US sanctions crypto exchanges used by Russian ransomware gangs
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned Cryptex and PM2BTC, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. Cryptex (which used the cryptex[.]net domain) reportedly provides financial services to cybercriminals and laundered over $51 million in funds linked to ransomware attacks. “Cryptex is also associated with over $720 million in transactions to services frequently used by Russia-based ransomware actors and cybercriminals, including fraud shops, mixing services, exchanges lacking KYC programs, and OFAC-designated virtual currency exchange Garantex,” the Treasury said.
CUPS flaws enable Linux remote code execution, but there’s a catch
Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. Tracked as CVE-2024-47076 (libcupsfilters), CVE-2024-47175 (libppd), CVE-2024-47176 (cups-browsed) and CVE-2024-47177 (cups-filters) and discovered by Simone Margaritelli, these security flaws don’t affect systems in their default configuration. CUPS (short for Common UNIX Printing System) is the most widely used printing system on Linux systems, and it is also generally supported on devices running Unix-like operating systems such as FreeBSD, NetBSD, and OpenBSD and their derivates.
Cyberespionage the Gamaredon way: Analysis of toolset used to spy on Ukraine in 2022 and 2023
The war in Ukraine, which started in February 2014 and intensified with Russia’s invasion of the country on February 24th, 2022, exemplifies a multifaceted war, rife with disinformation campaigns and cyberwarfare. Throughout these years, ESET Research has revealed several high-profile cyberattacks conducted by Russia-aligned advanced persistent threat (APT) groups targeting Ukrainian entities and Ukrainian speakers, analyzed various operations, and kept track of multiple APT groups focusing on this region because of the war. In this research, we decided to examine the operations of Gamaredon, the Russia-aligned group that has been active since at least 2013 and is currently the most engaged APT group in Ukraine. The intensity of the physical conflict has noticeably increased since 2022, but it’s worth noting that the level of activity from Gamaredon has remained consistent – the group has been methodically deploying its malicious tools against its targets since well before the invasion began.
Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes
An advanced deepfake operation targeted Sen. Ben Cardin, the Democratic chair of the Senate Foreign Relations Committee, this month, according to the Office of Senate Security, the latest sign that nefarious actors are turning to artificial intelligence in efforts to dupe top political figures in the United States. Experts believe schemes like this will become more common now that the technical barriers that once existed around generative artificial intelligence have decreased. The notice from Senate Security sent to Senate offices on Monday said the attempt “stands out due to its technical sophistication and believability.”
Mozilla accused of tracking users in Firefox without consent
European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users’ online behavior. The feature, called “Privacy-Preserving Attribution” (PPA) and jointly developed with Meta (formerly Facebook), was announced in February 2022 and was automatically enabled in Firefox version 128, released in July. NOYB’s complaint claims that, despite its name, Mozilla uses the feature to track Firefox user behavior across websites.