsppMore MaaS platforms used to target Ukraine Cisco Talos warns that more MaaS platforms are now being used to target Ukrainian organizations Initial abuse included SmokeLoader and RomCom but this has now expanded to Amadey and EmmenhtalppCryptothefts this year reach 217b Hackers and scammers have stolen over 217 billion in crypto assets in the first half of this year The sum is already larger than last years total but most of it is just one hackthe DPRKs 15 billion ByBit hackppKatz Stealer SentinelOne has published a profile and a technical breakdown of Katz Stealer an infostealer offered through a MaaS model advertised on hacking forums Discord and Telegram for prices ranging from 50 to 360monthppLinuxsys cryptominer Cybercriminals are exploiting an old 2021 vulnerability to break into Apache HTTP servers and deploy a cryptominer known as LinuxsysppNew Matanbuchus 30 Threat actors are using unsolicited Microsoft Teams calls to trick corporate employees into infecting themselves with malware The attackers pose as tech support staff and guide employees through the process The final payload is version 30 of the Matanbuchus malware which launched earlier this monthppKawa ransomware Trustwave has published a technical analysis of Kawa a new ransomware operation that launched at the end of June The ransomware uses a leak site similar to Akira and a ransom note similar to Qilin but no other tangible connections have been spottedppZero Networks is offering a comprehensive guide that highlights the growing importance of advanced microsegmentation in a security landscapeppRainbow Hyena An unidentified hacktivist group which BIZONE calls Rainbow Hyena is targeting Russian healthcare and IT organizations with phishing campaignsppUAC0001 CERTUA has spotted new UAC0001 APT28 activity This campaign uses spearphishing to distribute a version of the LAMEHUG malwareppRussias infoops in the occupied territories The Russian government has flooded social media communities in occupied Ukrainian territories The Atlantic Council has spotted over 3600 automated accounts that post proRussian comments on local Telegram channels The messages are designed to encourage gratitude and loyalty to Russia and to blame Ukraines government for the war The same network was also spotted spamming local Telegram communities inside RussiappOperation Overload infoops ISD Global says social media networks such as BlueSky TikTok and Twitter have heavily cracked down on Operation Overload a Russian influence operation also known as Matryoshka and Storm1679 that currently targets MoldovappGhostContainer backdoor Kaspersky has discovered GhostContainer a backdoor planted on Microsoft Exchange servers by a suspected APT operationppUNG0002 campaign across Asia Seqrite has spotted a sprawling APT campaign targeting multiple Asian jurisdictions including China Hong Kong and PakistanppThree Chinese groups target Taiwan Multiple suspected Chinese espionage groups have been seen targeting Taiwans semiconductor industry according to a new Proofpoint report The groups have been identified as UNKDropPitch UNKSparkyCarp and UNKFistBumpppNew from the one and only punking mkyobskysocial on the increased and ongoing Chinese targeting of semiconductorrelated organisations in Taiwan Edge device exploitation may be the TTP of the moment but Chinese groups still go phishing when the chips are down wwwproofpointcomusblogthreppChrome zeroday Google has released a security update to patch an actively exploited Chrome zeroday Tracked as CVE20256558 the vulnerability is a sandbox escape via an exploit in Chromes WebGL and GPU components It was discovered by Googles own security team and appears to be part of an exploit chain together with another zeroday patched earlier this month It is the fifth Chrome zeroday patched this yearppCitrixBleed 2 exploitation GreyNouse says it saw attacks exploiting the CitrixBleed 2 vulnerability two weeks before a public PoC was published on July 4ppTeleMessage exploitation The same GreyNoise has also spotted mass reconnaissance and exploitation activity for CVE202548927 a vulnerability in the Signal backup tool TeleMessage SGNLppOCI Code Editor RCE Tenables research team has discovered a remote code execution vulnerability in the Oracle Cloud Infrastructure Code Editor that can be exploited to hijack a customers Cloud Shell environment This is now patchedppGolden dMSA attack Semperis researchers have found a design flaw in the Windows Server 2025 delegated Managed Service Accounts dMSAs The flaw codenamed Golden dMSA simplifies the bruteforce generation of passwords for all dMSA usersppVulnerable Bluebird preinstalled apps Polands CERT says three apps preinstalled on Bluebird smartphones contain vulnerabilities that enable local attacksppATEN KVM switch vulnerabilities Russian security firm Positive Technologies has found three vulnerabilities in ATEN KVM switches The devices allow operators to control multiple networking devices from the ATEN device The vulnerabilities allow attackers to take control of all connected devicesppNVIDIAScape vulnerability Googles Wiz team has discovered a container escape vulnerability in the NVIDIA Container Toolkit NCT The toolkit is a sandboxing technology for NVIDIA GPUs on Linux and powers many AI services across cloud platforms According to Wiz the NVIDIAScape vulnerability allows a malicious container to bypass isolation and gain root access to the host