A series of Ukrainian government websites were inaccessible Wednesday after what a government official described as a "mass DDoS attack," marking the second apparent distributed denial-of-service disruption to hit government sites there in the last eight days. The websites for the country's Ministry of Foreign Affairs, Ministry of Defense, Ministry of Internal Affairs, the Security Service of Ukraine and the Cabinet of Ministers suffered network disruptions. READ MORE...
On the morning of February 22, 2022, the world woke to the news that Russia had moved troops into two separatist regions of eastern Ukraine. At the time of writing, it is not yet a full invasion of Ukraine, but Russia did conduct attacks on February 24, hitting cities with airstrikes and artillery in what was called a "special military operation" by Russian President Vladamir Putin. Just before this maneuver, SecurityWeek spoke to Marcus Willett to get insight into the role of cyber in aggressive geopolitics. READ MORE...
An ongoing large-scale phishing campaign is targeting customers of Citibank, requesting recipients to disclose sensitive personal details to lift alleged account holds. The campaign uses emails that feature CitiBank logos, sender addresses that look genuine at first glance, and content that is free of typos. The CitiBank customers targeted in these attacks are informed that their account has been put on hold due to a suspicious transaction or a login attempt from someone else. READ MORE...
Ubuntu has issued a batch of updates that cover the default as well as the AWS and KVM flavours for the current short-term release 21.10, both the original 5.04 and OEM 5.14 builds for the current 20.04 LTS release, as well as 18.04, and, surprisingly, even 16.04 and 14.04. While kernel releases trickle out all the time, the last two members of that list - 2016's Xenial Xerus and 2014's Trusty Tahr - emphasise that even very old releases in Extended Security Maintenance or ESM sometimes need a bit of TLC. READ MORE...
Hackers for one of Russia's most elite and brazen spy agencies have infected home and small-office network devices around the world with a previously unseen malware that turns the devices into attack platforms that can steal confidential data and target other networks. Cyclops Blink, as the advanced malware has been dubbed, has infected about 1 percent of network firewall devices made by network device manufacturer WatchGuard, the company said on Wednesday. READ MORE...
That's the sound of the first shoe dropping - or the first bit of destructive malware, anyway: Researchers at ESET today reported their discovery of new data-wiping malware on hundreds of systems in Ukraine that in at least one case infiltrated the victim's Microsoft Active Directory server. The reports came as the US government has continued its crescendo of warnings to US organizations to prepare for major cyberattacks out of Russia amid its potential invasion of Ukraine. READ MORE...
Sophos released a research that details code similarities in the general purpose Dridex botnet and the little-known ransomware, Entropy. The similarities are in the software packer used to conceal the ransomware code, in the malware subroutines designed to find and obfuscate commands (API calls), and in the subroutines used to decrypt encrypted text. Sophos uncovered the similarities while investigating two incidents where attackers used Dridex to deliver Entropy ransomware. READ MORE...
New York Governor Kathy Hochul announced on Tuesday a Joint Security Operations Center to centralize threat data and enhance coordination on threat intelligence and incident response around the state. The cyber command center, based in New York City, will assist municipalities and local government entities in defending against cyber threats such as ransomware and potential nation-state activity, Hochul said at the event unveiling the center. READ MORE...
A report released today dives deep into technical aspects of a Linux backdoor now tracked as Bvp47 that is linked to the Equation Group, the advanced persistent threat actor tied to the U.S. National Security Agency. Bvp47 survived until today almost undetected, despite being submitted to the Virus Total antivirus database for the first time close to a decade ago, in late 2013. READ MORE...