Sponsored Feature Securing the corporate network has never been a simple process, but years ago it was at least a bit more straightforward. Back then, the network perimeter was clear and well defined, and everything inside itΒ was considered trusted and safe. The security team defended against everything outside, established security protocols and deployed security tools, monitored the network gateways, and kept sensitive data as safe as possible.β¦
Norfolk and Suffolk police have stepped forward to admit that a βtechnical issueβ resulted in raw data pertaining to crime reports accidentally being included in Freedom of Information responses.β¦
The former chief executive of a company that was sold to Qualcomm for more than $150 million has pleaded guilty to one count of money laundering relating to a $1.5 million transaction involving proceeds from the deal.β¦
Authorities in the US state of Georgia have indicted a famous Floridian and his loyal associates on counts including theft of data, software, and personal information.β¦
EDR Evasion Technique that dynamically extracts syscall id from process memory called Hell's Gate. Not a new technique, but wanted to share my development and learning process on implementing a solution using this technique.
China's Global Times, a state-controlled media outlet, has teased an imminent exposΓ© of alleged US attacks on seismic data measurement stations.β¦
Two Nigerian men have been extradited to the US and were scheduled to appear in deferral court on Monday, charged with sextortion and causing the death of one of their victims: a teen who was found dead from a self-inflicted gunshot wound.β¦
The FBI has warned of a scam in which criminals lure people into installing what they think are pre-release beta-grade phone apps to try out β only for the software to be laced with malware.β¦
Ford has suggested owners of vehicles equipped with its SYNC 3 infotainment system disable the Wi-Fi lest someone nearby exploits a buffer-overflow vulnerability and hijacks the equipment.β¦
John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and Diligere[.]co.uk, a scam due diligence company that Equity-Invest insists all investment partners use.
A native of the United Kingdom, Mr. Davies absconded from justice before being convicted on multiple counts of fraud in 2015. Prior to his conviction, Davies served 16 months in jail before being cleared on suspicion of murdering his third wife on their honeymoon in India.
The scam artist John Bernard (left) in a recent Zoom call, and a photo of John Clifton Davies from 2015.
John Clifton Davies wasΒ convicted in 2015 of swindling businesses throughout the U.K. that were struggling financially and seeking to restructure their debt. For roughly six years, Davies ran a series of firms that pretended to offer insolvency services. Instead, he simply siphoned what little remaining money these companies had, spending the stolen funds on lavish cars, home furnishings, vacations and luxury watches.
In a three-part series published in 2020, KrebsOnSecurity exposed how Davies β wanted by authorities in the U.K. β had fled the country, taken on the surname Bernard, remarried, and moved to his new (and fourth) wifeβs hometown in Ukraine.
After eluding justice in the U.K., Davies reinvented himself as The Private Office of John Bernard, pretending to be a billionaire Swiss investor who made his fortunes in the dot-com boom 20 years ago and who was seeking private equity investment opportunities.
In case after case, Bernard would promise to invest millions in hi-tech startups, only to insist that companies pay tens of thousands of dollars worth of due diligence fees up front. However, the due diligence company he insisted on using β another Swiss firm called The Inside Knowledge β also was secretly owned by Bernard, who would invariably pull out of the deal after receiving the due diligence money.
Bernard found a constant stream of new marks by offering extraordinarily generous finders fees to investment brokers who could introduce him to companies seeking an infusion of cash. Inside Knowledge and The Private Office both closed up shop not long after being exposed here in 2020.
In April 2023, KrebsOnSecurity wrote about Codes2You, a recent Davies venture which purports to be a βfull cycle software development companyβ based in the U.K. The companyβs website no longer lists any of Daviesβ known associates, but the site does still reference software and cloud services tied to those associates β including MySolve, a βmulti-feature platform for insolvency practitioners.β
Earlier this month, KrebsOnSecurity heard from an investment broker who found out his client had paid more than $50,000 in due diligence fees related to a supposed multi-million dollar investment offer from a Swiss concern called Equity-Invest[.]ch.
The investment broker, who spoke on condition that neither he nor his client be named, said Equity-Invest began getting cold feet after his client plunked down the due diligence fees.
βThings started to go sideways when the investor purportedly booked a trip to the US to meet the team but canceled last minute because βhis pregnant wife got in a car accident,'β the broker explained. βAfter that, he was radio silent until the contract expired.β
The broker said he grew suspicious when he learned that the Equity-Invest domain name was less than six months old. The brokerβs suspicions were confirmed after he discovered the due diligence company that Equity-Invest insisted on using β Diligere[.]co.uk β included an email address on its homepage for another entity called Ardelis Solutions.
A corporate entity in the UK called Ardelis Solutions was key to showing the connection to Daviesβ former scam investment and due diligence firms in the Codes2You investigation published earlier this year.
