For nearly three years, the December 2016 cyberattack on the Ukrainian power grid has presented a menacing puzzle. Two days before Christmas that year, Russian hackers planted a unique specimen of malware in the network of Ukraine's national grid operator, Ukrenergo. Just before midnight, they used it to open every circuit breaker in a transmission station north of Kyiv. The result was one of the most dramatic attacks in Russia's years-long cyberwar against its western neighbor, an unprecedented, automated blackout across a broad swath of Ukraine's capital.
The US Treasury has finally announced sanctions on three notorious North Korean state hacking groups, which it accused of attacks designed to generate money for the country’s illegal weapons program. The Office of Foreign Assets Control (OFAC) said on Friday that the sanctions would apply to Lazarus Group, Bluenoroff and Andariel. It effectively demanded that global banks block any transactions related to the groups.
Researchers have identified a new threat actor that is using impersonation fraud to purchase digital certificates that are then used for the spread of malware. Security firm ReversingLabs identified a bad actor that deceives certificate authorities into selling them legitimate digital certificates by impersonating company executives, according to a blog post by chief architect and co-founder Tomislav Pericin.
A publicly accessible, unprotected database belonging to car dealership marketing firm Dealer Leads was found to expose 198 million records, including personally identifiable information, Security Discovery reports. The database contained 413GB of data representing a compilation of information on potential car buyers, vehicles, loan and finance inquiries, log data with IP addresses of visitors, and more.
A security vulnerability in the extension of LastPass password manager could have allowed stealing the credentials last used for logging into a website. Exploiting the bug was possible in Google Chrome and Opera web browsers and required some effort to be successful since the target needed to go through several steps. Google security engineer Tavis Ormandy found that an attacker could create a valid clickjacking scenario for a user that has used LastPass to log into an account and direct them to a compromised or malicious website.
Windows Defender includes a security feature called "Ransomware Protection" that allows you to enable various protections against ransomware infections. This feature is disabled by default in Windows 10, but with ransomware running rampant, it is important to enable this feature in order to get the most protection you can for your computer.
Spanish security sleuth José Rodríguez on Friday posted a YouTube video of his most recent iOS lock-screen bypass: one that allows an iPhone to be tricked into showing its address book without the need to unlock the screen. The researcher told The Register that he found this bypass in July, in what was then the beta of iOS 13.
A just-patched stored cross-site scripting (XSS) vulnerability in WordPress allowed drive-by remote code-execution, according to an analysis. The bug exists in the built-in editor Gutenberg, which is found in WordPress 5.0 and above. Zhouyuan Yang, a threat-researcher at FortiGuard Labs, said that Gutenberg fails to filter a post’s JavaScript/HTML code if there’s a “Shortcode” error message.