Monopoly darknet operator charged
The US Department of Justice filed charges against Milomir Desnica, accusing the Serbian man of facilitating over $18 million in illicit drug transactions on the Monopoly market. Monopoly launched back in 2019, focusing on selling narcotics and other drugs. The DOJ alleges Desnica did personal verification for vendors. He used two crypto exchange services over the last three years in an attempt to hide the transactions. The DOJ worked on the case against Desnica for a while. It seized Monopoly’s hosting server back in December 2021. Austrian authorities subsequently arrested Desnica in November 2022. Law enforcement arrested over 288 vendors connected to the market in an operation called SpecTor back in May. Now extradition to the US went through this week.
Activision Blizzard games hit with DDoS
The distributed denial-of-service attack hit the game publisher’s servers for roughly 10 hours over the weekend, making many of its games unplayable, including its recently released title Diablo IV. Because these games are always-online, it makes them particularly vulnerable to DDoS attacks. Activision did not identify a group behind the attack and no one seems to have taken credit yet. The company saw a similar attack in September, although it only saw outages on games for about 3 hours.
5G deadline could impact flights
The Wall Street Journal reports that as of July 1st, planes flying in the US without retrofitted sensitive radar altimeters can’t land in low visibility conditions. This cutoff comes as part of a deadline by US wireless carriers to increase power of 5G networks. Right now about 80% of domestic aircraft and 65% of aircraft from international destinations have updated equipment. You may recall carries and the Federal Aviation Administration butted heads with this power increase last year. The carriers initially planned to increase power in January 2022, delaying until July 2022 before compromising to a final delay until July 1st of this year.
(Engadget)
Japan to privatize chip supplier
The company JSR Corp does not hold a lot of name recognition. But its the leading maker of photoresists used in chip manufacturing. The Japanese government announced a $6.3 billion deal to privatize the company, offering shareholders a 35% stock price premium in the deal. JSR CEO Eric Johnson said the Japanese chip materials sector need to consolidate to combat rising competition, and that it plans to relist in five to seven years.
And now a word from our sponsor, AppOmni
Take action with AppOmni. Secure your organization’s most sensitive data and continuously monitor your SaaS estate for data exposure and misconfigurations. Visit AppOmni.com to get a free risk assessment.
Microsoft warns of credential stealing spike
The company said it detected a sharp rise in attacks by the Russian-affiliated group Midnight Blizzard, looking to steal credentials. These attacks targeted governments, NGOs, defense, manufacturing, and IT service providers. Microsoft noted the group uses residential proxy services to route traffic and avoid detection. It uses a variety of techniques to conduct session replay attacks in order to gain access to cloud resources. Researchers noted the attackers seem quick to weaponize recent news content in order to better craft spearphishing emails.
Windows 11 gets passkey manager
The latest Windows 11 Insider build includes an integrated passkey manager, allowing users to sign into accounts with Windows Hello. Microsot says this will allow for a broader range of “native” Windows Hello logins across sites and apps, using face or fingerprint biometric authentication. Users can also use a PIN or their phone as another factor for a login. The build also brings a passkey manager into Windows settings. Bleeping Computer reports it appears to still be a work in progress. Some website passkeys worked fine, but it noted Google allowed the PC to save a passkey, but never prompted to use it at login.
JPMorgan fined for deleting evidence
The US Securities and Exchange Commission fined the banking giant $4 million after it deleted email records from 2018. These emails belonged to about 8,700 mailboxes belonging to its Chase Bank subsidiary. The SEcurities Exchange Act of 1934 requires retention of these business records. But the SEC fined it because it meant the company couldn’t produce evidence in “at least 12 civil securities-related regulatory investigations.” JPMorgan blamed the incident on an unnamed archiving vendor, which led workers to believe that removing older emails on JPMorgan’s own systems wouldn’t lead to permanent deletion. The company initially reported the deletion to the SEC in January 2020.
It’s a me, malware!
Researchers at Cyble discovered that threat actors began distributing a modified installer version for the gameSuper Mario 3: Mario Forever. It’s unclear the exact channel, but the researchers say it likely came from gaming forums or social media groups. The installer does actually install the game, but also includes two other executables that install a Monero cryptominer. This runs every fifteen minutes and hides under the name of a legitimate process to obfuscate activity. It also contacts a C2 server to pull down an additional infostealer payload. This looks for session and authentication tokens, as well as crypto wallets.