Passer au contenu principal

Mid-July, 2024: The Inaugural Newsletter

Audio format will be available on both the Steady and Spotify/general publication RSS feed within 48 hours of this email. If you’re reading this after 15 July, 2024, the audio version may be attached at the bottom of this (opens in a new window):

🦉 July’s Note:

This newsletter should be going out about a month before the website hits its second birthday. While the project was never originally conceived to be that consistent, my love for the work, as well as my background in the field have only grown. The desire to make this a viable career is pretty settled at this point.

My goal is to take the blog and the podcast to the next level (again—I feel like I say something along those lines twice a year), as a compromise between my day job, education, and this outlet gets closer to being in-sight. By the time next month’s newsletter drops, there will be a roadmap that I’m comfortable sharing with everyone.

As it says up top, if you’re reading this, I wanted to thank you for all of your support and the energy you’ve spent providing me with feedback, reading my articles, and genuinely just making it feel like I’m not writing into the void.

🦉 Before we get started: I linked to this organization in the last article, but please consider donating to the World Central Kitchen (S'ouvre dans une nouvelle fenêtre). They’re one of a handful of organizations left still trying to work in Gaza. They take donations in a number of formats, including PayPal tips and crypto.

World Central Kitchen has resumed operations in Gaza following the April 1, 2024 Israeli Defense Forces attack that killed seven team members.

This Month’s Releases

🦉 Virtual Verity Podcast: My current series, El Salvador’s Chivo Wallet Hack[s], is ongoing. My hope is that the whole story should be wrapped up by the fourth episode, but there’s a lot to get into. Episode 2 should have dropped shortly before this newsletter, after a long wait. Episode 3 is being cut as I write this.

(S'ouvre dans une nouvelle fenêtre)

🦉 Blog Articles:

SiegedSec Promising “Seven Days of Siege”, Supply Chain Attacks Against Israel (S'ouvre dans une nouvelle fenêtre)

From June 3rd-10th, the mixed-bag threat actor, SiegedSec, claims to have begun releasing new data from breaches related to their hacktivism against organizations accused of aiding Israel. After publishing the article, the group also alleged an attack on NATO, an old favorite of theirs.

The group’s final target drew attention from the mainstream media, as they allegedly breached The Heritage Foundation. After this breach, the group called it quits in a statement over Telegram, and founder, “Vio”, participated in a Reddit AMA (S'ouvre dans une nouvelle fenêtre) in the meantime.

However, a long-Tweet by VX-underground (S'ouvre dans une nouvelle fenêtre) attempted to shed some light on the groups’ claims.

Ukrainian “Cyber Resistance” Hackers Leak Months Of Medvedev Email Communication To InformNapalm (S'ouvre dans une nouvelle fenêtre)

On June 27th, Ukrainian hackers from the "Кібер Спротив" (Cyber Resistance) team have leaked a trove of internal communications belonging to former Russian president and current Chairman of Russia's Security Council, Dmitry Medvedev.

The communications largely revolve around Medvedev’s talking points at various public appearances, but also discuss many details of Russia’s ongoing ambitions in the Arctic.

What’s In The News? - What I’ve Been Reading

🦉 US Senators Secretly Work to Block Safeguards Against Surveillance Abuse (S'ouvre dans une nouvelle fenêtre) read on Wired, by Dell Cameron

Efforts by the U.S. Senate to introduce new safeguards against misuse of the Foreign Intelligence Surveillance Act (FISA) have stalled due to objections from at least two Republican senators. The Senate Intelligence Committee had approved provisions to limit the scope of wiretap orders and ensure civil liberties advisors are consulted more reliably in FISA cases. However, objections have been raised over concerns that these changes could slow down intelligence operations and grant excessive rights to foreign nationals. This dispute threatens to derail reforms intended to protect Americans' privacy and could impact the future trust in intelligence oversight.

🦉 The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did. (S'ouvre dans une nouvelle fenêtre)read on ProPublica by Craig Silverman

By not investigating the Microsoft software weakness critical to the SolarWinds hack, the Cyber Safety Review Board missed an opportunity to prevent future attacks, according to experts. Despite an executive order to review the SolarWinds incident, the board, housed within the Department of Homeland Security, never conducted a public investigation into Microsoft’s role. Critics argue this oversight left U.S. systems vulnerable, as evidenced by a subsequent Chinese hack exploiting Microsoft flaws. The board's limited independence and lack of subpoena power have hindered its effectiveness, raising calls for it to be restructured as an independent agency with full investigative authority.

🦉 CISA Released an advisory on Chinese-state Backed APT 40 (S'ouvre dans une nouvelle fenêtre)

The advisory, authored by multiple national cybersecurity agencies, details the threat posed by a PRC state-sponsored threat actor, identified as Advanced Persistent Threat (APT) 40, to Australian and other international networks. APT40 is known for targeting various organizations using techniques that exploit vulnerabilities in public-facing infrastructure rather than user interaction methods like phishing.

