Sign in Subscribe

InfoSec News 13MAR2026

General

The website offered a paid IP proxy service, allowing its customers to hide their real IP addresses by giving them access to existing IP addresses around the world. Access to the affected IP addresses was made possible by infecting modems worldwide, belonging to individuals or organisations, with malware. After infection, the modems’ owners would not be aware that their IP addresses were being used for illegitimate activities. The service has compromised 369 000 routers and other devices across 163 countries and had a customer base of approximately 124 000 users.
According to court documents, SocksEscort infected home and small business internet routers with malware. The malware allowed SocksEscort to direct internet traffic through the infected routers. SocksEscort sold this access to its customers. Since the summer of 2020, SocksEscort has offered to sell access to about 369,000 different IP addresses. As of February 2026, the SocksEscort application listed approximately 8,000 infected routers to which its customers could buy access, of those, 2,500 were in the United States.
The Australian campaigns impersonate CBA and several journalists in a fabricated televised grilling.
...
Once users had been lured by the authentic looking ads with fake bank scandals, celebrity wills, national investment platforms and other topics with emotional hooks, they were redirected to scam destinations.
There, users were asked to register their name, phone, email address and other details, which is when the classic investment scam boiler room strategy kicked off.
...
Fake dashboards showing made-up early "profits" were used by the criminals, who pressured victims into increasing the deposits which then became difficult or impossible to withdraw once made.
In the Salesloft Drift breach, threat actors downloaded Salesforce data for 760 companies, including customer support tickets. These support cases were scanned for credentials, authentication tokens, and other secrets, which Mandiant reports were used to breach additional platforms.
ShinyHunters says that they discovered Google Cloud Platform credentials for Telus in the Drift data and used them to access numerous company systems, including a large BigQuery instance.
After downloading this data, the threat actors said they used the cybersecurity tool trufflehog to search within it for additional credentials that allowed them to pivot into other Telus systems and download further data.
In all, ShinyHunters claims to have stolen close to 1 petabyte of data belonging to the company and many of its customers, many of whom use Telus Digital as a BPO provider for customer support operations.
The latest round of sanctions targeted Amnokgang Technology Development Company — a North Korean company that manages delegations of IT workers — and Quangvietdnbg International Services Company — a Vietnamese firm used by North Korean actors for currency conversion services. The Treasury Department said Quangvietdnbg converted about $2.5 million for Amnokgang between 2023 and 2025.
...
Thursday’s sanctions also include the disruption of another North Korean network operating out of Boten, Laos. The operation was run by North Korean national Yun Song Guk, who worked with Vietnamese national Hoang Minh Quang to transfer IT worker funds through local bank accounts.

Geo-Politics

  • [AE] Some countries can be very protective of their image...dangerously so.
A 60-year-old British man has been charged under cyber-crime laws in Dubai after allegedly filming Iranian missiles over the city.
...
The tourist was detained under a law in the United Arab Emirates that prohibits publishing or sharing material that could disturb public security, according to Detained in Dubai, which provides legal assistance in the country.
...
The CEO of Detained in Dubai, Radha Stirling, said 21 people had been "charged together under the UAE's cybercrime laws in connection with videos and social media posts relating to the recent missile strikes".
She said police found a video of an Iranian missile strike in Dubai on the British man's phone.
...
"I've reviewed the charge sheet and, from reading it, you wouldn't know what they've done wrong," Stirling said.
...
Stirling said she believed the UAE was cracking down on people filming missiles in order to "maintain the facade that it is safe for tourists".
Criticism of the government is illegal in the UAE, and it exercises strict control over the flow information out of the country.
Iran has reportedly designated Amazon, Google, IBM, Microsoft, Nvidia, Oracle, and Palantir facilities as legitimate targets of retaliatory strikes, according to an Al Jazeera report citing Iran’s state-affiliated Tasnim news agency.
The Islamic Revolutionary Guard Corps (IRGC) has pinpointed 29 locations in Bahrain, Israel, Qatar, and the United Arab Emirates that house offices, datacenters, and research facilities that Iran has set its sights on destroying, according to Tasnim’s Telegram channel.
The targets, described as the “enemy’s technology infrastructure,” were presented in three slides on Telegram and included the name of the vendor, the nature of the facility, the location, as well as a brief description of their work.
Poland is looking into whether an attempted cyberattack on a nuclear research facility was carried out by Iran, the government said on Thursday.
The country’s digital minister Krzysztof Gawkowski said in an emailed statement that Poland had “identified an attempted cyberattack on the servers of the National Centre for Nuclear Research," which authorities had thwarted.
"The attack may not have been on a huge ​scale, but there was an attempt to break through the security that was stopped. Appropriate services are already working", Gawkowski said, adding that the centre ​was safe.
"The first identifications of the entry vectors, i.e. those places ​from which (the centre) was attacked, are related to Iran," he said. "When there is ‌final ⁠information and the services will check it, we will verify it, but there are many indications that it took place on the territory of Iran."
...
The centre conducts research into nuclear energy, subatomic physics and related fields. Poland has no nuclear ​weapons and is building its first nuclear power plant.
The U.S. Cybersecurity and Infrastructure Security Agency Acting Director Nick Andersen said in a statement that the agency is investigating the attack. “We are working shoulder-to-shoulder with our public and private sector partners as we continue to uncover relevant information and provide technical assistance for the targeted attack on Stryker,” Andersen said.

