The US Federal Bureau of Investigation (FBI) says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. This was revealed in a joint TLP:WHITE flash alert published on Monday in coordination with the Cybersecurity and Infrastructure Security Agency. The flash alert focuses on providing indicators of compromise (IOCs) organizations can use to detect and block Ragnar Locker ransomware attacks. READ MORE...
Samsung this week confirmed reports that it suffered a cyberattack that exposed some source code related to its Galaxy mobile devices. "According to our initial analysis, the breach involves some source code relating to the operation of Galaxy devices, but does not include the personal information of our consumers or employees," Samsung said in a statement, according to a report in TechCrunch. READ MORE...
Google says Russian, Belarusian, and Chinese threat actors targeted Ukrainian and European government and military organizations, as well as individuals, in sweeping phishing campaigns and DDoS attacks. The company's Threat Analysis Group (TAG), a dedicated team of security experts that works to defend Google users from state-sponsored attacks, has alerted hundreds of Ukrainians they've been targeted. READ MORE...
A Twitter account known as ContiLeaks debuted to much fanfare in late February, with people around the globe watching as tens of thousands of leaked chats between members of the Russia-based ransomware gang Conti hit the web. In the days after the leaks, many celebrated what they thought would be a devastating blow to Conti, which a Ukrainian security researcher had apparently punished by leaking the internal chats because the gang threatened to "strike back" at any entities that organized "any war activities against Russia." READ MORE...
Three stories here last week pored over several years' worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. The candid messages revealed how Conti evaded law enforcement and intelligence agencies, what it was like on a typical day at the Conti office, and how Conti secured the digital weaponry used in their attacks. This final post on the Conti conversations explores different schemes that Conti pursued to invest in and steal cryptocurrencies. READ MORE...
Linux has yet another high-severity vulnerability that makes it easy for untrusted users to execute code capable of carrying out a host of malicious actions including installing backdoors, creating unauthorized user accounts, and modifying scripts or binaries used by privileged services or apps. Dirty Pipe, as the vulnerability has been named, is among the most serious Linux threats to be disclosed since 2016. READ MORE...
Three vulnerabilities in ubiquitous APC Smart-UPS (uninterruptible power supply) devices could allow remote attackers to use them as an attack vector, disable or completely destroy them, Armis researchers have discovered. The vulnerable devices, developed by Schneider Electric subsidiary APC, are used all around the globe to provide emergency backup power for critical physical infrastructure (industrial facilities, hospitals, energy suppliers, data centers, etc.) READ MORE...
Microsoft has acknowledged the existence of a flaw in its Azure cloud computing service that allowed users full access to other users' accounts. The flaw was dubbed "AutoWarp" by Orca Security, which discovered and reported it. The vulnerability only impacted users of the Azure Automation Service. That service allows Azure users to use PowerShell or Python to write runbooks that automate many actions within Azure. READ MORE...