Cyberattacks against Ukraine have been used strategically to support ground campaigns, with five state-sponsored advanced persistent threat (APT) groups behind attacks that began in February. According to research published by Microsoft on Wednesday, the APTs involved in the campaigns are state-sponsored by Russia. Separate reports published this week also shed new light on the wave of cyberattacks against Ukrainian digital assets by APTs with ties to Russia. READ MORE...
The State Department announced Tuesday that it is offering a reward of up to $10 million for information leading to six Russian intelligence hackers responsible for the infamous 2017 NotPetya malware. That malware knocked out Chernobyl's radiation monitoring system and did more than $1 billion in damage to a number of U.S. organizations, according to a federal indictment. READ MORE...
GitHub revealed details tied to last week's incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. "We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats," said Mike Hanley, chief security officer, GitHub. READ MORE...
Cisco this week announced the release of its April 2022 bundle of security advisories for Cisco Adaptive Security Appliance (ASA), Firepower Threat Defense (FTD), and Firepower Management Center (FMC). The semiannual bundled advisories describe a total of 19 vulnerabilities in Cisco's security products, including 11 that were assessed with a severity rating of "high." READ MORE...
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. The emergence of Bumblebee in phishing campaigns in March coincides with a drop in using BazarLoader for delivering file-encrypting malware, researchers say. BazarLoader is the work of the TrickBot botnet developers, who provided access to victim networks for ransomware attacks. READ MORE...
Russia's relentless digital assaults on Ukraine may have caused less damage than many anticipated. But most of its hacking is focused on a different goal that gets less attention but has chilling potential consequences: data collection. Ukrainian agencies breached on the eve of the Feb. 24 invasion include the Ministry of Internal Affairs, which oversees the police, national guard and border patrol. READ MORE...
Threat analysts have uncovered yet a new campaign that uses the RIG Exploit Kit to deliver the RedLine stealer malware. Exploit kits (EKs) have dropped drastically in popularity as they targeted vulnerabilities in web browsers introduced by plug-in software such as the now-defunct Flash Player and Microsoft Sillverlight. As web browsers grew more secure and introduced automatic updates for all their components or replaced them with modern standards, the use of EKs to distribute malware has declined. READ MORE...
Cybersecurity firm Group-IB identified more than 91,000 publicly-exposed databases in the first quarter of 2022, significantly more than in the previous year. In 2021, the firm discovered a total of 308,000 exposed databases, with more than 165,000 of them found in the second half of the year. Most of the exposed databases use the Redis database management system (37.5%), followed by MongoDB (31%) and Elastic (29%). READ MORE...