The Ukrainian government said on Monday that it is investigating multiple intrusion vectors that could have been used to carry out the cyber-attacks that hit its government agencies last week. The attacks, which took place last Friday, included an attempt to deface more than 70 Ukrainian government websites and the deployment of a data-wiper on some government systems, a wiper that was designed to corrupt files and look like the affected systems were hit with a ransomware attack. On Monday, Ukrainian officials said the website defacements were also accompanied by data destruction attacks, suggesting for the first time that the two incidents are part of the same attack chain and not separate as initially thought. The statements echo an independent investigation from cybersecurity reporter Kim Zetter, who described in her Zero-Day newsletter an attack where the threat actor used different entry points into government systems and defaced or wiped data depending on the level of access they had gained. Log4Shell? On Monday, the Ukrainian Cyber Police and the Ukrainian Security Service said they were tracking three potential intrusion vectors that attackers could have used to pull off last week’s attacks: The exploitation of a vulnerability in the October CMS platform, which the Ukrainian government had used for some of the defaced websites;The compromise of employee accounts at a private company that provided the Ukrainian government with managed IT services;The use of the Log4Shell vulnerability to gain access to some of the compromised systems. The October CMS vulnerability referenced by the Cyber Police and SSU appears to be CVE-2021-32648, which Ukraine’s CERT
Written by Joe Warminsky Jan 18, 2022 | CYBERSCOOP QR codes are among the few “winners” of the coronavirus pandemic, the joke goes, because restaurants and other businesses have deployed them in far greater numbers over the past few years, in an effort to make more interactions contactless. The FBI is warning, however, that scammers love them, too. The bureau’s Internet Crime Complaint Center (IC3), issued a general alert Tuesday about “malicious” QR codes that reroute unsuspecting consumers to the world of cybercrime. “[C]ybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use,” the announcement says. The FBI’s warning is the latest in a long string of advisories from cybersecurity researchers or government agencies about the threat posed by QR codes. Last week, Ars Technica reported on fake QR codes that were stuck on parking meters in Texas cities, with the goal of intercepting payments. In October 2021, scammers were spotted using them as part of a phishing campaign. Earlier last year, the U.S. Army issued a warning. Other alerts pointed to bitcoin scams, And at least one barcode scanner app became notorious for carrying malware itself. The FBI’s release didn’t cite any examples of such activity, but said the trickery usually comes through QR codes that have been altered, either onscreen or on a printed page. “A victim scans what they think to be a
The Air Force Research Laboratory aims to produce and deploy technology-boosted accessories that can continuously monitor individuals’ stress and fatigue in real-time—and wearable devices to counter those strains for people who operate in severe environments.“These wearable technologies will ultimately be utilized in the field not only by the warfighter personnel but also firefighters, emergency responders, NASA and civilian astronauts, expedition crews, medical personnel, etc. to assess, augment, and optimize cognitive and physical performance,” officials wrote in a request for information published on Friday. Wearables refer to electronic devices that are attached to human bodies to capture data about their health, GPS location, physical movements, alertness and more. In recent years, multiple government agencies and military components have turned to this emerging technology to help spot disease outbreaks and optimize their staff’s performance, among other applications. “Mental and physical fatigue, as well as stress, are significant problems that impact the cognitiveand physiological performance of warfighter personnel due to long-duration missions, mentalexertion, cognitive overload,” according to a statement of work for the new wearable-related RFI. Austere environments—like in extreme cold or heat, or in high performance flight operations—impose “unique causes of fatigue” on troops, officials added, but countermeasures are limited.The Defense Department at this point does not require physiological monitoring of its staff to identify “decrements due to fatigue,” but compelling research has demonstrated exhaustion impacts on performance in laboratory settings, AFRL officials also noted, and certain fatigue-countering techniques have been proven. “In fact, one 30-minute session of [transcranial direct current stimulation of the brain,
