Nigeria Has Detained Binance Cryptocrime Investigator, Another Executive

Former US federal agent and crypto crime investigator Tigran Gambaryan, who now works for the cryptocurrency exchange Binance, and another Binance executive are being held against their wills by Nigerian officials.

Since February 26, Gambaryan, who now leads Binance's criminal investigations team, and Nadeem Anjarwalla, Binance's Kenya-based regional manager for Africa, have been stripped of their passports and held in confinement at a government property in the Nigerian capital of Abuja.

According to their families, neither has been informed of any criminal charges against them. Instead, the two men appear to have been swept up in Nigeria's broad actions to ban cryptocurrency exchanges amid a drastic devaluation of the country's national currency.

Gambaryan, a US citizen, and Anjarwalla, a dual citizen of the UK and Kenya, arrived in Abuja on February 25, their families say, following the Nigerian government’s invitation to address its ongoing dispute with Binance. They met with Nigerian officials the next day, intending to speak to the government about its order to the country’s telecoms to block access to Binance and other cryptocurrency exchanges, which regulators blamed for devaluing its official currency, the naira, and for enabling “illicit flows” of funds.

Shortly after Gambaryan and Anjarwalla’s first meeting with the Nigerian government, however, according to their families, they were taken to their hotels, told to pack their things, and moved into a “guesthouse” run by Nigeria’s National Security Agency. Officials seized their passports and have since held the two men at the house against their will for two weeks and counting.

“While it is inappropriate for us to comment on the substance of the claims at this time, we can say that we are working collaboratively with Nigerian authorities to bring Nadeem and Tigran back home safely to their families,” a Binance spokesperson said. “They are professionals with the highest integrity and we will provide them all the support we can. We trust there will be a swift resolution to this matter.”

Before taking the Binance position, Gambaryan had become well known in the law enforcement world for his record of pioneering high-impact cryptocurrency cases as an agent in the US Internal Revenue Service’s criminal investigations (IRS-CI) division.

From 2014 to 2017 alone, for instance, Gambaryan led the investigation into two corrupt federal agents who stole cryptocurrency from the Silk Road dark-web drug market and sold law enforcement intel to its creator, worked to track down 650,000 bitcoins stolen from the Mt. Gox exchange, helped develop a crypto tracing technique to find the server running the massive AlphaBay crime market, and had a hand in the takedown of the Welcome to Video crypto-based child sexual abuse materials network. (Andy Greenberg / Wired)

Related: Financial Times, Wall Street Journal, CoinDesk, Premium Times Nigeria, Quartz, Peoples Gazette Nigeria, DL News

Roman Sterlingov, the Russian-Swedish founder of a cryptocurrency mixing service known as Bitcoin Fog, was convicted in Washington federal court of helping to launder tens of millions of dollars from darknet markets known for selling illegal drugs.

A jury concluded that Sterlingov provided a service that jumbled digital tokens, making it more challenging to find the source of proceeds from illegal activities. Prosecutors said Bitcoin Fog processed more than $400 million in untraceable transactions, including $78 million involving known darknet markets.

The jury found Sterlingov guilty on four counts, which included conspiring to launder money, money laundering, and two charges related to running an unregistered money transmitting service. (Sabrina Willmer / Bloomberg)

Related: Justice Department, CoinDesk, CryptoSlate, Blockonomi, Cointelegraph, Unchained, MilkRoad, crypto.news, Crypto Daily

In a meeting called by the White House, Health and Human Services Secretary Xavier Becerra, White House domestic policy chief Neera Tanden, and other administration officials urged Andrew Witty, CEO of UnitedHealth, and other health industry leaders to make more emergency funding available to affected health-care providers following a devastating ransomware attack by the ALPHV or BlackCat ransomware group.

Becerra and Tanden pushed UnitedHealth and other insurers in attendance to account for the premiums they are collecting from patients but not paying to healthcare organizations as unpaid medical bills pile up.

Meanwhile, healthcare providers used the meeting to directly voice their payment concerns to Witty and other health insurers and warn about other unresolved problems, such as difficulties obtaining emergency funding from Medicaid plans. Sources said Witty also kicked off the meeting by laying out UnitedHealth’s response and seeking to reassure attendees about the company’s efforts.

The meeting also included representatives from the American Hospital Association, the National Alliance of State Pharmacy Associations, and the health insurance trade group AHIP, according to meeting notes released by the White House.

