- A UN committee is struggling to define what cybercrime is in upcoming treaty
January 10, 2023
A United Nations committee – whose members include delegates from the U.S., China and Russia — is meeting throughout this week and next to continue negotiations for a new international cybercrime treaty. Why it matters: The finished UN cybercrime treaty will jumpstart a wave of new laws around the world based on the agreed-upon principles in ...
- Pakistan’s government to agencies: Dark web is dangerous, please don’t go there
January 10, 2023
Pakistan’s government has warned its agencies that the dark web exists, is home to all sorts of unpleasant people, and should be avoided. That revelatory information was delivered last week in a cabinet advisory titled “Leakaqe of Sensitive Data on Dark Web (AdvisorvNo.53)” that was issued without fanfare. Much of the document is anodyne, pointing out ...
- NATO and European Union leadership sign third joint declaration
January 10, 2023
NATO Secretary General Jens Stoltenberg, the President of the European Council, Charles Michel, and the President of the European Commission, Ursula von der Leyen, met on Tuesday (10 January 2023) at NATO Headquarters to sign the third Joint Declaration on NATO-European Union cooperation. Speaking at a joint press conference, Mr Stoltenberg said: “we are determined to ...
- How much security is enough?
January 9, 2023
According to a prominent Soviet science fiction writer, beauty is a fine line, a razor’s edge between two opposites locked in a never-ending battle. Today, we would put it less poetically as an ideal compromise between contradictions. An elegant, or beautiful, design is one that allows reaching that compromise. As an information security professional, I like ...
- Russian troll farms didn’t sway voters in 2016 election
January 9, 2023
A new in-depth study has concluded that the Russian government’s efforts to deploy troll farms on Twitter to sway the 2016 election did not have any measurable impact on the outcome of that race. The U.S. government has been largely united in its assessment that the Kremlin attempted to use online proxies and false internet personas ...
- Iowa’s largest city cancels classes due to cyber attack
January 9, 2023
Iowa’s largest school district cancelled classes for Tuesday after determining there was a cyber attack on its technology network. Des Moines Public Schools announced Monday that classes would be cancelled for its 33,000 students after being “alerted to a cyber security incident on its technology network.” The district said in a news release that it took its ...
- Microsoft: Kubernetes clusters hacked in malware campaign via PostgreSQL
January 9, 2023
The Kinsing malware is now actively breaching Kubernetes clusters by leveraging known weaknesses in container images and misconfigured, exposed PostgreSQL containers. While these tactics aren’t novel, Microsoft’s Defender for Cloud team reports they have seen an uptick lately, indicating that the threat actors are actively looking for specific entry points. Kinsing is a Linux malware with a ...
- Darknet drug markets move to custom Android apps for increased privacy
January 9, 2023
Online markets selling drugs and other illegal substances on the dark web have started to use custom Android apps for increased privacy and to evade law enforcement. Besides ordering, these apps allow shop clients to communicate with drug vendors and provide specific courier instructions for delivery. This new trend has been observed by analysts at Resecurity around ...
- US Supremes deny Pegasus spyware maker’s immunity claim
January 9, 2023
The US Supreme Court has quashed spyware maker NSO Group’s argument that it cannot be held legally responsible for using WhatsApp technology to deploy its Pegasus snoop-ware on users’ phones. Facebook and its WhatsApp subsidiary sued the notorious Isreal-based software company in 2019, alleging that NSO exploited a zero-day bug in WhatsApp to remotely drop Pegasus ...
- Malicious PyPi packages create CloudFlare Tunnels to bypass firewalls
January 7, 2023
Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access. The malicious packages attempt to steal sensitive user information stored in browsers, run shell commands, and use keyloggers to steal typed secrets. The six packages were discovered ...
- Chinese researchers’ claimed quantum encryption crack looks unlikely
January 7, 2023
Briefly this week, it appeared that quantum computers might finally be ready to break 2048-bit RSA encryption, but that moment has passed. The occasion was the publication of an academic paper by no less than two dozen authors affiliated with seven different research institutions in China. The paper, titled “Factoring integers with sublinear resources on a superconducting ...