With the advent of non-fungible tokens (NFT) art theft became a trivial task for hackers, since it is enough to deploy a phishing campaign to deceive enthusiasts of these virtual assets, making huge profits using only malicious emails. Such seems to be the case affecting Todd Kramer, a renowned gallerist and art curator specializing in NFTs and emerging artists. Through his Twitter account, Kramer revealed that he suffered a cyberattack that led to the loss of some of his pieces part of the Bored Ape Yacht Club NFT collection, worth almost $2.5 million USD. [embedded content] Apparently, the theft was possible because the victim visited a fake website believing it to be a legitimate platform, which allowed threat actors to access their online accounts and conduct transactions on Kramer’s behalf. The cybercriminals would have accessed the victim’s hot wallet, a term by which cryptocurrency wallets that require an Internet connection are known, eventually reaching their NFT assets. Unfortunately for digital art enthusiasts, this is not the only similar incident recorded recently. On social networks such as Twitter, every week new reports accumulate about users, investors and creators of NFT ensuring that their platforms were compromised, losing thousands of dollars in the process. Sergio Carrasco, a specialist in digital law, mentions that these thefts begin with simple emails of harmless appearance or with messages shared on Discord or Telegram channels: “According to what has been mentioned, Kramer would have clicked on some phishing
Security Fortinet discovered a new RedLine info-stealer campaign impersonating the COVID-19 Omicron stat counter app as a lure to steal data. The victims of the attack campaign are reportedly distributed across 12 countries. Security teams are advised to deploy a reliable anti-malware solution, encrypt important data, and use a network firewall, to say the least, to stay protected. Fortinet discovered a new RedLine info-stealer campaign impersonating the COVID-19 Omicron stat counter app as a lure to steal data. The victims of the attack campaign are reportedly distributed across 12 countries. Security teams are advised to deploy a reliable anti-malware solution, encrypt important data, and use a network firewall, to say the least, to stay protected.
Guest: Nelly Porter, Group Product Manager @ Google Cloud Topics covered: Resources: “Trust Google Cloud more with ubiquitous data encryption”The Confidential Computing Consortium whitepapersConfidential Computing at GoogleEP12 Threat Models and Cloud Security Do you have something cool to share? Some questions? Let us know: Web: cloud.withgoogle.com/cloudsecurity/podcast Mail: firstname.lastname@example.org Twitter: @CloudSecPodcast
According to Europol, VPNLabs was providing services to malware and ransomware operators who would mask their IP addresses to carry out cyberattacks against 100s of businesses. VPNLab, a Virtual Private Network (VPN) service used by cybercriminals to deploy ransomware has been taken down by Europol. The VPN service made nearly 100 businesses at risk of cyberattack. Europol is working with potential victims to mitigate the risk. The news came days after Russian authorities dismantled the infamous REvil ransomware gang known for targeting thousands of businesses and taking millions of dollars in ransom. It is also worth noting that in June 2021, authorities managed to dismantle DoubleVPN, while in December 2020, a VPN service called Safe-Inet was taken down by Europol and the FBI. Both VPNs provided services to cybercriminals to hide their identity online. Details of the Operation The joint action, spearheaded by German police in Hanover, took place on 17 January 2022. The law enforcement agencies that took part in the operation included Canada, the Netherlands, the Czech Republic, Hungary, France, Latvia, Ukraine, the United Kingdom, and the United States. According to Europol, around fifteen servers used by the VPNLab.net service were seized, and its main site was also shut down. The official website of VPNLab shows “This domain has been seized” message. In a press release, Europol stated, “The VPN provider service… was being used in support of serious criminal acts such as ransomware deployment and other cybercrime activities.” About VPNLab.net The now-defunct VPNLab.net VPN service was one
Microsoft today announced it is acquiring Activision Blizzard, the well-known video game publisher behind franchises like Call of Duty, Warcraft, Diablo, Candy Crush, and Hearthstone. The all-cash deal is valued at $68.7 billion, which makes it the largest acquisition in the Redmond company’s history.
