Risky Biz News: EU gets tough on tech companies and misinformation

In other news: Ukraine's postal service gets DDOSed over a stamp and Lapsus$ breaches T-Mobile.

This newsletter is brought to you by Airlock Digital, Rumble Network Discovery, Proofpoint, and Thinkst Canary.

The EU adopted new legislation on Friday called the Digital Services Act, agreeing to introduce new rules for online platforms. The DSA will force tech companies to take greater responsibility for the content that appears on their online services. This includes the obligation to move against the spread of misinformation, faster removal of illegal content, and the obligation to reveal how their algorithms work.

The new DSA rules will apply to any online service with more than 45 million monthly active users in the EU, and tech companies that fail to comply can face fines of up to 6% of their annual revenue.

The DSA's approval shows the EU's resolve to crack down on the power of tech companies, the growing threat of misinformation for local democracies, and the legislation passed despite heavy lobby efforts from the likes of Google, Apple, Facebook, and Spotify, according to documents obtained via freedom of information requests and published shortly after the vote.

Breaches and hacks

Lapsus$ breaches T-Mobile: Lapsus$, the group of misbehaving teens who have breached some of the largest companies in the world, have also breached US telecommunications giant T-Mobile, according to internal chats obtained by infosec reporter Brian Krebs. T-Mobile confirmed the breach and told Krebs that Lapsus$ only stole internal source code and did not obtain any information on its customers.

DDoS over a stamp: Ukraine postal service said on Friday that it was hit by a DDoS attack after it began selling a postage stamp depicting a Ukrainian soldier making a crude gesture to a Russian warship.

Costa Rica ransomware attack fallout: Costa Rican President Carlos Alvarado Quesada said in a video posted on Friday that the recent ransomware attack that hit government agencies last week has destabilized the government's activity in its period of transition to a new presidency. Despite the attack, Quesada said the government would not pay the $10 million ransom demanded by the attackers, the Conti ransomware gang.

General tech and privacy

New reply-all storm protections: After introducing protections against Reply-all storms for Exchange email servers back in 2020 and 2021, Microsoft announced last week that it is introducing new features for server administrators. The new features include a more advanced GUI to allow server owners to track the size and point of origin of Reply-all storms and a system to notify admins of ongoing storms.

Hidden Firefox settings: Mozilla automatically collects router information from users. Users who don't want their router location collected by Mozilla client applications must configure their routers to use a hidden SSID or rename their Wifi access point name to add a "_nomap" indicator at the end.

Cybercrime and threat intel

Israeli hacker-for-hire pleads guilty: An Israeli private detective detained in New York since 2019 on charges of involvement in a hacker-for-hire scheme pleaded guilty to wire fraud, conspiracy to commit hacking and aggravated identity theft last week. According to Reuters, Aviram Azari is connected to Indian hacker-for-hire company BellTroX, where he organized a series of hacking missions on behalf of unnamed third parties against American companies based in New York.

Infosec industry news

Cobalt Strike 4.6: Security software company HelpSystems has released version 4.6 of the Cobalt Strike penetration testing platform. This new version introduces some security measures meant to prevent abuse, such as breaking the built-in updater and forcing all users to download the update from the vendor's official website—as a way to weed out some of the malware gangs operating cracked versions of the software.

Grugq newsletter: Infosec legend The Grugq launched a newsletter last week.

Malware technical reports

Ransomwared in under 4 hours: The team at DFIR Report has published a new report on the Quantum ransomware. According to the report, the attackers gained access following an infection with the IcedID malware and successfully ransomed the victim organization in 3 hours and 44 minutes.

More on Industroyer2: Security researcher Joe Slowik has published an overview of the recent discovery of the Industroyer2 malware that was deployed in Ukraine and cautioned against reaching any conclusions before all the details are available, a process that typically takes years.

New book: Patrick Wardle, considered one of the best Mac malware security researchers, has a new book coming out.

APTs and cyber-espionage

GOLDBACKDOOR report: The Stairwell team has published a new report on GOLDBACKDOOR, a malware strain used by North Korean hackers against journalists specialized in reporting about the DPRK. The malware has been lightly attributed to the APT37/ScarCruft group.

Vulnerabilities and bug bounty

Successful legal defense: Polish IT company UseCrypt has dropped its lawsuit against Tomasz Zieliński, a local blogger and security researcher, the researcher told Risky Biz News in an email last week. UseCrypt sued Zieliński in April 2021 for reporting a vulnerability in its UseCrypt Messenger app.

Vendors hesitant to request CVEs: GitHub said last week that due to misconceptions and a general stigma associated with security vulnerabilities, vendors have been hesitant to request CVE identifiers for security flaws reported in their software.

Jira auth bypass: The Jira issues and project tracking system is vulnerable to an authentication bypass in its web authentication framework, known as Jira Seraph. The vulnerability is tracked as CVE-2022-0540 and was patched last week.