UN Investigating 58 crypto heists linked to North Korea’s Cyberattacks
A United Nations panel is investigating a series of cyberattacks allegedly conducted by North Korea. The report, released in March 2024, details how these attacks, carried out between 2017 and 2023, netted an estimated $3 billion for the regime. From the UN report: The Panel is investigating 58 suspected cyberattacks by the Democratic People’s Republic […]
Tor releases WebTunnel to bypass censorship by mimicking HTTPS traffic
Roger Dingledine presented a talk at the 37th Chaos Communication Congress about the challenges of web censorship and the censorship attempts that countries including Russia, Iran and Turkenistan have attempted. Tor effectively has an technological arms race with these censors as they race to build new ways of bypassing network censorship in adversarial countries. One […]
CISA takes down 2 systems after Ivanti compromise
The Cybersecurity and Infrastructure Security Agency (CISA) confirmed a cyberattack in February that exploited vulnerabilities in Ivanti software used by the agency. While CISA declined to disclose details about the attackers or data accessed, the compromised systems reportedly included critical infrastructure data. CISA acknowledged the incident but offered limited information. They confirmed taking two systems […]
US looses $12.5 Billion to online fraud in 2023
Americans lost a staggering $12.5 billion to online fraud in 2023, according to the FBI’s annual Internet Crime Complaint Center (IC3) report. This alarming figure represents a 22% increase compared to 2022, highlighting the growing threat of cybercrime in the United States. Investment scams topped the list of most costly frauds, with reported losses exceeding […]
US takes down Chinese Volt Typhoon Infrastructure
The US government took action against a large-scale Chinese hacking campaign that targeted internet-connected devices. This hacking group, known as Volt Typhoon, aimed to compromise critical infrastructure including utilities and internet service providers. The US Justice Department and FBI worked together to disrupt aspects of the hacking campaign. This decision stemmed from growing concerns about […]
Russian Internet Outage due to DNSSEC Glitch affecting .ru TLD
Russia experienced a widespread internet outage on Tuesday, affecting access to major websites including Yandex search, VKontakte social media, Sberbank online banking, and news outlets. The outage lasted for nearly four hours and primarily impacted users in Moscow, St. Petersburg, and other major cities. While initial concerns centered on government intervention, the cause was attributed […]
Jenkins vulnerability leaves 45 000 publicly exposed servers at risk
A critical vulnerability discovered in Jenkins, a popular open-source automation server widely used for building, testing, and deploying applications, has sent shudders through the developer community. This flaw, identified as CVE-2024-23897, allows attackers to potentially gain unauthorized access to sensitive information on Jenkins servers. The vulnerability lies within Jenkins’ built-in command line interface (CLI). Specifically, […]
37c3 in Review: My favourite talks
The 37th edition of the Chaos Communication Congress (37c3) was held in Germany and was the first in person CCC event since the pandemic. The congress returns to the Congress Center Hamburg (CCH) in Hamburg after renovations, the event was originally held in Hamburg before moving to Leipzig for several years. Every year, hackers, artists, […]
Five Eyes using push notifications to spy on smartphone users
The office of Senator Ron Wyden received a tip that foreign governments including the Five eyes were using push notifications to spy on users. Once this information was received, an investigation was launched and a letter requesting more information that was sent to the Department of Justice: In the spring of 2022, my office received […]
Have I Been Pwned celebrates 10 year anniversary
Have I Been Pwned (HIBP), a free online service created by Troy Hunt that enables users to check if their email address has been exposed in a data breach, celebrated its 10th anniversary earlier this week. HIBP has enabled users to see which data breaches their email addresses have been present in and take proactive […]