Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine, on behalf of the Russian government. The men have been named by the US Department of Justice as Ruslan Aleksandrovich Peretyatko and Andrey Stanislavovich Korinets. The men, alongside other conspirators who as yet have not been charged, are alleged to have launched sophisticated spear-phishing campaigns to hack into victims' computers and email accounts. READ MORE...
After multiple exposures and disruptions, a Kremlin-sponsored advanced persistent threat (APT) actor has once again upgraded its evasion techniques. However, that move was also exposed this week, by Microsoft. "Star Blizzard" (aka Seaborgium, BlueCharlie, Callisto Group, and Coldriver) has been carrying out email credential theft in service of cyberespionage and cyber influence campaigns since at least 2017. READ MORE...
Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps. Researchers from Palo Alto Networks' Unit 42 have observed them exploiting the CVE-2023-23397 vulnerability over roughly 20 months in three campaigns against at least 30 organizations across 14 nations deemed of probable strategic intelligence significance to Russia's military and government. READ MORE...
The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious activity. Many in the retail industry have placed our systems in 'lockdown' since before Thanksgiving to ensure we don't interrupt ongoing sales. They won't be able to update them until after the holidays, but that doesn't mean they can't respond to threats. READ MORE...
A cybercriminal group calling itself BlackSuit has claimed responsibility for a series of ransomware attacks, including breaches at schools in central Georgia. And earlier in the year, a zoo in Tampa Bay was targeted by the same hacking gang. Meanwhile, liberal arts college DePauw University in Indiana says that it was recently targeted, and a "limited amount of data on specific individuals was accessed." 214GB of stolen data has since been made available for download on BlackSuit's extortion site on the dark web. READ MORE...
On Aug. 17, Russian news outlet RIA Novosti published a story carrying an urgent message from the American actor John McGinley to Ukrainian President Volodymyr Zelensky. McGinley's video message, it turns out, was part of an apparent Russian influence operation documented in a Microsoft report released Thursday. It was one of roughly a half dozen such videos in which Western celebrities sent personal messages to "Vladimir" via Cameo, a website where users can pay for personalized messages from celebrities. READ MORE...
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems. 5Ghoul was discovered by university researchers from Singapore and consists of 14 vulnerabilities in mobile communication systems, 10 of which have been publicly disclosed and four withheld for security reasons. READ MORE...
Progress Software disclosed two new high-severity vulnerabilities in the beleaguered MOVEit file-transfer service last week. A privilege escalation path vulnerability, CVE-2023-6218, and a cross-site scripting vulnerability, CVE-2023-6217, were disclosed and patched Nov. 29. The additional set of vulnerabilities brings the total number of CVEs in MOVEit to eight since a zero-day vulnerability, CVE-2023-34362, was widely exploited in late May. READ MORE...
An authentication bypass flaw in the Bluetooth protocol allows attackers to connect to vulnerable devices and inject keystrokes. The issue, tracked as CVE-2023-45866, enables attackers within Bluetooth range to connect to discoverable hosts without user confirmation, warns software engineer Marc Newlin, who found the bug. The attack can be mounted using a Linux machine and a normal Bluetooth adapter. READ MORE...