A former NSA cyber specialist has been charged in a U.S. spying case for trying to sell secret information to the Russian government. The 30-year-old man could face life in prison or be sentenced to death. More: - The cyber specialist was hired at the NSA but worked there for only about four weeks. During his tenure at the agency, he printed top secret documents.
- After leaving the NSA, the 30-year-old tried to sell the documents on a dark web website that was created by the Russian SVR.
- An undercover FBI agent convinced him that he was talking to an agent from a foreign government, sending payments in his cryptocurrency wallet addresses as part of the transaction. He was sent two cryptocurrency payments worth close to $5,000.
- The former NSA employee asked for $85,000 in exchange for all of the documents, citing financial problems as the reason behind this act. He was later arrested at the planned meeting point for the document handover.
- He is being charged with three violations of the Espionage Act.
Zoom Out: - This is not the first case that former NSA employees have sold or leaked sensitive data. Edward Snowden, a previous NSA contractor and CIA employee, famously leaked over 7,000 top secret documents. The documents were sent to numerous journalists who published them.
- Since leaking the documents in 2013, Snowden has resided in Russia, where he was recently granted Russian citizenship. Snowden is charged by the U.S. Department of Justice with breaking the Espionage Act and stealing government property.
| |
A new hacking campaign uses malware that hides inside the Windows logo image. Witchetty hacker group is behind the attack. More: - Witchetty hacker group is believed to be tied with the state-backed Chinese threat actor APT10.
- The attack is conducted in multiple phases. First, the threat actors exploit multiple security flaws such as:
- These security flaws were exploited by hackers to breach ProxyShell servers on previous occasions.
- In the following step, the threat actors hide the backdoor malware in the image file, which enables them to perform file and directory actions, start, enumerate, or kill processes, modify the Windows registry, download additional payloads, and exfiltrate files.
- Hackers use steganography to hide the infected file in a public folder that is accessible by the admin, in this case, behind the Windows logo.
- This hacking campaign is likely to have been launched in June 2022.
Zoom Out: - APT10 has been linked with the 2016 U.S. Navy cyberattack, where over 130,000 records of Navy members were stolen.
- The group also attacked the world's largest vaccine maker, the Serum Institute of India.
| |
A message from SECURITY COMPASS Discover an automated, scalable, developer-centric approach to threat modeling. So what differentiates a developer-centric threat modeling platform from more traditional threat modeling tools? A holistic developer-centric threat modeling platform offers a solution that covers the entire process—from analysis to implementation to measurement and reporting. It will help you release secure software faster by: - Automatically generating threat modeling diagrams
- Identifying required threat countermeasures and security controls
- Engaging key stakeholders (especially developers)
- Ensuring developers implement the required controls
- Measuring the effectiveness of the program
- Maintaining audit trails and data
- Understanding a change in risk profile
Read Developer Centric Software Threat Modeling Powered by Automation, a comprehensive guide on why developer-centric threat modeling is critical for your business. Get the guide | |
North Korean Hackers have been tracked using open-source software to cyberattack companies. The campaign was tracked by Microsoft and LinkedIn. More: - The two companies believe that the threat actor responsible for the attack is Zinc, also tracked as Labyrinth Chollima.
- Zinc has been active since 2009.
- This hacking campaign is targeting multiple industries such as media, defense, aerospace, and IT. The targeted entities operate in the U.S., the U.K., India, and Russia.
- First, the threat actor creates contact through LinkedIn, then convinces its targets to download an infected file that they send through WhatsApp. The group uses open-source software such as PuTTY, KiTTY, TightVNC, Sumatra PDF Reader, and muPDF/Subliminal Recording software installer to carry out these cyberattacks.
- Once the threat actor successfully gains access to a device, they deploy backdoor spyware named Zetanile.
- This campaign began in April 2022.
- According to the findings from Microsoft, the hacker group is motivated by cyberespionage, financial gain, data theft, and corporate network destruction.
| |
The U.S. Senate is likely to add cryptocurrencies to the 2015 Cybersecurity Information Sharing Act bill. U.S. Sens. Marsha Blackburn (R-Tenn.) and Cynthia Lummis (R-Wyo.) have proposed the reform. More: - According to the senators, cryptocurrency has been consistently used by threat actors to hide their illegal financial gains. The 2015 cybersecurity bill does not include cryptocurrency firms; therefore, amending the bill also serves as the next step toward crypto regulation.
- The proposed reform would aim to make cryptocurrency companies more transparent regarding suspicious transactions and would aim to reduce losses caused by cyber security incidents.
- If the bill is passed, the Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency will issue policies and procedures for crypto firms facing potential cybersecurity risks.
| |
Cybersecurity startup Detectify has raised a $10M funding round. The company is based in Stockholm, Sweden. More: - Detectify offers multiple solutions that help companies scan their system for any possible vulnerabilities.
- The company claims it has over 2,000 customers and over 10,000 users.
- Detectify offers Surface monitoring and application scanning. The product can be integrated with popular enterprise communication apps.
- Clients will soon be able to track specific KPIs and receive alerts.
| |
Quick Hits: - Build a real estate investment portfolio you won't lose sleep over when you use Doorvest.*
- The European Union is in talks to pass a new cybersecurity bill named the Cyber Resilience Act. This bill would widen the scope of authority for several cybersecurity agencies and would oblige more private sector industries to report their cybersecurity issues.
- Researchers believe that China-based hackers have found new techniques to install malware that can lead to remote access control and data extraction.
- Australia's Attorney General Mark Dreyfus stated that the country is going to adopt tougher cybersecurity legislation as a response to the recent hack of Optus, which exposed close to 10 million people.
- Companies in Singapore reported that they are attacked by 54 hacking campaigns every day. 62% of security professionals in the country claimed they cannot keep up with this pace.
*This is sponsored content. | |
Upcoming events at Inside: - October 04 - Webinar: Shrink the Attack Surface (Register Here) *
- October 05 - AMA with Ram Bartov (Chief Accounting Officer at TripActions)* (Register Here)
- October 11 - AMA with Mike Malone (Smallstep)* (Register Here)
- October 19 - AMA with Zecca Lehn (Responsibly VC) (Register Here)
- October 25 - Meet Our Fund 4, an Inside.com Summit (Register Here)
- November 02 - AMA with Bill Glenn (Executive Chairman at Crenshaw Associates) (Register Here)
- December 07 - Live AMA with Deividi Silva ( Head of Developer Relations at Gun.io) (Register Here)
*This is a sponsored listing. | |
| | Arbër is an Inside writer who also has experience in entrepreneurship. He has experience covering Consumer Tech, Venture Capital, NFTs, Crypto, etc. Arbër holds a Bachelor's degree in Business from XAMK University in Finland. When he is not reading(and writing) business news, he chooses to watch sports or anime...and then read news about sports or anime. | | Editor | Aaron Crutchfield is based in the high desert of California. Over the last two decades, he has spent time writing and editing at various local newspapers and defense contractors in California. When he's not working, he can often be found looking at the latest memes with his kids or working on his 1962 and 1972 Fords. | |
Security Compass is on a mission to accelerate software time-to-market while managing risk. | |