EU targets tech giants with DMA
The European Commission announced official investigations into Apple, Alphabet, and Meta, authorized by the powers of the bloc’s new Digital Markets Act. These investigations will look into whether Apple and Google inappropriately favored their own app marketplaces. The investigation of Meta will look at its use of personal data in ads. EU commissioner for the internal market Thierry Breton said these investigations comes after all of these companies took measures to come into compliance with the DMA.
China starts US tech ban in government
The Financial Times’ sources say that back in December, the Chinese government issued new guidelines that forbid the use of US tech in government computers and services. This means no Intel or AMD processors, no Windows OS or other foreign database apps. Government agencies must switch to domestic alternatives chips from Huawei and Phytium. These rules don’t impact non-government agencies.
Think tank calls for US military cyber service
A new report from the Foundation for Defense of Democracies calls for a dedicated cyber force in the military. It noted that US Cyber Command currently contends with inefficiencies by dividing labor between multiple service branches. The lack of dedicated cyber focus by all of the services also hurts recruitment efforts. As an example, the Navy didn’t have cyber-specific work roles until last year. The report did not make a specific recommendation for what this cyber force would look like. But co-author retired Rear Admiral Mark Montgomery said the US’s cyber status quo fails to keep up with its enemies capabilities.
Japan runs cyber defense drills
Japan’s Ministry of Internal Affairs and Communications ran its first cyber defense drills in Guam with some of its island nation neighbors last month. Kiribati, the Marshall Islands, Micronesia, Nauru, and Palau took part in the exercises, with representatives from Fuiji and Tonga observing as well. Participants trained on incident response and carried out cyber defense drills against key infrastructure assets. Analysts say this level of coordination is needed, as Japan could suffer a cyberattack initially staged through one of its neighbors.
Huge thanks to our sponsor, Varonis
Google recommends scam sites
SEO consultant Lily Ray spotted Google’s new Google Search Generative Experience recommending malicious or otherwise spammy sites in its conversational responses. An investigation by Bleeping Computer found signs these responses were part of the same SEO poisoning campaign, often using the .online top level domain and similar HTML templates. Clicking on the spam sites takes users through a series of redirects, where they get prompted by fake captchas, opt-ins for site notifications, and prompts to install browser extensions. Google said it removed the examples cited and continues to update its “advanced spam-fighting systems.”
Supply chain attack hits GitHub accounts
A new technical report from Checkmarx details the level of sophistication behind a supply chain attack that ultimately hijacked GitHub accounts. The unknown attackers set up a typosquat of an official PyPi domain, hosting a trojanized version of the popular package Colorama. These malicious packages then propagated through GitHub repositories, including the account for the Discord Token Generator. Researchers believe the attackers stole session cookies to access the GitHub accounts and list the malicious packages. Once the trojan deploys, it send back session tokens, crypto wallets, and web browser tokens to a remote server.
Russian groups gets Cozy with German politicians
Mandiant reports that the Russian-linked APT29, aka Cozy Bear, began a phishing campaign targeting German political parties in February 2024. The group sent out phishing emails posing as an invite to a political function. Clicking through attempted to install the backdoor “Wineloader.” Mandiant warns that Cozy Bear adapts operations extremely quickly, seemingly coordinating with broader Russian geopolitical objectives. Mandiant warned other Western political parties to be on the lookout for similar approaches.
StrelaStealer used in new campaign
Researchers at Palo Alto Networks released a report detailing a new campaign hitting over 100 organizations in the US and EU over the past five months using phishing emails. StrelaStealer first popped onto the scene back in November 2022, used for gathering credentials. The operators of StrelaStealer show they are changing with the times. Phishing emails switched from ISO attachments to now use ZIp attachments with a jScript file in an attempt to deliver a malicious DLL.
UK blames China for voter hack
In August 2023 the UK’s Electoral Commission disclosed an attack impacting voter data that occurred in August 2021, although not discovered until October 2022. Got all those dates straight? Now the UK’s National Cyber Security Centre says an unnamed China-backed threat actor orchestrated the attack. These findings came as part of a briefing to the House of Commons by UK Deputy Prime Minister Oliver Dowden. In a separate investigation, the NCSC found the Chinese-affiliated group APT31 “almost certainly” carried out a reconnaissance attack against UK parliamentarian email accounts in 2021. China denied any role in either incident.