Privacy

  • [UK] The push towards more pervasive age-verification technology continues, with UK regulators demanding social media companies do more to prevent under 13's from accessing their platforms.
The open letter sets out our expectations that platforms with a minimum age must move beyond relying on children to self-declare their ages, which they can easily bypass.
Instead, platforms should make use of the viable technology that is now readily available to enforce their own minimum ages and prevent these children from accessing their services.
We have also written directly to platforms, starting with TikTok, Snapchat, Facebook, Instagram, YouTube and X to ask them to demonstrate how their age assurance measures meet these expectations. 
We have today written to the major sites and apps that children use the most – Facebook, Instagram, Roblox, Snapchat, TikTok and YouTube – requiring them to prove to parents a genuine commitment to protecting children online.
Since the UK’s online safety laws came into force last year, Ofcom has been investigating nearly a hundred services. We have taken enforcement action, secured changes to disrupt the sharing of child sexual abuse material, and seen high risk services either get in line or block access to the UK altogether. Millions of daily visits to porn sites now require highly effective age checks. Major platforms, including X, Telegram, Discord and Reddit, have also introduced age controls to prevent children accessing adult or harmful content.
The number of FBI searches of data collected through the surveillance program known as Section 702 of the Foreign Intelligence Surveillance Act (FISA) between December 2024 to November 2025 rose to 7,413 from 5,518 the previous year
...
Such FBI searches, referred to as “U.S. person queries,” have been a flashpoint in past congressional debates over the reauthorization of the powerful surveillance tool.
The statute allows the NSA to collect certain categories of foreign intelligence information from international phone calls and emails of terrorism suspects, hackers, foreign spies and other perceived security threats living overseas but also intercepts Americans’ data.
While the law is considered vital to national security by intelligence officials, a coalition of progressive and conservative lawmakers have argued against it because of how it enables some private information belonging to Americans to be collected and searched without a warrant.
The surveillance tool is set to expire on April 20. President Donald Trump has informed top congressional allies that he wants an 18-month “clean” extension of the law.
...
the newly-disclosed figures could reignite debate over such queries and the need for a warrant. That was the main topic during the last extension debate in 2024 after it was publicly disclosed the FBI used the foreign-spying tool to search for information about defendants in the January 6 attack on the U.S. Capitol, the 2020 George Floyd protests and even a member of the House Intelligence Committee.
The bill, the Government Surveillance Reform Act of 2026, repeals controversial expansions of the government's warrantless wiretapping authority while overhauling key aspects of federal surveillance law—setting up a showdown with the US intelligence community and its congressional allies weeks before a sweeping global spy program sunsets on April 20.
...
The bill's sponsors framed the Government Surveillance Reform Act as a necessary corrective to a surveillance state that has been supercharged by modern technology and bureaucratic mission creep. Wyden noted that the explosion of commercially available data and rapid advances in AI have “far outpaced the laws protecting Americans’ privacy.”
...
The FBI routinely scours this intercepted data to read the private messages of Americans without a warrant, a practice privacy advocates call a “backdoor search.”
In a floor speech earlier this week, Wyden warned that Congress is debating reauthorization without a complete picture of the government’s activities. “There’s another example of secret law related to Section 702, one that directly affects the privacy rights of Americans,” he said, noting that successive administrations have refused to declassify the matter. “When it is eventually declassified, the American people will be stunned that it took so long and that Congress has been debating this authority with insufficient information.”
...
The reforms also aim to address how federal agencies exploit parallel authorities and commercial markets, banning the federal government from bypassing Fourth Amendment warrant requirements through data brokers who traffick in Americans' personal information.
Since January, DHS leaders have reassigned two of the top officials responsible for ensuring that CBP technologies comply with federal privacy law, according to multiple sources with knowledge of the situation. These sources were granted anonymity because they fear government retribution.
....
A DHS spokesperson told WIRED on Monday, “Any allegation that DHS adopted a policy making Privacy Threshold Analyses exempt from the Freedom of Information Act is FALSE.”
Internal emails show otherwise.
On December 3, the DHS Privacy Office announced a "major change" that required all future PTAs to carry a disclaimer marking them exempt from public release. The disclaimer reads in full:
“This is a draft document that is pre-decisional, deliberative, and is designated For Official Use Only. It is subject to the deliberative process privilege and attorney client privilege. It is not to be released, shared, or distributed outside of authorized channels without prior consultation and approval from the Department of Homeland Security Privacy Office. Unauthorized disclosure may result in administrative, civil, or criminal penalties.”

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe