Next week, on May 30th the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) opens the 10th International Conference on Cyber Conflict, CyCon 2018. The anniversary event focuses on the theme of maximising effects in the cyber domain.
The 10th CyCon Starts Next Week
The 10th CyCon Starts Next Week
The 10th CyCon Hosts 700 Cyber Experts in Tallinn
CyCon 2019 Theme is Silent Battle in Cyber Space
Romania to Join the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn
The Prime Minister of Romania, Mrs. Viorica Dăncilă, announced today during her visit to Estonia that Romania looks forward to joining NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in 2019. NATO-accredited cyber defence hub in Tallinn welcomes the decision of Romania to become another NATO Ally to join the Centre.
Colonel Jaak Tarien to Become Director of the NATO Cooperative Cyber Defence Centre of Excellence
As of 1 September 2018 Colonel Jaak Tarien, former Commander of Estonian Air Force for the past six years, will assume the role of Director of the NATO Cooperative Cyber Defence Centre of Excellence based in Estonia.
Merle Maigre, current Director of CCDCOE, will take on a new challenge in September by joining CybExer Technologies, an Estonian cyber security company which is rapidly expanding its operations both in Estonia and abroad.
Colonel Jaak Tarien assumes command of NATO CCDCOE
Colonel Jaak Tarien, until recently the long-term Commander of Estonian Air Force, assumed today from Merle Maigre the role of Director of the NATO Cooperative Cyber Defence Centre of Excellence based in Tallinn.
CyCon 2019 Papers are Expected by 1 October
The Call for CyCon 2019 Papers is open until 1 October 2018. The theme for the eleventh International Conference on Cyber Conflict, hosted by the NATO Cooperative Cyber Defence Centre of Excellence, is ‘Silent Battle’. CyCon 2019 will take place in Tallinn, Estonia, from 28 to 31 May 2019.
The International Conference on Cyber Conflict, CyCon, is entering its second decade. Throughout the years, CyCon has established itself as a prominent multidisciplinary conference, introducing keynotes and panels focusing on the technical, legal, policy, strategy and military perspectives of cyber defence and security. This is undoubtedly thanks to the amount of high-quality original academic research presented at the conference. In 2018, the Academic Review Committee selected 22 articles that were presented at the conference and published in the proceedings.
NATO CCDCOE brings improvement through practice
The NATO Cooperative Cyber Defence Centre of Excellence contributes this week to the setup and organisation of NATO’s largest cyber exercise Cyber Coalition 2018 taking place in Tartu, Estonia. This year, the experts of the Centre contributed to the operational and legal part of the exercise scenario, adding respective challenges to the participating cyber experts across the Alliance.
New Study by the CCDCOE: Cyber Security Organisation in Turkey
New Study by the CCDCOE: Cyber Security Organisation in Turkey
A recent report by NATO CCDCOE “National Cyber Security Organisation: Turkey” outlines the current cyber security landscape in Turkey. Being the most recent issue of the NATO CCD COE’s National Cybersecurity Governance series, the report provides a comprehensive overview of the digital ecosystem in Turkey and describes the responsibilities of different national agencies designated to ensure the security in the cyberspace.
Türkiye captures nearly 3000 Daesh suspects in 10 months - Daily Sabah
Google fixed critical Chrome vulnerability CVE-2024-4058
Google addressed a critical Chrome vulnerability, tracked as CVE-2024-4058, that resides in the ANGLE graphics layer engine.
Google addressed four vulnerabilities in the Chrome web browser, including a critical vulnerability tracked as CVE-2024-4058.
The vulnerability CVE-2024-4058 is a Type Confusion issue that resides in the ANGLE graphics layer engine. An attacker can exploit this vulnerability to execute arbitrary code on a victim’s machine.
This critical flaw was reported by Toan (suto) Pham and Bao (zx) Pham of Qrious Secure on 2024-04-02, the researchers have been awarded a $16,000 bounty.
The IT giant also fixed a high-severity flaw tracked as CVE-2024-4059. The flaw is an Out of bounds read that resides in the in V8 API. The vulnerability was discovered by Eirik on 2024-04-08.
Google also fixed another high-severity flaw tracked as CVE-2024-4060. The flaw is Use after free in Dawn, which is an open-source and cross-platform implementation of the WebGPU standard. The vulnerability was reported by wgslfuzz on 2024-04-09.
The Stable channel has been updated to 124.0.6367.78/.79 for Windows and Mac. Linux version 124.0.6367.78 will be rolled out over the coming days/weeks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
[ED] Defenseless against NK hackers - The Korea Times
These Issues Are Testing the U.S.-China Thaw - The New York Times
NY Post Cover for April 25, 2024
China Cyber Security Market Size: 2031 Overview - LinkedIn
How crypto heists help North Korea fund its nuclear program - Times of India
Cisco says hackers subverted its security devices to spy on governments - Reuters
'Sophisticated' nation-state crew exploiting Cisco firewalls • The Register - Theregister
The Long Arm of China's Security Services - The Cipher Brief
Head of Belgian Foreign Affairs Committee says she was hacked by China | Reuters
Lessons Learned Fron the LastPass Hack - ChurchLeaders
Apple's censorship in China is just the tip of the iceberg - Columbia Journalism Review
Deputy PM Oliver Dowden seeks to ease fears on cyber threat from China
DOJ arrested the founders of crypto mixer Samourai for facilitating $2 Billion in illegal transactions
The U.S. Department of Justice (DoJ) announced the arrest of two co-founders of a cryptocurrency mixer Samourai.