Since its inception in 2013, APT40 has targeted entities crucial to China's Belt and Road Initiative and naval modernization efforts, including engineering, transportation, and defense sectors, with a particular interest in maritime technologies. They have also targeted research centers and universities involved in naval research to access advanced technologies for the Chinese naval industry. The group has used compromised devices, including end-of-life or unpatched SOHO devices, as operational infrastructure to blend in with legitimate traffic and evade detection.

🦉 Avast releases free decryptor for DoNex ransomware and past variants (S'ouvre dans une nouvelle fenêtre) read on BLEEPINGCOMPUTER, by Bill Toulas

Avast has discovered a vulnerability in the cryptographic scheme of the DoNex ransomware family and released a decryptor, allowing victims to recover their files for free. The company, which had been working with law enforcement to privately distribute the decryptor since March 2024, decided to make it public following a disclosure at the Recon 2024 cybersecurity conference.

DoNex, a rebrand of the DarkRace and Muse ransomware, encrypts files using a ChaCha20 symmetric key, which is then encrypted with RSA-4096. Avast identified a flaw in this process, affecting all DoNex variants, including a fake Lockbit 3.0-branded variant from November 2022. This vulnerability, which may involve issues like key reuse or predictable generation, allows decryption without paying a ransom.

The decryptor tool, available from Avast, requires a pair of encrypted and original files, and works best with large example files to maximize the size of files that can be decrypted. Users are advised to back up their encrypt ed files before using the tool to prevent potential corruption.

🦉Other Important Stories

Global Tech systems worldwide are fueling gender inequalities (S'ouvre dans une nouvelle fenêtre) a briefing by Amnesty International

U.S. Nuke Agency Buys Internet Backbone Data (S'ouvre dans une nouvelle fenêtre) read on 404 Media, by Joseph Cox

Supreme Court Ruling Threatens the Framework of Cybersecurity Regulation (S'ouvre dans une nouvelle fenêtre) read on Security Week, by Kevin Townsend

AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (S'ouvre dans une nouvelle fenêtre) read on Wired, by Kim Zetter

Well-Established Cybercriminal Ecosystem Blooming in Iraq (S'ouvre dans une nouvelle fenêtre) read on DarkReading,by Tara Seals

Facebook ads for Windows desktop themes push info-stealing malware (S'ouvre dans une nouvelle fenêtre) read on BLEEPINGCOMPUTER, by Lawrence Abrams

Crypto Researcher and Software Engineer, Molly White, Launches her new Follow the Crypto project (S'ouvre dans une nouvelle fenêtre)

Kaspersky Lab Closing U.S. Division; Laying Off Workers (S'ouvre dans une nouvelle fenêtre) read on Zero Day, by Kim Zetter

9.4 GB Twitter Data Leaked – Over 200 Million Records Exposed Online (S'ouvre dans une nouvelle fenêtre) read on Cyber Press, by Balaji

Housekeeping

🦉 New Toys

This newsletter is essentially going to take over the “news and housekeeping” sections on the earliest episodes of the Virtual Verity podcast. What I’m hoping is that this will give the podcast 1: a more fluid production schedule, and 2: the ability to feel relevant, even as more time has gone on.

This is something that I’ve noticed with the “mini-episodes”, based on some of my feature articles: they draw a lot more attention, and people seem to enjoy not having to skip through a rundown of news that they might already be aware of at the time, or has completely timed out of relevance.

This newsletter is being managed by Steady, who will also be managing my monetization scheme when that finally rolls out. Think of them as less-awful German Patreon. That said, please let me know if you’re having any sort of performance or mechanical issues with the newsletter, or any input on the website.

Oh yeah! And if you’ve been following the website for a while, I just gave it a big facelift. It should look a lot more “unhinged”, but I still want it to be usable. The old theme was just getting a little too clunky, and I figured if there was going to be a sort-of new “soft launch” of the blog, it was time to make a change.

🦉 Reach Out, but I don’t want your money (yet)!

At the moment, please don’t put any thought into paying me for this work. Until I know I can provide something that’s up to the standards and consistency that you deserve, it wouldn’t feel right.

I still maintain that I do not want to get involved with the bold, new Twitter. As a matter of fact, if you see me posting on anything other than Bluesky (S'ouvre dans une nouvelle fenêtre) or Mastodon (S'ouvre dans une nouvelle fenêtre), it’s probably a new tool I use called OnlySocial (S'ouvre dans une nouvelle fenêtre), which manages my re-sharing and baseline promo. You will probably not reach me in a timely manner if you don’t get me on one of those two platforms, or the blog’s email (S'ouvre dans une nouvelle fenêtre). I’m trying to get better about Telegram, but it’s touchy.

I appreciate any feedback that you have, and the time you’ve put into reading this thing. Until next month… or the next podcast episode… or the next article!

Sujet Newsletter Archive

0 commentaire

Vous voulez être le·la premier·ère à écrire un commentaire ?
Devenez membre de The Moloch et lancez la conversation.
Adhérer