An Alleged Russian Smuggling Ring Was Uncovered in New Hampshire

As Russia's invasion of Ukraine drags on, navigation system monitors reported this week that they have detected a rise in gps disruptions in Russian cities. Ethiopia's civil war was worsened by a lack of adequate hate-speech moderation on Facebook.

There is new evidence suggesting that attackers planted data to frame an Indian priest who died in police custody. Cuba abused legitimate Microsoft certificates to sign some of their software, which is a method of faking legitimatizing hacking tools. With the one-year anniversary of the Log4Shell vulnerability, researchers and security professionals reflect on the current state of open source supply-chain security and what needs to be done to improve patch adoption.

There are factors and circumstances that lead to radicalization in the United States. Meta gave WIRED some insight into how difficult it is to enable users to recover their accounts when they are locked out.

There is more to come. The security news we didn't cover is highlighted each week. The full stories can be found below.

One of the seven people named in a 16-count federal indictment this week was Alexey Brayman, who was accused of operating an international smuggling ring over the past five years. Brayman was released on a $150,000 bond after he was ordered to give up his passport and abide by a curfew. He is a citizen of Israel. Brayman and his wife run an online business out of their home in Merrimack, New Hampshire. A delivery driver told The Boston Globe that the family was the sweetest he had ever met. Gifts will be left out around the holidays. Also, snacks. Their house was a staging site for millions of dollars in military and sensitive dual-use technologies from US manufacturers and vendors according to the indictment. Two more people connected to the case have been arrested.

A hacker gained access to the FBI information-sharing database, compromising data from more than 80,000 members who share details and updates through the platform related to critical infrastructure in the US Some of the data is related to security threats. A hacker stole data from the platform and posted it on a cybercriminal forum. The database cost $50,000 for the entire contents. The hacker pretended to be the CEO of a finance company in order to gain access to the company. The FBI said it was aware of a potential false account and was looking into it.

The Saudi Arabian government paid Ahmad Abouammo to send user data to them while he worked at the tech company. He was found guilty of a number of crimes. He was sentenced to over three years in prison. The man worked at the micro-messaging service from 2013 to 2015. According to the US attorney, foreign governments will bribe insiders to get the user information that is collected and stored by our Silicon Valley social media companies. The sentence sends a message to people who have access to user information that they could be in prison. According to Peiter Zatko, a former security chief at the company, foreign agents have beeninfiltrating the company. The situation has been of particular concern as the company is being restructured by Musk.

In an effort to compromise Ukrainian government networks, hackers have been posting malicious Windows 10 installers on torrent sites. The Ukrainian language pack was used to setup the installer. They deployed various types of malicious software for various purposes. The targets overlap with those that have been attacked in the past by the Russian military intelligence agency.

The US National Institute of Standards and Technology said on Thursday that it should be removed from all software platforms by the end of the year. It is recommended that developers use SHA-2 and SHA 3. The National Security Agency created the SHA in 1993 and it has been used ever since. Since 1995, SHA-1 has been used. It was clear by 2005 that SHA-1 was broken. Attacks on SHA-1 have become more severe according to NIST. There are eight years left for developers to migrate away. NIST computer scientist Chris Celi said that modules that still use SHA-1 will not be allowed by the federal government.