machineppCisco security updates Cisco has released four security advisories for various productsppBIND security updates ISC has released two security advisories for the BIND DNS resolver ht cR0wppOracle CPU The quarterly Oracle security updates are out with patches for 309 vulnerabilities Qualys and Tenable have breakdowns of the fixesppAcquisition news Asset management company Lansweeper has acquired asset discovery platform RedjackppNew toolWAF Detector Cloud security engineer Ammar Alim has released WAF Detector a tool for detecting and testing Web Application Firewalls WAFs and Content Delivery Networks CDNsppThreattrend reports Chainalysis Contrast Security Elliptic ENISA Forescout ISC2 Knostic Pew Research and SpecOps have recently published reports and summaries covering various infosec trends and industry threatsppIn this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy Could they get more bang for the buck if they adopted a devilmaycare attitude to getting bustedppIn other news UK wants to ban some ransomware payments Russia takes down a malware operation South Korea arrests Kpop celebrity data sellersppIn other news Chinese hackers breach Singapore critical infrastructure new SharePoint and CrushFTP zerodays Japan releases free decrypters for Phobos and 8base ransomwareppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray Its supported by Lawfare with help from the William and Flora Hewlett Foundation This weeks edition is sponsored by Zero Networks
You can hear a podcast discussion ofppIn other news Ukrainian hackers wipe servers of Russian UAV maker UK relocates Afghans who helped military after data leak Microsoft outsources US government work to Chinapp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp
An interesting ongoing deployment of a backdoor for older SonicWall appliances documented by Mandiant
According to the report it is assumed to be linked to criminal activities not spying which kind of rare for network device backdooringppSilverFox ops The DomainTools analyzes infrastructure used by the SilverFox threat actor to target users in China with Windows malware This is part three of a deeper analysis of Chinese malware opsppLARVA208 switches to Web3 devs A known ransomware IAB and affiliate specialized in phishing operations and known as LARVA208 and EncryptHub is now targeting Web3 crypto devsppOcto Tempest Microsoft has published a blog post with new TTPs from Octo Tempest Scattered Spider attacksppBaqiyatlock313 ransomware A proPalestine hacktivist group named Liwaa Mohammad has launched its own ransomware strain named Baqiyatlock313ppMaison Receipts service GroupIB profiles Maison Receipts a service for generating fake receipts for major retail brands The service is used by groups that sell counterfeit products or online scammers who run fake shopping portalsppNew protestware spreads on npm AntiRussian protestware has been spotted in 28 npm packages The libraries contain hidden functionality that activates for Russianlanguage users visiting Russian domains in a browser The code breaks the websites or prevents them from loading According to Socket Security some libraries disclose their behavior while others do notppCryptojacking is still alive Security firm cside has spotted new websites engaged in cryptojackinginbrowser cryptomining Since cryptojacking is banned in web browsers this one tried a stealthier approach via WebAssemblyppPQC support in SSH servers According to a new Forescout report only 6 of over 186 million SSH servers today use postquantum cryptographic algorithmsppMore MaaS platforms used to target Ukraine Cisco Talos warns that more MaaS platforms are now being used to target Ukrainian organizations Initial abuse included SmokeLoader and RomCom but this has now expanded to Amadey and EmmenhtalppCryptothefts this year reach 217b Hackers and scammers have stolen over 217 billion in crypto assets in the first half of this year The sum is already larger than last years total but most of it is just one hackthe DPRKs 15 billion ByBit hackppKatz Stealer SentinelOne has published a profile and a technical breakdown of Katz Stealer an infostealer offered through a MaaS model advertised on hacking forums Discord and Telegram for prices ranging from 50 to 360monthppLinuxsys cryptominer Cybercriminals are exploiting an old 2021 vulnerability to break into Apache HTTP servers and deploy a cryptominer known as LinuxsysppNew Matanbuchus 30 Threat actors are using unsolicited Microsoft Teams calls to trick corporate employees into infecting themselves with malware The attackers pose as tech support staff and guide employees through the process The final payload is version 30 of the Matanbuchus malware which launched earlier this monthppKawa ransomware Trustwave has published a technical analysis of Kawa a new ransomware operation that launched at the end of June The ransomware uses a leak site similar to Akira and a ransom note similar to Qilin but no other tangible connections have been spottedppZero Networks is offering a comprehensive guide that highlights the growing importance of advanced microsegmentation in a security landscapeppRainbow Hyena An unidentified hacktivist group which BIZONE calls Rainbow Hyena is targeting Russian healthcare and IT organizations with phishing campaignsppUAC0001 CERTUA has spotted new UAC0001 APT28 activity This campaign uses spearphishing to distribute a version of the LAMEHUG malwareppRussias