You can feel even more confident that you’ll enjoy life online with us at your side. AV-Comparatives has awarded McAfee as its 2021 Product of the Year. McAfee makes staying safe simple, and now this endorsement by an independent lab says we protect you best. Over the course of 2021, AV-Comparatives subjected 17 different online protection products to a series of rigorous tests. Their labs investigated each product’s ability to protect against real-world Internet threats, such as thousands of emerging malicious programs and advanced targeted attacks, along with the ability to provide protection without slowing down the computer. McAfee topped the field, taking home the award for AV-Comparatives’ Product of the Year thanks to our highest overall scores across the seven different testing periods throughout the year. McAfee further took a Gold Award for the Malware Protection Test, in addition to recognition for its clean, modern, and touch-friendly design and for the way that McAfee Firewall coordinates perfectly with Windows. “We’re honored by the recognition,” says Chief Technology Officer, Steve Grobman. “The strong reputation that AV-Comparatives carries in the industry makes this feel like we won the gold for online protection.” He goes on to say that our work continues, “As the way people use the internet shifts and evolves, so are we, innovating to stay ahead of constantly evolving threats so our customers can enjoy their time online with confidence.” Read the full AV-Comparatives annual report and protect yourself and your family with the year’s top-rated antivirus. Give it
Security A relatively inactive TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier for threat actors to target a wide range of operating systems, including macOS and Linux. Hackers demand 0.05 Bitcoin, presently converting to around $2,150, for the decryption tool. TellYouThePass is financially motivated ransomware that was first seen in 2019. A relatively inactive TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it easier for threat actors to target a wide range of operating systems, including macOS and Linux. Hackers demand 0.05 Bitcoin, presently converting to around $2,150, for the decryption tool. TellYouThePass is financially motivated ransomware that was first seen in 2019.
An Italian citizen, employed in London’s publishing industry, has refuted charges that he fraudulently obtained unpublished manuscripts by impersonating other people online. The United States Department of Justice unsealed an indictment on January 5 accusing 29-year-old Filippo Bernardini of using digital deception to amass the unpublished manuscripts of hundreds of books. “Filippo Bernardini allegedly impersonated publishing industry individuals in order to have authors, including a Pulitzer Prize winner, send him prepublication manuscripts for his own benefit,” said US attorney Damian Williams. It is alleged that from at least August 2016 through July 2021, Bernardini created fake email accounts which he used to impersonate genuine literary talent agencies, publishing houses and literary scouts. “Bernardini created these accounts by registering more than 160 internet domains that were crafted to be confusingly similar to the real entities that they were impersonating, including only minor typographical errors that would be difficult for the average recipient to identity during a cursory review,” said the US Attorney’s Office for the Southern District of New York in a statement. One tactic allegedly employed by Bernardini was to replace the letter’ m’ used in a genuine domain name with the lower-case letters’ r’ and ‘n’ when registering a look-alike domain. Reportedly among the list of individuals allegedly defrauded by Bernardini are American actor, director and screenwriter Ethan Hawke, and renowned author of The Handmaid’s Tale, Margaret Atwood. Bernardini is further accused of phishing two employees of a New York City-based literary scouting company to gain access to a database maintained by that company. The defendant was
On dark web forums, UniCC, the leading dark web marketplace of stolen credit cards, has recently publicized that they are shutting down all their illegal activities, as affirmed by the blockchain forensics firm, Elliptic Enterprises.With a total of $358 million in purchases made through the marketplace since 2013 using cryptocurrencies, UniCC managed to prevail as the largest Dark Web provider of stolen credit cards.The cyber security researchers at Elliptic has stated:-“This process is known as ‘carding,’ and it has become a key part of the cybercriminal’s playbook. The technique is very profitable in its own right, but it is also used to help launder and cash-out cryptocurrency obtained through other types of cybercrime.”Moreover, Joker’s Stash, it is the previous market leader that tucked about a year ago, and in October, the White House Market announced its closure. Here these two markets were specialized in the sale of illicit drugs, and not only that, along with these two markets, Cannazon and Torrez were also closed.Operation of UniCCWhile the primary operation of UniCC is to process the stolen credit cards, in short, all the stolen credit cards are sold on UniCC so that later they could be traded for the acquisition of cryptocurrencies.Here the users who acquire these cards are based on using their balance, and use those cards for the following purchases and then through other means they resale those to third parties for cash:-Buy itemsGift cardsCryptocurrenciesHowever, most commonly, all these cards were used for laundering assets like cryptocurrencies that are
Martin Lukacs reports: Canadian police have been establishing municipal surveillance centres to support law enforcement, deploying digital technologies that expand surveillance powers with the help of major US corporations, according to government documents seen by The Breach. Working around-the-clock in special rooms or wings of police stations, these so-called “real-time operations centres” are the cornerstone of a shift to confront what police call the “new challenges” of a digital age. Read more at The Breach.