The U.S. Department of Justice (DoJ) has arrested two co-founders of the cryptocurrency mixer Samourai and seized the service. The allegations include claims of facilitating over $2 billion in illicit transactions and laundering more than $100 million in criminal proceeds.
The duo, Keonne Rodriguez (35) and William Lonergan Hill (65), are charged with operating Samourai Wallet, which DoJ states is an unlicensed money-transmitting business.
Keonne Rodriguez was the Chief Executive Officer of Samourai Wallet (“Samourai”), while William Lonergan Hill was the company’s Chief Technology Officer.
“These charges arise from the defendants’ development, marketing, and operation of a cryptocurrency mixer that executed over $2 billion in unlawful transactions and facilitated more than $100 million in money laundering transactions from illegal dark web markets, such as Silk Road and Hydra Market” reads the press release published by the DoJ.
RODRIGUEZ was arrested and is set to appear before a U.S. Magistrate Judge in the Western District of Pennsylvania. HILL was also arrested yesterday in Portugal following U.S. criminal charges. The United States aims to extradite HILL to face trial in the country.
The cryptocurrency mixer operated from about 2015 through February 2024, the DoJ states that both defendants were aware that a substantial portion of the funds that the service processed were criminal proceeds passed through Samourai for purposes of concealment.
“While offering Samourai as a “privacy” service, the defendants knew that it was a haven for criminals to engage in large-scale money laundering and sanctions evasion.” continues the DoJ. “Indeed, as the defendants intended and well knew, a substantial portion of the funds that Samourai processed were criminal proceeds passed through Samourai for purposes of concealment.”
Rodriguez and Hill implemented features in the platform aimed at aiding individuals involved in criminal activities to obscure the origin of their proceeds. One feature, “Whirlpool,” offers a cryptocurrency mixing service that batches cryptocurrency exchanges among users to hinder law enforcement tracing on the Blockchain. Another feature, “Ricochet,” adds unnecessary intermediate transactions (“hops”) when sending cryptocurrency to obscure its origin.
Both features are aimed at evading detection by law enforcement and making investigations in illicit transactions more difficult.
“Similarly, RODRIGUEZ and HILL possessed and transmitted to potential investors marketing materials that discussed how Samourai’s customer base was intended to include criminals seeking privacy or the subversion of safeguards and reporting requirements by financial institutions.” continues the press release. “For example, in Samourai’s marketing materials, RODRIGUEZ and HILL similarly acknowledge that the individuals most likely to use a service like Samourai include individuals engaged in criminal activities, including “Restricted Markets.”
The DoJ also shared an excerpt from Samourai’s marketing materials showing the founders acknowledging that its revenues will be derived from “Dark/Grey Market participants” seeking to “swap their bitcoins with multiple parties” to avoid detection:
Since the launch of Whirlpool in 2019 and Ricochet in 2017, the mixer processed over 80,000 BTC (equivalent to over $2 billion), generating approximately $3.4 million in fees for Whirlpool transactions and $1.1 million for Ricochet transactions.
The joint operation conducted by US authorities with the help of Europol and law enforcement authorities in Iceland, and Portugal, led to the seizure of Samourai’s web servers and domain (https://samourai.io/). The police also issued a seizure warrant for Samourai’s mobile application on the Google Play Store, the app was removed from the Google Play Store in the United States.
The authorities charged the defendants with one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and one count of conspiracy to operate an unlicensed money transmitting business, which carries a maximum sentence of five years in prison.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, mixer)
CISA adds Microsoft Windows Print Spooler flaw to its Known Exploited Vulnerabilities catalog
U.S. CISA added the Windows Print Spooler flaw CVE-2022-38028 to its Known Exploited Vulnerabilities catalog.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Cisa added the flaw to the KEV catalog after Microsoft reported that the Russia-linked APT28 group (aka “Forest Blizzard”, “Fancybear” or “Strontium” used a previously unknown tool, dubbed GooseEgg, to exploit the Windows Print Spooler flaw CVE-2022-38028.
Since at least June 2020, and possibly earlier, the cyberespionage group has used the tool GooseEgg to exploit the CVE-2022-38028 vulnerability. This tool modifies a JavaScript constraints file and executes it with SYSTEM-level permissions. Microsoft has observed APT28 using GooseEgg in post-compromise activities against various targets, including government, non-governmental, education, and transportation sector organizations in Ukraine, Western Europe, and North America.
While GooseEgg is a simple launcher application, threat actors can use it to execute other applications specified at the command line with elevated permissions. In a post-exploitation scenario, attackers can use the tool to carry out a broad range of malicious activities such as remote code execution, installing backdoors, and moving laterally through compromised networks.
The vulnerability CVE-2022-38028 was reported by the U.S. National Security Agency and Microsoft addressed it with the release of Microsoft October 2022 Patch Tuesday security updates.
APT28 deployed GooseEgg to gain elevated access to target systems and steal credentials and sensitive information.
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts recommend also private organizations review the Catalog and address the vulnerabilities in their infrastructure.
CISA orders federal agencies to fix this vulnerability by May 14, 2024.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, CISA)