Sign in Subscribe

InfoSec News 31MAR2026

General

On affected devices, customers are seeing errors saying that "Some update files are missing or have problems. We'll try to download the update again later. Error code: (0x80073712)."
Microsoft has now stopped the KB5079391 rollout but hasn't shared a timeline for when a fix will be available. However, this will most likely happen before the next month's Patch Tuesday cumulative updates are released on April 14 to allow customers to test the new features and fixes before they roll out to all users.
Device lifecycle duration varies by OS platform – Macs often last for more than five years while Windows PCs last for three.
Apple silicon demonstrates a thermal advantage – Apple M-Series silicon shows an average thermal output of 40.1°C compared to 65.2°C for Intel chips.
...
Patching velocity is inconsistent across OS platforms – The data reveals that iOS and macOS are updated faster than their Android and Windows counterparts.
...
Forced shutdowns are more common on Windows devices – The telemetry reveals that Windows devices exhibit 3.1x more total forced shutdowns than macOS devices.
Macs demonstrate superior app performance – Our research shows that Windows devices experience more app crashes and app hangs (unresponsive software states) than Macs.
Almost four years after launching a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was hacked with these additional security protections switched on.
“We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.
...
Donncha Ó Cearbhaill, the head of the security lab at Amnesty International, where he has investigated dozens of spyware attacks, said that he and his colleagues “have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack.”
...
In at least one documented case of a spyware attack targeting iPhones, security researchers at Google said the spyware would bail out of trying to infect the victim if it detects Lockdown Mode, likely as a way to evade detection.
APRA said the test identified unnamed vulnerabilities, and the legacy system was taken offline the following day on Friday March 20.
Known as Direct To APRA (D2A), the system was scheduled for a replacement by end of 2027
...
D2A was nearing its end-of-life in 2018, with APRA discussing a migration from the Java-based Oracle application
...
Following the security alert, APRA also advised organisations to immediately uninstall the D2A client.
"The presence of the D2A program could pose a residual risk," APRA said.
Regnier said the Commission’s defense systems “immediately detected the malicious activities” and contained the incident, adding that “risk mitigation measures were implemented by our services to protect our services and data without disrupting the availability of our European websites.”
He stressed that the affected domains were limited to Europa.eu public websites and that the Commission’s “internal infrastructure has absolutely not been affected.”
“We’re talking about data that is potentially already in the public domain,” Regnier said.
A Russian military court sentenced 26 members of the cybercrime group Flint24 to prison terms of up to 15 years, including the network’s alleged leader Alexei Stroganov — a notorious hacker also wanted by U.S. authorities for large-scale payment card fraud.
...
Investigators said the group operated a website that sold so-called “dumps” — data used to encode information onto the magnetic stripes of payment cards. During an undercover purchase conducted by Russia’s Federal Security Service (FSB), investigators obtained stolen card details along with CVV and CVC codes, enabling fraudulent online payments.

Geo-Politics

  • [CN] Longer-form article on the links between scam compounds in asia, and the chinese government.
She argued that Beijing has quietly supported several leading scam compound leaders, commingled government funds with scam proceeds and used concern about the scam centers to deepen its law enforcement influence within Cambodia, Laos, Myanmar and Thailand.
...
Price specifically cited Yatai New City — a development project in Myanmar’s Shwe Kokko that was heavily embraced and touted by Chinese government officials. Multiple state-owned companies in China signed contracts to build it, and within a few years it became “the largest hub for Chinese online scam syndicates in Southeast Asia,” Price said.
...
Chinese scam syndicates “have been incentivized to shift targeting Americans,” she said.
“To illustrate this point, in 2024, losses from online scams in China declined by about 30% while losses in the United States increased by roughly 40%. Americans are now among the top targets of China-linked scam centers,” Price explained.
...
She noted some estimates that the operations in Myanmar, Cambodia and Laos generated about $44 billion, which amounts to 40% of those countries’ combined GDP.
Although it was previously reported that some samples support the Stream Control Transmission Protocol (SCTP), there is a tendency to read over it and not put it into the right context of what the consequences are. SCTP is not typical enterprise traffic; it underpins Public Switch Telephone Network (PSTN) signaling and real-time communication between core 4G and 5G network elements. By configuring BPF filters to inspect SCTP traffic directly, operators are no longer just maintaining server access, they are embedding themselves into the signaling plane of the telecom network. This is a fundamentally different level of positioning. Instead of sitting at the IT perimeter, the implant resides adjacent to the mechanisms that route calls, authenticate devices, and manage subscriber mobility.

