The Computer Emergency Response Team of Ukraine (CERT-UA) warned today of a spearphishing campaign targeting private email accounts belonging to Ukrainian armed forces personnel. Accounts compromised in these attacks are then used to send additional phishing messages to contacts in the victims' address books. The phishing emails are being sent from two domains, the former trying to impersonate the i.ua free Internet portal providing email services to Ukrainians since 2008. READ MORE...
U.S. and U.K. government agencies called out Iranian government-affiliated hackers Thursday, accusing them of being behind cyber-espionage targeting the defense, local government, oil and natural gas and telecommunications sectors across the globe. The joint alert points a finger at MuddyWater, which the U.S. government for the first time last month attributed directly to Tehran. In the latest warning, the government agencies said that they have observed MuddyWater on the move since 2018. READ MORE...
More than a year after technology companies, financial firms, and law enforcement attempted to take down the Trickbot botnet, the group behind the malware seems to be retiring the cybercriminal platform in favor of other, more modern, attack tools, according to new analysis. According to a new report published this week by threat intelligence firm Intel 471, following the late-2020 disruption, Trickbot campaigns occasionally cropped up throughout 2021. READ MORE...
A backdoor malware that can take over social-media accounts - including Facebook, Google and Soundcloud - has infiltrated Microsoft's official store by cloning popular games such as Temple Run or Subway Surfer. The backdoor, dubbed Electron Bot, gives attackers complete control over compromised machines. Among the multiple evil deeds it can execute remotely, it enables its operators to register new accounts, log in, and comment on and like other social media posts - all in real time. READ MORE...
Microsoft says Windows customers might find that some of their files are not deleted after resetting their Windows devices with the "Remove everything" option. This is caused by a newly acknowledged known issue impacting the company's OneDrive file hosting service. "When attempting to reset a Windows device with apps which have folders with reparse data, [files] might not be deleted when selecting the 'Remove everything' option," Microsoft explains on the Windows health dashboard. READ MORE...
Tension is mounting over the potential for Russia's cyberattacks in Ukraine to spread to organizations in the US and other countries that have imposed economic and other sanctions on Russia over its invasion of Ukraine this week. The fears are being fueled both by recent precedent and by the nature of the malicious activity directed at organizations in Ukraine over the past several weeks and months by cyber threat actors believed to be affiliated with the Russian government. READ MORE...
GE Digital has released patches and mitigations for two high-severity vulnerabilities affecting its Proficy CIMPLICITY HMI/SCADA software, which is used by plants around the world to monitor and control operations. The flaws were found by industrial cybersecurity firm OTORIO, which this week published a brief blog post describing the issues. GE and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have released separate advisories for each of the vulnerabilities. READ MORE...
A sophisticated phishing campaign directed at a "major, publicly traded integrated payments solution company located in North America" made use of DocuSign and a compromised third party's email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous emails around the company, with the goal of stealing Microsoft login credentials, researchers at Armorblox revealed. READ MORE...