infoops in the occupied territories The Russian government has flooded social media communities in occupied Ukrainian territories The Atlantic Council has spotted over 3600 automated accounts that post proRussian comments on local Telegram channels The messages are designed to encourage gratitude and loyalty to Russia and to blame Ukraines government for the war The same network was also spotted spamming local Telegram communities inside RussiappOperation Overload infoops ISD Global says social media networks such as BlueSky TikTok and Twitter have heavily cracked down on Operation Overload a Russian influence operation also known as Matryoshka and Storm1679 that currently targets MoldovappGhostContainer backdoor Kaspersky has discovered GhostContainer a backdoor planted on Microsoft Exchange servers by a suspected APT operationppUNG0002 campaign across Asia Seqrite has spotted a sprawling APT campaign targeting multiple Asian jurisdictions including China Hong Kong and PakistanppThree Chinese groups target Taiwan Multiple suspected Chinese espionage groups have been seen targeting Taiwans semiconductor industry according to a new Proofpoint report The groups have been identified as UNKDropPitch UNKSparkyCarp and UNKFistBumpppNew from the one and only punking mkyobskysocial on the increased and ongoing Chinese targeting of semiconductorrelated organisations in Taiwan Edge device exploitation may be the TTP of the moment but Chinese groups still go phishing when the chips are down wwwproofpointcomusblogthreppChrome zeroday Google has released a security update to patch an actively exploited Chrome zeroday Tracked as CVE20256558 the vulnerability is a sandbox escape via an exploit in Chromes WebGL and GPU components It was discovered by Googles own security team and appears to be part of an exploit chain together with another zeroday patched earlier this month It is the fifth Chrome zeroday patched this yearppCitrixBleed 2 exploitation GreyNouse says it saw attacks exploiting the CitrixBleed 2 vulnerability two weeks before a public PoC was published on July 4ppTeleMessage exploitation The same GreyNoise has also spotted mass reconnaissance and exploitation activity for CVE202548927 a vulnerability in the Signal backup tool TeleMessage SGNLppOCI Code Editor RCE Tenables research team has discovered a remote code execution vulnerability in the Oracle Cloud Infrastructure Code Editor that can be exploited to hijack a customers Cloud Shell environment This is now patchedppGolden dMSA attack Semperis researchers have found a design flaw in the Windows Server 2025 delegated Managed Service Accounts dMSAs The flaw codenamed Golden dMSA simplifies the bruteforce generation of passwords for all dMSA usersppVulnerable Bluebird preinstalled apps Polands CERT says three apps preinstalled on Bluebird smartphones contain vulnerabilities that enable local attacksppATEN KVM switch vulnerabilities Russian security firm Positive Technologies has found three vulnerabilities in ATEN KVM switches The devices allow operators to control multiple networking devices from the ATEN device The vulnerabilities allow attackers to take control of all connected devicesppNVIDIAScape vulnerability Googles Wiz team has discovered a container escape vulnerability in the NVIDIA Container Toolkit NCT The toolkit is a sandboxing technology for NVIDIA GPUs on Linux and powers many AI services across cloud platforms According to Wiz the NVIDIAScape vulnerability allows a malicious container to bypass isolation and gain root access to the host machineppCisco security updates Cisco has released four security advisories for various productsppBIND security updates ISC has released two security advisories for the BIND DNS resolver ht cR0wppOracle CPU The quarterly Oracle security updates are out with patches for 309 vulnerabilities Qualys and Tenable have breakdowns of the fixesppAcquisition news Asset management company Lansweeper has acquired asset discovery platform RedjackppNew toolWAF Detector Cloud security engineer Ammar Alim has released WAF Detector a tool for detecting and testing Web Application Firewalls WAFs and Content Delivery Networks CDNsppThreattrend reports Chainalysis Contrast Security Elliptic ENISA Forescout ISC2 Knostic Pew Research and SpecOps have recently published reports and summaries covering various infosec trends and industry threatsppIn this edition of Between Two Nerds Tom Uren and The Grugq examine whether US cyber operations are too stealthy Could they get more bang for the buck if they adopted a devilmaycare attitude to getting bustedppIn other news UK wants to ban some ransomware payments Russia takes down a malware operation South Korea arrests Kpop celebrity data sellersppIn other news Chinese hackers breach Singapore critical infrastructure new SharePoint and CrushFTP zerodays Japan releases free decrypters for Phobos and 8base ransomwareppYour weekly dose of Seriously Risky Business news is written by Tom Uren and edited by Patrick Gray Its supported by Lawfare with help from the William and Flora Hewlett Foundation This weeks edition is sponsored by Zero Networks
You can hear a podcast discussion ofppIn other news Ukrainian hackers wipe servers of Russian UAV maker UK relocates Afghans who helped military after data leak Microsoft outsources US government work to Chinapp
Risky Business publishes cybersecurity newsletters and podcasts for security professionals
ppp
