In an interesting experiment, malware analysts from HackerHouse have used AI/ML tools to reconstruct the (incomplete) source code of the Marble Framework, a malware toolkit initially shared in the CIA Vault7 leaks.

GitHub

GitHub - hackerhouse-opensource/Marble: The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools.

The CIA's Marble Framework is designed to allow for flexible and easy-to-use obfuscation when developing tools. - GitHub - hackerhouse-opensou...

Microsoft has a new CISO in Igor Tsyganskiy

Security is more important than ever for our customers, partners, and Microsoft. So much of the world depends on Microsoft for its digital safety and we need look no further than the news headlines… | Charlie Bell | 31 comments

Security is more important than ever for our customers, partners, and Microsoft. So much of the world depends on Microsoft for its digital safety ...

UK summons Russian ambassador over hacking campaigns:

GOV.UK

UK exposes attempted Russian cyber interference in politics and democratic processes

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

NCSC report on Star Blizzard (ColdRiver) activity is here:

Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns

The Russia-based actor is targeting organisations and individuals in the UK and other geographical areas of interest.

PDF: 📄.pdf Sanctions were also levied against two Russians, including an FSB officer, for their role in the APT group

Just a reminder that even if you get the RiskyBizNews newsletter via email, you can always find it on the web at

!!! Do not subscribe! We have moved! | Patrick Gray | Substack

This newsletter is now hosted at https://news.risky.biz/. Click to read "!!! Do not subscribe! We have moved!", a Substack publication.

The web version is better because I will often update it to fix typos, broken links, or add better links (i.e., English coverage for some articles that appeared in local press).

The amount of Russian propaganda in the social media and news site comments in Romania is absolutely staggering. Literally everything is about the "evil EU" and the "degenerate left." It could be an article about sports or cooking, it's still the EU or the left's fault somehow.

Security firm Group-IB has discovered a new Linux malware strain that has been secretly infecting systems since at least 2021. Named Krasue, the malware is primarily used to serve as initial access for other cybercrime operations. Group-IB says the botnet appears to have been created by the author of the infamous XorDDoS malware or at least by someone who had access to its original source code. https://www.group-ib.com/blog/krasue-rat/

The CEO of the Bitzlato cryptocurrency exchange has pleaded guilty to money laundering-related charges (this is the exchange used by Conti to convert stolen funds to rubles)

 

Top exploited CVEs, per Cisco Talos

Cisco Talos Blog

Cisco Talos 2023 Year in Review

Top threats, attacker trends and malware from the past year Our report includes a full breakdown of the current threat landscape, including actor...

CISA has published its second Secure by Design alert, with this one urging software developers to transition to memory-safe programming languages.

Cybersecurity and Infrastructure Security Agency CISA

The Case for Memory Safe Roadmaps | CISA

Newsletter:

Risky Biz News: Crypto-phishing service shuts down after stealing $71 million

In other news: Ukraine takes credit for Rosaviatsiya hack; a ransomware attack cripples hospitals in six US states; and ASD recommends patching wit...

Podcast:

Risky Biz News: Ransomware cripples hospitals in six US states - Risky Business Media

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu.You can find the newsletter v [Read More]

-Crypto-phishing service Inferno Drainer shuts down after stealing $71 mil -Ukraine takes credit for Rosaviatsiya hack -Ransomware attack cripples hospitals in six US states -ASD recommends patching within 48 hours -Ransomware attack wipes mobile game database -Line IM data breach -Taj Hotels discloses breach -Russia's MOD gets hacked -Microsoft retires Application Guard for Office -Another FISA reform bill submitted