Please share your thoughts on this new format.
This week
- Scammers sending fake, physical ransom demands to CEOs
- Silk Typhoon shifting focus to tech supply chains
- ICO investigating privacy of young people on TikTok, Reddit, Imgur
- Apple challenging UK ‘backdoor’ request
- Russia to redeploy resources following peace with Ukraine
Interesting stats
11,908 valid secrets and API keys found in the Common Crawl AI training data set. LINK
30,000 compromised devices, including IP Cameras and network video recorders, have emerged as the ‘Eleven11not’ botnet, delivering a recording-breaking 6.5Tbps volumetric distributed denial of service (DDOS) attack. LINK
Five things
- Silk Typhoon, the Chinese state-sponsored threat actor, is shifting tactics to focus on remote management tools and technology service providers, according to Microsoft. The supply chain attacks target privileged access management, cloud app providers, and cloud data management companies for their onward access into their customer’s networks. The US DoJ also charged 12 Chinese nationals this week, some with links to Silk Typhoon, including employees of ‘hackers for hire’ company i-Soon, a suspected supplier to China’s Ministry of State Security. LINK, CHARGES
- Apple has launched a legal challenge to the UK’s ‘technical capability notice’ issued to it early this year requiring the development of a so-called backdoor into user’s encrypted iCloud content. An appeal has been made to the Investigatory Powers Tribunal, an independent body established by UK surveillance law, to investigate potential surveillance overreach. The proceedings are likely to be held in private. Meanwhile, NCSC, GCHQ, and other government sites are scrubbing advice from their websites that users should adopt Apple’s Advanced Data Protection to protect their data. LINK, MORE, SCRUB
- Russia cyber threat: CISA has said that it will continue to defend against “all cyberthreats to the U.S. Critical Infrastructure, including from Russia,” following reporting that an agency memo did not mention Russian threats amongst a list of priorities. Separately, Finland’s intelligence agency Supo warned that a Russia/Ukraine peace deal would free up Russian cyber operators to be redeployed to focus on other European targets in its annual security security overview. CISA, REDEPLOY
- The ICO is investigating TikTok, Reddit, and Imgur protect the privacy of young people using their services. TikTok, for example, collects personal data and viewing habits to make further recommendations for users aged 13-17. While this investigation focuses on social media platforms, I could see this being a future issue for AI services, too, as they use user input to train their models. LINK
- Administrators of the Garantex cryptocurrency exchange have been charged with money laundering by US authorities and its website seized in an international law enforcement operation. Aleksej Besciokov, 46, a Lithuanian national living in Russia and Aleksandr Mira Serda, 40, a Russian national living in UAE, allegedly “knew that criminal proceeds were being laundered through Garantex and took steps to conceal the facilitation of illegal activities on its platform”. The Garantex platform has processed at least $96 billion in cryptocurrency transactions since 2019, with “hundreds of millions” relating to criminal proceeds, according to the DOJ. LINK
In brief
-
⚠️ Incidents: Japanese telco NTT Communications has confirmed a data breach affecting 17,891 corporate customers that the company discovered on 5th February. The Polish Space Agency (POLSA) is dealing with a cyber security incident that may be a compromise of their email platform. NTTCOM, POLSA
-
🕵️ Threat Intel: Physical ransom notes impersonating the BianLian ransomware group are being mailed to the CEOs of US organisations. The fake notes are an attempt to scare executives into believing that their organisation has been breached in the hope that they will transfer cryptocurrency. RANSOM
-
🪲 Vulnerabilities: Three VMware vulnerabilities can allow an attacker to escape to the hypervisor and access other virtual machines running on the same host. It’s believed that attackers are actively exploiting CVE-2025-22224, -22225, and -22226 (9.3, 82, 7.1 /10 respectively) in the wild. VMWARE, ADVISORY
-
🧿 Privacy: Android devices drop multiple cookies on users as part of that device setup that is likely used by Google to profile the user for advertising. Doug Leith, professor at Trinity College Dublin who conducted the research, says there’s no consent or opt-out for these cookies. LINK, PAPER (PDF)
-
💰 Investments, mergers and acquisitions: Bridewell, a UK cyber consultancy and managed service provider focussing on critical infrastructure, has announced a merger with French outfit I-Tracing to “create the independent European cyber security services champion”. Cyber exposure management outfit Armis is acquiring industrial security specialist Otorio for $120 million in cash. BRIDEWELL, ARMIS
-
🗞️ Industry news: CrowdStrike reported that annual recurring revenue grew 23% year-over-year to $4.24 billion however the company’s stock price fell by around 9% following an earnings forecast below that expected by financial analysts. Cyberreason CEO Eric Gan appears to have quit following a series of ‘boardroom blowups’ over the business’s accounts and funding. Gan has filed a lawsuit against investors Softbank, Library Strategic Capital, and others for breaching their fiduciary duties. CROWDSTRIKE, CYBERREASON
And finally
- A post I spotted on LinkedIn: Ryan Holden has been calling out bots using AI to generate misinformation on BBC News posts on Facebook. He caught them by asking for some poetry. Here’s my poem… to prove I’m human! LINK
AI posts on recent news Shadowy powers shaping views At first glance you may not spot Inauthentic behaviour, generated by bot (And Facebook policy’s lost the plot) But ask it some questions, make a request — An unusual interaction, a simple test And it will try to comply, showing colours true In a global town square of fake me and you
