Operation Endgame takes down 2000 malware domains and 100 servers. NIST NVD backlog to be cleared by end of September. Destroying 600,000 routers in 72 hours.  31st May 2024

Operation Endgame: Police seize over 100 malware loader servers, arrest four cybercriminals

An international operation codenamed 'Operation Endgame' has seized over 100 servers and 2000 domains, used by multiple major malware loader operations like IcedID, Pikabot, Trickbot and others. They arrested four people and identified eight more, whom are now added to Europol's 'Most Wanted' list.

NIST expects to clear backlog in vulnerabilities database by end of fiscal year

If you remember, the NIST NVD database is where most of the information on CVE's come from. NIST has been struggling to keep up, with new analysis work seemingly coming to a stop.

They're now hiring an external company to help them clear the backlog. The article says that it's not known which company, but it was shared in a later article that the company in question is Analygence, a cybersecurity contractor out of Maryland with a history of providing security services to the US government.

They aim to have the backlog cleared by end of fiscal year 2024, which is September 30th. That sounds very ambitious to me, I doubt it'll be easy work. Best of luck to them for sure.

Mystery malware destroys 600,000 routers from a single ISP during 72-hour span

Interesting read on a destructive attack that occurred last year that bricked no less than 600,000 routers, all of a single ISP, without any known motive. It always gets a bit scary when software hacks brick hardware.

Chinese national arrested for operating proxy service linked to billions in cybercrime

He installed malware on millions of devices, causing them to operate as a 'residential proxy service' with over 19 million IP adresses. He provided access to this service, dubbed "CloudRouter", to any number of criminal enterprises, netting him around $99 million in four years. He was arrested in Singapore, with work being done to extradite him to the US where he faces a maximum sentence of 65 years in prison.

UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says

“Due to his apparent lack of prior experience in cybersecurity, it would be unfair to scapegoat Mr. Martin for UHG’s cybersecurity lapses. Instead, UHG’s CEO and the company’s board of directors should be held responsible for elevating someone without the necessary experience to such an important role in the company, as well as for the company’s failure to adopt basic cyber defenses,” the senator wrote. That's ... refreshing.

How the DOJ is using a Civil War-era law to enforce corporate cybersecurity

They are using a law that was used to punish third parties that sold them sick horses, spoiled foods and other misrepresented goods during the Civil War, to now get them to be transparent about the level of cybersecurity in their products. There are many cases running, with several settlements already taking place. Sounds like a great way to steer the ship towards better cybersecurity, kudos for the legislative creativity.

Wargames director Jackie Schneider on why cyber is one of 'the most interesting scholarly puzzles'

Interesting interview on how cyber warfare compares to traditional warfare in wargames and tabletop excercises, and possibly in the real world.

1Password for developers: secrets, SSH keys, and more

I think most developers don't realise how valuable 1Password can be. It doesn't just hold passwords, it also hold your SSH keys, signs your Git commits, injects token and other secrets in CLI scripts when you want, and much more. (Sponsored)