Government leaders and industry experts said they remain worried about the sensitive patient data stolen by the hackers and the possibility of other breaches. Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, encouraged attendees at the meeting to adopt the Biden administration’s voluntary cybersecurity goals. (Dan Diamond / Washington Post)

Related: HHS, Reuters, Modern Healthcare, PYMNTS, The Register, Teiss

In surprisingly thin Patch Tuesday updates, Microsoft patched at least 60 vulnerabilities in its Windows OS, while Apple’s new macOS Sonoma addressed at least 68 security weaknesses, and its latest update for iOS fixes two zero-day flaws.

Last week, Apple pushed out an urgent software update to its flagship iOS platform, warning that at least two zero-day exploits for vulnerabilities (CVE-2024-23225 and CVE-2024-23296) were being used in the wild. The security updates are available in iOS 17.4, iPadOS 17.4, and iOS 16.7.6.

Apple’s macOS Sonoma 14.4 Security Update addresses dozens of security issues. Jason Kitka, chief information security officer at Automox, said the vulnerabilities patched in this update often stem from memory safety issues, a concern that has led to a broader industry conversation about the adoption of memory-safe programming languages,

Mercifully, there do not appear to be any zero-day threats for Windows users this month (at least not yet). Satnam Narang, senior staff research engineer at Tenable, notes that of the 60 CVEs in this month’s Patch Tuesday release, only six are considered “more likely to be exploited,” according to Microsoft.

Those more likely to be exploited bugs are mostly “elevation of privilege vulnerabilities,” including CVE-2024-26182 (Windows Kernel), CVE-2024-26170 (Windows Composite Image File System (CimFS), CVE-2024-21437 (Windows Graphics Component), and CVE-2024-21433 (Windows Print Spooler).

Finally, Adobe issued security updates that fix dozens of security holes in a wide range of products, including Adobe Experience Manager, Adobe Premiere Pro, ColdFusion 2023 and 2021, Adobe Bridge, Lightroom, and Adobe Animate. Adobe said it is not aware of active exploitation against any of the flaws. (Brian Krebs / Krebs on Security)

Related: Security Week, Bleeping Computer, Security Week, Talos Intel, Qualys Blog, Zero Day Initiative, Decipher, Red Packet Security, The Register, Thurrott, Help Net Security, CRN, Infosecurity Magazine, Sophos, Tripwire, Computer Weekly, Petri IT, Cyber Express, Neowin, ISC SANS, Ask Woody, Tenable

According to sources, TikTok intends to exhaust all legal challenges before it considers divesting from Chinese parent company ByteDance if the latest, swiftly moving US legislation targeting the app becomes law.

A divestiture would also require approval by the Chinese government, which said last year that it would firmly oppose a forced sale. The sources said no plans are final and would depend on how the legislation progresses.

The bill was advanced by a key committee last week, and to move forward, the bill would need to clear a floor vote in the US House of Representatives on Wednesday — the furthest any federal TikTok legislation has gotten. (Alex Barinka and Zheping Huang / Bloomberg)

Related: Wall Street Journal, Time, EFF, NBC News, CNN, Washington Post, New York Times, NPR, Washington Examiner

Google announced that it paid out a total of $10 million through its bug bounty programs in 2023, bringing the total amount awarded by the tech giant for vulnerabilities found in its products since 2010 to $59 million.

The total paid out in 2023 is less than the $12 million handed out in 2022. Last year, 632 researchers from 68 countries earned the money. The highest single reward was $113,337.

A total of $3.4 million was awarded to researchers who found vulnerabilities in the Android operating system, where the maximum reward has been increased to $15,000.

Google highlighted two conferences: ESCAL8, where researchers earned a total of $70,000 for Wear OS and Android Automotive OS exploits, and Hardwear.io, where researchers earned $116,000 for 50 vulnerabilities in Nest, Fitbit, and other products.

The company also ran a live-hacking event focusing on generative AI, where participants earned more than $87,000 for 35 exploits. This includes researchers who recently reported earning $50,000 at the event for their Bard hacks.

In the case of Chrome, Google paid out roughly $2.1 million in bug bounties for 359 vulnerability reports in 2023. (Eduard Kovacs / Security Week)

Related: Google Security Blog, Android Central, Bleeping Computer, TweakTown, Android Police, 9to5Google

The town of Huntsville, in Ontario, Canada’s Muskoka region, announced that it is investigating a cybersecurity incident that occurred over the weekend, leading to the municipal office being closed.

The town said the investigation is being led by “cybersecurity specialists the Town has engaged,” and they currently have no evidence that any sensitive data, including personal information, has been compromised.

Just three months into 2024, Canada is facing a surge in cyber threats. From government agencies being forced offline to small businesses and municipalities facing disruptions, no sector remains untouched as cyber attacks rapidly evolve, outpacing the ability of institutions and the government to keep up.

