Newsletters

More than 16,000 Yubikeys have been deployed to Ukrainian government executives, workers, and employees of private companies in Ukraine's critical sectors in the aftermath of Russia's invasion.

The initiative is spearheaded by Hideez, a Ukrainian security firm specializing in identity services and FIDO consultancy. Earlier this spring, the company secured a donation of 30,000 Yubikey security keys from hardware authentication device maker Yubico.

Since then, Hideez's staff has been working with Ukrainian government agencies like the Ministry of Digital Transformation, the National Security and Defense Council, and the State Service of Special Communications and Information Protection of Ukraine (SSSCIP) to ensure the devices can be imported into the country, that government infrastructure is prepared for the keys' rollout, and that recipients receive the necessary training.

Apple says that once users enable Lockdown Mode, iOS and macOS will be put into what the company describes as an extreme and super-secure protection mode.

What happens under the hood is that iOS and macOS will turn off some of their internal services and features that are commonly abused by threat actors to attack and compromise devices. Apple said that Lockdown Mode would focus on five major areas of concern for the company. This includes:

Lockdown Mode is not meant for everyday users

We wonder why the Shanghai police needed data on a billion people, but both CNN and the Wall Street Journal verified a (tiny tiny, lol) subset of the data. News of the leak is being censored on Chinese social media, which may be as close as we'll get to official confirmation.

Read more about this story in Risky Biz news.

Ciaran Martin, former head of the UK's NCSC has an excellent thread about how cyber capabilities fit into the structure of a Defence force, riffing off a speech by UK Chief of the General Staff General Sir Patrick Sanders. In short, even destructive cyber capabilities don't replace conventional military force but are instead complementary.

According to a sample released by the threat actor, the data contains details such as names, addresses, national ID numbers, mobile numbers, and police and medical records.

ChinaDan said they are currently looking for buyers for this gigantic data trove, with which they were willing to part ways for the tiny sum of $200,000 worth of Bitcoin.

While previous leaks sold for this price have often turned out to be scams or publicity stunts, reporters from the Wall Street Journal and CNN said they already confirmed the data's authenticity with some of the victims who had information listed in ChinaDan's samples.

DNS hijack incident: Ankr, a company that provides server infrastructure for blockchain companies, disclosed a security breach on Friday, revealing that a threat actor social-engineered a Gandi employee to take control over some of its servers. The company said the attacker modified two nameservers in order to redirect traffic from two RPC servers to malicious versions. These two servers handled traffic for Polygon and the Fantom Foundation, two organizations that specialize in Ethereum-based infrastructure. Both companies confirmed the RPC infrastructure hijack but did not provide any details about the impact on their customers.

China to invest in its own OS: A group of ten Chinese tech companies have agreed to help Kylinsoft build a new project named openKylin, meant to help improve the open-source development of Kylin, China's national operating system. The move comes as western software companies, such as Microsoft and Apple, are pulling out of Russia and creating technical issues for the Russian government, which, just like China, is incredibly dependent on US-made operating systems.

Azure AD now supports temporary passcodes: Microsoft has formally launched a new feature called Temporary Access Pass for Azure AD. The feature allows Azure AD servers to issue time-limited passcodes to a company's employees. These passcodes can be used by employees to register new accounts or reset accounts where they lost access. Microsoft said the feature should be used by companies that have migrated their employees to passwordless setups where employees use hardware security keys, authenticator apps, or biometrics to access their accounts and need a temporary way to let users register or reset access to accounts.

Stone argues that vendors should do more root cause analysis of their own. First, because it helps the security industry; second, because it helps the company's own developers too; but third, and most important, because it makes an attacker's job harder and may delay future attacks.

OpenSea malicious insider: OpenSea, today's largest NFT marketplace, has suffered a malicious insider incident. The company said that an employee of Customer.io, its email delivery vendor, misused their access to download the email addresses of OpenSea users who signed up for the marketplace's newsletter.

Walmart denies ransomware attack: US retail giant Walmart has denied getting hit by a ransomware attack. The company's name had been recently listed on the leak site of the Yanluowang ransomware gang, with the group claiming to have encrypted between 40,000 and 50,000 of the retailer's systems.

Your weekly dose of Seriously Risky Business news is written by Tom Uren, edited by Patrick Gray and supported by the Cyber Initiative at the Hewlett Foundation, AustCyber, and founding corporate sponsors CyberCX and Proofpoint.

A "hacktivist" group responsible for several destructive attacks in Iran is trying to establish norms of responsible behaviour even as it attempts to destroy steel plants.

On Monday, a group calling itself "Gonjeshke Darande" or Predatory Sparrow in English claimed on social media to have launched destructive cyber operations against three Iranian steel companies. On Twitter it posted evidence of the successful attack, including dramatic video footage of what it claimed was one of the attacks, along with still CCTV images and screenshots from what looks like industrial monitoring systems.

According to a report from the Associated Press, the video showed equipment from Khouzestan Steel, which had to halt operations as a result of the incident. The two other companies did not report any work stoppage as a result of the cyberattack.

In a series of tweets posted on Tuesday, researchers from security firm Check Point said they identified the malware used in the attack, which they named Chaplin, after the name of one of its files.

Check Point said the malware appears to be a newer version of Meteor, the wiper used in a data-wiping attack against Iran's national railway system last summer. But unlike Meteor, Check Point said that Chaplin did not contain any data-wiping functionality.

CafePress fine: The US FTC fined last week the CafePress t-shirt merchandise site $500,000 for trying to cover up the severity of its 2020 data breach. The FTC said CafePress had weak security measures in place, which eventually allowed a threat actor to break in and steal the personal data of 23 million customers.

Ransomware attacks in Japan: Two large Japanese companies—automotive component manufacturer TB Kawashima and automotive hose giant Nichirin—were hit by ransomware attacks last week.

XCarnival hack: XCarnival, a company that claims to be the first NFT assets management platform for the Metaverse, was hacked on Saturday by an unidentified threat actor who exploited its smart contracts to steal 3,087 ETH, estimated at roughly $3.8 million at the time of the heist. The company confirmed the incident in a statement on Twitter when it also paused its smart contracts. Additional details are available in this Twitter thread from blockchain security firm PeckShield, which was the one to stop the suspicious transactions:

New Instagram feature: Meta announced on Thursday that they are testing a new way for users to verify their age on the platform. "If someone attempts to edit their date of birth on Instagram from under the age of 18 to 18 or over, we'll require them to verify their age using one of three options: upload their ID, record a video selfie or ask mutual friends to verify their age," the company said.

Chrome 103 is out: Google has released v103 of its Chrome web browser this week. While the usual security fixes and dev/API-related changes shipped with this release, there were also loads of new features that went live for the Chrome for iOS release. Among the most important new feature was the news that Google's Enhanced Safe Browsing feature is now available for iPhone users, something that has been available for all the other Chrome users since last year.

7-Zip now supports MotW: 7-Zip v22, released last week, supports Mark-of-the-Web, a Windows security feature that has been long requested by security firms and antivirus makers. 7-Zip now becomes the fifth major file archiving software on Windows to support this feature, after WinRAR, WinZip, Eplzh, and Bandizip. [Coverage in Bleeping Computer]