Although Diligereβs website claims the due diligence firm has β13 years of experianceβ [sic], its domain name was only registered in April 2023. Whatβs more, virtually all of the vapid corporate-speak published on Diligereβs homepage is identical to text on the now-defunct InsideKnowledge[.]ch β the fake due diligence firm secretly owned for many years by The Private Office of John Bernard (John Clifton Davies).
A snippet of text from the now-defunct website of the fake Swiss investor John Bernard, in real life John Clifton Davies.
βOur steadfast conviction and energy for results is what makes us stand out,β both sites state. βWe care for our clientsβ and their businesses, we share their ambitions and align our goals to complement their objectives. Our clients know weβre in this together. We work in close partnership with our clients to deliver palpable results regardless of geography, complexity or controversy.β
The copy on Diligereβs homepage is identical to that once on Insideknowledge[.]com, a phony due diligence company run by John Clifton Davies.
I've been teaching my 13-year old son Ari how to code since I first got him started on Scratch many years ago, and gradually progressed through to the current day where he's getting into Python in Visual Studio Code. As I was writing the new domain search API for Have I Been Pwned (HIBP) over the course of this year, I was trying to explain to him how powerful APIs are:
Think of HIBP as one website that does pretty much one thing; you load it in your browser and search through data breaches which then display on the screen. But when you have an API, it's no longer just locked into your browser, it's in all sorts of other systems. Mobile apps, other websites, dashboards and if you really want, you can even integrate the lights in your room with HIBP! Why? How? Well, there's a Home Assistant integration for HIBP and being pwned in a new breach could raise an event there you can then use YAML to perform an action with, for example flashing a light red. That might be weird and unnecessary, but when you have an API, suddenly all these things you never thought of are possible.
It took Brett Adams less than a day after we released the new domain search API last Monday for him to reach out to me with one of those ideas. He wanted to build a Splunk app (Brett is a Splunk MVP so this was right up his alley) to surface breached data about an organisation's domains right into the place where so many security engineers spend their days. He just wanted 2 new APIs to make the user experience the best it could be:
That seems so ridiculously obvious, why didn't I think of that originally?! But hey, easy fix, so the next day Brett had his APIs. And today, you also have the APIs because they're now all publicly documented and ready for you to consume. You also have Brett's Splunk app and because he's published it to Splunkbase, you can go and pull it into your own Splunk instance, plug in your HIBP API key and it's job done!
I'll leave you with a bunch of screen caps from Brett's work, starting with a zoomed in grab of what I suspect folks will find the most valuable - the addresses on their domains and their appearances across breaches:
That's a fragment of the broader dashboard that also breaks down the incidents over time:
The starting point for this is simply plugging your API key into the interface:
I like these headline figures and I picture particularly large organisations that have gone through various acquisitions of different brands with various domains finding this really useful:
And speaking of breaches, there's a lot of them which Brett has visualised across the course of time:
So that's it, you can see all the APIs documented on the HIBP website and you can grab Brett's app right now from Splunkbase. You can also find all the code for this in Brett's GitHub repo should you wish to have a read through it.
The HIBP APIs are there for other people to build awesome things. If you're one of those people, please get in touch with me and show me what you've created, I can't wait to see more integrations like Brett's π
Cumbria Constabulary inadvertently published the names and salaries of all its officers and staff online earlier this year, making it the second UK force in a fortnight to admit disclosing personal information about its employees.β¦
Entities using the name and iconography of Anonymous (EUTNAIOA) claim to have conducted cyber protests against the Japanese government for actions related to the release of wastewater from the Fukushima Daini Nuclear Power Plant.β¦
Infosec in brief The July breach of Microsoft Exchange Online by suspected Chinese hackers is the next topic up for review by the Department of Homeland Security's Cyber Safety Review Board (CSRB).Β β¦
Google has started deploying a hybrid key encapsulation mechanism (KEM) to protect the sharing of symmetric encryption secrets during the establishment of secure TLS network connections.β¦
Sam Bankman-Fried (SBF), former chief executive of crypto-disaster FTX, who has been awaiting trial for his firm's failure while in home detention with his family, has been sent to jail for attempting to intimidate witnesses.β¦
Fifteen bugs in Codesys' industrial control systems software could be exploited to shut down power plants or steal information from critical infrastructure environments, experts have claimed.β¦
Interview In the past nine years, Oleg Anashkin, a software developer based in San Jose, California, has received more than 130 solicitations to monetize his Chrome browser extension, Hover Zoom+.β¦
The hacking of the UKβs Electoral Commission was potentially facilitated by the exploitation of a vulnerability in Microsoft Exchange, according to a security expert.β¦
Ecommerce stores using Adobe's open source Magento 2 software are being targeted by an ongoing exploitation campaign based on a critical vulnerability that was patched last year, on February 13, 2022.β¦