Access to SCTP traffic opens powerful intelligence collection opportunities. In legacy and transitional environments, improperly secured signaling can expose SMS message contents, IMSI identifiers, and source/destination metadata. By observing or manipulating traffic over SCTP commands such as ProvideSubscriberLocation or UpdateLocation, an adversary can track a device’s real-world movement. In 5G environments, traffic over SCTP carries registration requests and Subscription Concealed Identifiers (SUCI), allowing identity probing at scale. At this point, the compromise is no longer about server persistence; it becomes population-level visibility into subscriber behavior and location. Translated, you could track individuals of interest.
...
During the code investigations, we discovered that some BPFdoor samples are using code to mimic the bare-metal infrastructure, particularly enterprise-grade hardware platforms commonly deployed in telecom environments. By masquerading as legitimate system services that run only on bare metal, the implant blends into operational noise. This is especially relevant in environments leveraging HPE ProLiant and similar high-performance compute systems used for 5G core and edge deployments.
The changes follow the publication of the Rycroft Review on foreign financial interference earlier this week and a cross-party parliamentary report on foreign information manipulation and interference (FIMI) released Friday.
The parliamentary report warns that hostile actors are conducting sustained and increasingly sophisticated campaigns to interfere in democratic processes, exploiting divisive issues to amplify tensions and influence public debate. It describes such activity as part of a wider pattern of “hybrid threats” targeting democratic systems.
...
The reports also raise concerns about wealthy individuals with significant global reach. “Lone individuals and social media platforms should not be discounted as significant sources of FIMI,” the committee said, citing Professor Vera Tolz-Zilitinkevic of the University of Manchester, who argued that Elon Musk’s influence in the U.K. may exceed that of Russia.
...
the government plans to impose a temporary ban on cryptocurrency donations and cap contributions from overseas voters at £100,000 annually. Ministers argue this will limit disproportionate financial influence from individuals with limited day-to-day ties to the U.K., while still allowing legitimate participation.
However the temporary ban would not necessarily address the most controversial cases. The Observer recently reported that Reform UK obscured the origin of donations initially made in cryptocurrency by converting them through a permissible donor into regular currency. The party said it complied with all legal requirements.
Mueller concludes that by using only the criteria of “foreignness,” the ban “actually worsens the security situation.”
...
“While the risks of state-sponsored infrastructure attacks are real, the remedy chosen – a geographic ban on new hardware – prioritizes geopolitical decoupling over the immediate technical hardening of the American digital home,” Mueller concludes. “Once again – as with the semiconductor export controls and the TikTok ban – we see the bootleggers seeking protection from competition hiding behind the religious banner of national security.”
To apply for a Conditional Approval to import new consumer routers into the country, companies will have to provide certain information. This includes details about corporate structure including foreign government ownership, where the router is made and components are sourced from, and, here is the kicker, "a detailed, time-bound plan to establish or expand manufacturing in the United States."
Entirely missing is any need to provide a detailed, time-bound plan to make devices more secure.
The Wall Street Journal broke the story that the TikTok investors paid around $2.5 billion to the U.S. government when the deal closed and will pay billions more over time, for a total of $10 billion
...
When Trump originally announced the deal last fall, he alluded to a possible payment, saying that the government “is getting a tremendous fee-plus . . . just for making the deal.” But Congress did not create national security-related statutes to authorize the executive to trade transaction approvals for cash. It adopted those statutes to advance U.S. national security
...
The administration has also demanded that, in exchange for export licenses, Nvidia and Advanced Micro Devices (AMD) give the government a cut of their profits from sales of advanced semiconductors to China. .... the Department of Commerce did not issue export licenses until Nvidia and AMD agreed to “pay the United States 15 percent of the money they take in from selling artificial intelligence chips to China.” After China discouraged purchase of the chips, the Trump administration upped the ante in December, allowing Nvidia to sell the H200, its “second-most-powerful chip,” to China. But the export permission came with a payment demand: “25 percent of all the revenues from the sales would go to the United States.”

Privacy

  • [IT] An Italian regulator has fined a financial institution €31.8m, over a lack of effective controls to prevent unauthorised access to customer data.
“These unauthorized accesses were not detected by internal control systems, highlighting significant weaknesses in the monitoring and prevention mechanisms,” the regulator said in a press release. “The operating model used, which allowed operators to query the entire customer base in a fully circular manner, was not adequately balanced by controls designed to prevent and identify unauthorized access.”
Notably, the customers whose accounts were accessed were considered “high-risk” and included well-known public figures, whom the regulator said Intesa Sanpaolo should have subjected to strengthened controls.
...
The fine was determined based on the severity and duration of the misdeeds, the number of customers impacted and how the banking giant fixed the problem after it was discovered, the press release said.
The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.

AI

  • Nice little write-up from the UK National Cyber Security Centre (NCSC), on the current capabilities of frontier models in offensive cyber security use-cases. It also briefly touches upon how defenders can utilise AI, and hopefully stay ahead.
In its recent research into measuring AI agents' progress on multi-step cyber attack scenarios, AISI evaluated the cyber capabilities of 7 frontier AI models, released before March 2026. Importantly, the capabilities are inherently dual-use, meaning the skills that could be used by attackers – such as identifying vulnerabilities and developing exploits – can also be used by defenders for security testing and hardening.
...
As of yet, no AI system has completed the full scenario end-to-end.
On the more complex industrial control system attack scenario, AI performance was significantly more limited. But even here there were early signs of progress: the most recent models were the first to make any consistent headway, and in some cases found attack approaches the scenario designers hadn't anticipated.
In just 18 months, the best AI models went from barely making any progress on a realistic simulated enterprise attack to completing over half of it, and the cost of a full attempt is now around £65.
The most effective actions are not novel or experimental. Since AI will more quickly enable rapid scaling of attacks against ‘soft' rather than ‘hard’ targets, strong baseline security is vital.
...
AI won’t compensate for weak security foundations, but it will amplify both strengths and weaknesses. Organisations that invest now in strong security baselines and carefully deployed AI-enhanced defence will be best placed to retain defender advantage as AI increasingly shapes the cyber risk environment.
An Anthropic spokesperson said the new model represents “a step change” in AI performance and is “the most capable we’ve built to date.” The company said the model is currently being trialed by “early access customers.”
Descriptions of the model were inadvertently stored in a publicly accessible data cache and were reviewed by Fortune.
A draft blog post that was available in an unsecured and publicly searchable data store prior to Thursday evening said the new model is called Claude Mythos and that the company believes it poses unprecedented cybersecurity risks.

Subscribe to Deuxieme RE Banque News

Sign up now to get access to the library of members-only issues.
Jamie Larson
Subscribe