Several weeks after a ransomware attack disrupted IT systems in Hamilton and disabled several online services on Feb. 25, the city is still dealing with the fallout. No timeline has been set for the city’s systems to be fully restored. (Sam Riches / The Expositor)

Related: Orillia Matters, CBC, CTV News

Stanford University warned that a ransomware gang accessed the personal information of more than 27,000 people on Stanford University servers during a cyberattack last year claimed by the Akira ransomware group.

The school began sending breach notification letters this week, ten months after the Akira ransomware gang first compromised the school’s systems.

Stanford University released a statement on Monday saying their investigation uncovered clues indicating the hackers had gained access to the Department of Public Safety’s network from May 12 until September 27, 2023.

The school said, “The incident does not involve any Stanford systems or networks beyond the one used by the Department of Public Safety,” noting that federal and local law enforcement investigations are ongoing.

“The personal information that may have been affected varies from person to person but could include date of birth, Social Security number, government ID, passport number, driver’s license number, and other information the Department of Public Safety may have collected in its operations.”

For an additional group of victims, the hackers may have accessed some biometric data, health/medical information, email addresses with passwords, usernames with passwords, security questions and answers, digital signatures, and credit card information with security codes.

Victims will be offered two years of free identity protection services. (Jonathan Grieg / The Record)

Related: Office of the Maine Attorney General, Security Week, Bleeping Computer, Cybernews

Victoria police in Canada released a report showing that Operation Guardian, an initiative to monitor and disrupt ransomware and other attacks, detected over 11,000 instances of cybercrime in the Medibank breach alone.

“Operation Guardian has so far linked over 11,000 cybercrime incidents to the Medibank data breach,” said Victoria Police,

It is unclear how many crimes were detected due to all the major breaches investigated under Operation Guardian and whether that 11,000 number only refers to Victorian numbers or is a nationwide statistic.

Victoria Police said that over 942,000 Victorians were affected in a breach of telecom provider Optus and Medibank breaches alone. (Daniel Croft / Cyber Daily)

Related: IT News

Convicted Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to nearly four years in jail after pleading guilty last month to eight counts of cyber extortion, mischief, and weapons charges.

A member of the LockBit ransomware group, Vasiliev tried to extort the three Canadian companies out of hundreds of thousands of dollars each between 2021 and 2022, paralyzing them while encrypting their computer systems and financial information.

Last month, the Justice Department announced that Vasiliev and four other alleged LockBit cybercriminals had been charged for their participation in the LockBit conspiracy.

Vasiliev consented to extradition to the US, where he faces more cybercrime charges, including conspiracy to damage protected computers intentionally and transmit ransom demands.

The court also ordered Vasiliev to fully pay back more than $860,000 in restitution to his Canadian victims. (CTV News)

Computer and electronics maker Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum.

A threat actor known as ph1ns published a link to download a stolen database containing Acer employee data for free on a hacking forum. The hacker said that no ransomware or encryption was involved and that it was a pure data theft attack.

They confirmed that they were not attempting to extort the company. However, they did provide evidence that they wiped data on the breached servers before they lost access.

Acer Philippines said, "While we are working with the vendor, cybersecurity experts, and law enforcement, we would like to emphasize that no customer data has been affected, and there is no evidence of any breach of Acer's systems." (Bill Toulas / Bleeping Computer)

Related: Inquirer.net, Manila Bulletin

According to the Office of the Director of National Intelligence’s (ODNI) 2024 Annual Assessment of the US Intelligence Community, accelerating competition between nation-states, regional conflicts with far-reaching impact, and non-state threat actors with unprecedented capabilities are three of the leading cyber threats the US intelligence community (IC) will face over the next few months.

The report examines threats, including cyber threats, posed by four nation-states: China, Russia, Iran, and North Korea.

China is described as the most active and persistent cyber threat to the US government, private sector, and critical infrastructure networks. The report shares evidence of Chinese operations discovered by the US private sector, such as the Volt Typhoon cyber espionage group’s KV Botnet.

This and other similar campaigns “probably were intended to pre-position cyber-attacks against infrastructure in Guam and to enable disrupting communications between the United States and Asia,” the ODNI wrote,

While Russia’s focus, both on the ground and in cyberspace, has been on its war in Ukraine, the ODNI said that the country remains a resilient and capable adversary across a wide range of domains.

The US IC assessed that Russia will continue to project and defend its interests globally and undermine the US and other Western states. (Kevin Poireault / Infosecurity Magazine)

Related: ODNI, Newsweek, Euractiv, CBS News, NextGov, Meritalk, ExecutiveGov

As part of its review of a devastating October 2023 ransomware attack, The British Library warned ransomware gangs there is no money to be made in attacking the British state.

