Newsletters

Russian authorities have arrested a Moscow resident for posing as an FSB intelligence officer to extort and demand payments from members of the Conti ransomware group.

Ruslan Satuchin was detained in October of last year and has remained in custody after authorities extended his arrest warrant in December.

According to Russian news outlet RBC, the suspect contacted a Conti member in September of 2022, claiming he could prevent the FSB from investigating them for a bribe.

This week, US Defense Secretary Pete Hegseth delivered an ultimatum to Anthropic that it allow unrestricted military use of its AI models by Friday or face harsh punishments. This begs the question: When it comes to military use of AI, who exactly should be setting the rules?

At issue for the Department of Defense are safeguards intended to prevent accidental or malicious use of AI. The Pentagon argues that AI is no different from any other technology and decisions about how it is used should be left to the military. 

In mid-January, Hegseth spoke about accelerating AI deployment within the War Department and eliminating barriers that prevent deploying the technology to the battlefield. Hegseth railed against "equitable AI, and other DEI and social justice infusions that constrain and confuse our employment of this technology… We will not employ AI models that won't allow you to fight wars."

Russian authorities have launched a criminal investigation of Telegram founder and CEO Pavel Durov. He is allegedly charged with promoting and facilitating terrorist activity on the Telegram platform by failing to respond to law enforcement takedown requests.

The criminal probe was revealed in a long piece published on Tuesday by the official newspaper of the Russian government, the Rossiyskaya Gazeta.

Russian officials have accused Durov of choosing a "path of violence and permissiveness" by not cooperating with its law enforcement agencies.

A Russian-speaking financially motivated threat actor has used commercial AI toolkits to hack more than 600 Fortinet firewalls.

The campaign began at the start of the year, around January 11, according to the AWS security team.

The attacker didn't exploit zero-days or older vulnerabilities. Instead, they targeted FortiGate devices that had their management ports exposed online, used weak passwords, and didn't have MFA enabled.

The infrastructure that supports the Resource Public Key Infrastructure (RPKI) security standard is not as secure as one would believe and is prone to multiple attacks that could hinder or crash global internet routing.

A new research paper that will be presented next week at the Network and Distributed System Security (NDSS) Symposium looks at a type of server that is part of the RPKI infrastructure known as PP, standing for Publishing Point, and how attacking these servers can prevent routers from validating routing information.

The topic of internet routing and its security protocols is a complex one, so here are the main acronyms and terms that we'll be using and what they mean:

A groundswell of officials are calling for European countries to build cyber capabilities to  strike back against adversaries. It's a fine sentiment, but if Europe had the cojones to strike back it could have done so already with the options it currently has. 

Last week, speaking on the sidelines of the Munich Security Conference, the European Commission's Executive Vice President for Tech Sovereignty, Security and Democracy, Henna Virkkunen, told Politico that "it's not enough that we are just defending ... We also have to have offensive capacity". 

At the same conference, other European officials, including intelligence chiefs expressed similar sentiments. NATO Deputy Secretary General Radmila Shekerinska said that collectively, the alliance's objective should be, "to take action and to be able to strike back" against cyber threats. Shekerinska called out Russia and China as significant threats. 

A supply chain attack has planted backdoors inside the firmware of multiple Android tablet makers. Incidents of tainted firmware updates have been traced back to as far as August 2023.

The firmware images were infected with a new backdoor named Keenadu.

Spotted and analyzed by Kaspersky in a report released on Tuesday, the backdoor is injected in Zygote, the central core process of the Android operating system from where it cannot be removed without a full device flash and reinstall.

Following growing international pressure, the Cambodian government has promised to crack down and dismantle cyber scam networks operating within its borders by April this year.

The government says it raided 190 locations in January alone, and arrested more than 2,500 suspects.

More than 110,000 foreigners who used to work in the scam compounds, by force or voluntary, have also been freed and left the country already, according to the country's Commission for Combating Online Scams (CCOS).

A Ukrainian man who developed and managed the IcedID malware botnet faked his own death in an attempt to escape the FBI and jail time in the US.

The unnamed suspect bribed Ukrainian cops to falsify a dead man's documents and issue a death certificate in his name.

This happened in April 2024, a month before Europol and the FBI seized IcedID servers during Operation Endgame—suggesting there was either a leak in the investigation or that the suspect saw law enforcement agencies probing his servers.

For a brief time, Microsoft appeared to be making security a priority. As with all good things, though, it appears that period has come to an end with personnel changes at the organisation signaling a shift in priorities. We fear Microsoft's goal now is not to make secure products, so much as to sell security products. 

Last week, CEO Satya Nadella announced that Microsoft's Executive Vice President of Security Charlie Bell had been replaced by Hayete Gallot, who was most recently President of customer experience at Google Cloud. Bell is stepping back from leading Microsoft's security organisation to become an individual contributor engineer. 

Now that Bell has gone, it appears the guise of "security first" has been tossed aside, and we fear the company may slip back into being a security disaster.