“The library has not made any payment to the criminal actors responsible for the attack, nor engaged with them in any way,” it said. “Ransomware gangs contemplating future attacks such as this on publicly-funded institutions should be aware that the UK’s national policy, articulated by NCSC [National Cyber Security Centre], is unambiguously clear that no such payments should be made.”

The library is still not operating at total capacity, with research services remaining “incomplete” five months after they were first hit. The criminal gang responsible stole 600GB of data, the incident report reveals, and when it was clear that no payment would be proffered, dumped it on the dark web. However, the most damage was done before the attack was even completed: in order to make it harder to recover systems and track the attackers, they destroyed some servers outright.

“While we have secure copies of all our digital collections – both born-digital and digitised content, and the metadata that describes it – we have been hampered by the lack of viable infrastructure on which to restore it,” the library says. (Alex Hern / The Guardian)

Related: The British Library, Infosecurity Magazine, The Register

A US Government Accountability Office report said the Cybersecurity and Infrastructure Security Agency (CISA) has an understaffed and often ill-equipped workforce to deal with risks to the nation’s critical operational technology systems.

The crucial role that OT systems play in critical infrastructure makes them especially vulnerable to cyberattacks, but owners and operators told the GAO that they face challenges in working with CISA to combat those threats, citing a lack of agency staffers that have the “necessary skills.”

In producing the report, the GAO spoke with officials from CISA and 13 nonfederal entities about their various OT-related challenges. Those entities included councils that represented OT-prevalent sectors and subsectors with infrastructures especially vulnerable to cyber threat risks, OT vendors that participated in a CISA collaboration group, and cybersecurity researchers that assisted in developing CISA’s OT advisories.

While 12 of the 13 detailed positive experiences with CISA’s OT products and services, seven also highlighted negative experiences, including one that cited a year-plus gap between the first report of a vulnerability and CISA's public disclosure.

CISA officials and one nonfederal entity agreed that the agency has “insufficient” staff with compulsory OT skills; just four federal employees and five contractors at CISA work on threat hunting and incident response services. CISA officials said that there is “not enough staff to respond to significant attacks impacting OT systems in multiple locations at the same time.”

Staffing shortcomings also appeared to manifest in the agency’s information-sharing capabilities with other government agencies. Three agencies, CESER, FRA, and USCG, said CISA has been “ineffectively sharing information with critical infrastructure owners and operators,” while PHMSA said CISA is falling short on a process to inform those stakeholders about cyber threats, the report said. (Jonathan Greig / The Record)

Related: GAO, Dark Reading, Meritalk, Security Week, BankInfoSecurity

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight.

Tor bridges are relays not listed in the public Tor directory that keep the users' connections to the network hidden from oppressive regimes. While some countries, like China and Iran, have found ways to detect and block such connections, Tor also provides obfsproxy bridges, which add an extra layer of obfuscation to fight censorship efforts.

WebTunnel, the censorship-resistant pluggable transport inspired by the HTTPT probe-resistant proxy, takes a different approach. It makes it harder to block Tor connections by ensuring that the traffic blends in with HTTPS-encrypted web traffic. (Sergiu Gatlan / Bleeping Computer)

Related: Tor, Restore Privacy

Cybersecurity company Nozomi Networks announced it had raised $100 million in a Series E venture funding round.

This round includes investments from Mitsubishi Electric, a global leader in digital manufacturing, electronics, and electrical equipment, and Schneider Electric, a global leader in digital automation and energy management. (James Rundle / Wall Street Journal)

Related: Nozomi Networks

Technology giant Broadcom announced the merger of the Carbon Black and Symantec businesses into a new unit that combines network and data telemetry with Endpoint Detection and Response (EDR) technologies.

Fresh off its $69 billion acquisition of VMware (which owned Carbon Black), Broadcom created a new Enterprise Security Group business unit to manage its cybersecurity portfolio and work on fusing the best of Symantec’s data and network protection tools with Carbon Black’s EDR and application control products. (Security Week)

Related: BankInfoSecurity

Best Thing of the Day: At Least They Could Target Higher Paid Professions

Super-influential tech journalist Kara Swisher and other leading authors are fighting back against AI-generated scam books on Amazon that deprive writers of income and harm their reputations.

Worst Thing of the Day: Again, At Least They Could Target Higher Paid Professions

Employees who work for the City of Hamilton aren't getting overtime pay amid the two-week-long ransomware attack by the Cloak gang that has disrupted access to central services.

Closing Thought