In 2017, the largest ransomware attack ever recorded hit the world, infecting more than 230,000 computers across more than 150 countries in just 24 hours. And it could have been solved with a patch that was released nearly two months prior. This was the WannaCry ransomware attack, and its final, economic impact—in ransoms paid but also in downtime and recovery efforts—has been estimated at about $4 billion. All of it could have been avoided if every organization running a vulnerable version of Windows 7 had patched that vulnerability, as Microsoft recommended. But that obviously didn’t happen. Why is that? In today’s episode of Lock and Code with host David Ruiz, we speak with cybersecurity professional Jess Dodson about why patching is so hard to get right for so many organizations, and what we could all do to better improve our patching duties. According to Dodson, the problem of patching isn’t just a problem of resources—time, staffing, funding—but also of mindset. For some organizations, refusing to patch almost brings with it a bizarre sense of pride, Dodson said. “I was having a chat to a fellow security professional who was doing some work for an organization where they were boasting about servers being up for 1,000 days. That’s not something to be proud of. I don’t get the whole idea of being proud of your uptime.t That just means you haven’t done any updates on that thing for three years.”Jess Dodson Tune in to hear all this and
Partnership will drive hybrid cloud transformation in software by enabling security as a continuous service 19th January 2022 : Automated threat modelling company IriusRisk has partnered with Methods , the leading public sector digital transformation consultant to deliver embedded threat modeling to improve the security of public sector services. The partnership has already seen two out of the five top public sector bodies incorporating IriusRisk threa t modeling capabilities into their service offerings. The partnership allows Methods to offer threat modeling and DevOps for UK government and public sector applications. Continuous threat modeling of applications and Cloud Services means that security is upheld as a continuous service, vastly reducing the risk of software vulnerabilities that could be exploited. This includes architectural design, analysis and threat modeling consulting service capabilities based around the IriusRisk Threat Modeling Platform. With IriusRisk, public sector organisations are also able to investigate and quantify inherent legacy risks in existing software through automated threat modelling, driving and informing remedial security programs to update key public sector services. Methods will also use IriusRisk as a basis for education and awareness programmes on cyber security threats, assisting public sector organisations in building their own threat modeling capabilities – including tools, training and ongoing access to key threat intelligence. Methods will be making
VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach have found. In fact, with a €600 VirusTotal license, they have managed to collect more than 1,000,000 credentials just by executing simple searches with a few tools. The source of the compromised credentials The credentials are contained in files that common info-stealers and keyloggers use to exfiltrate them from infected machines. These files can end up hosted on VirusTotal due to hackers using VirusTotal to promote selling victims’ data or due to attackers uploading them by mistake, Tomer Bar, Director of Security Research at SafeBreach, told Help Net Security. They may also be uploaded by third parties (e.g., a security researcher or the company where the C2 server is hosted) who are unaware they contain sensitive information. Finally, some environments are configured to automatically upload files to VirusTotal to verify whether they are “clean”. Finding the files with stolen credentials Just like Google Search can be used to search for vulnerable websites/systems, IoT devices, and sensitive data (the method is known as Google hacking or dorking), VirusTotal’s APIs and tools (VT Graph, Retrohunt, etc.) can be used to find files containing stolen data. To prove it, the researchers compiled a list of those files’ names, acquired a monthly VirusTotal license that allowed them to do searches, explore VirusTotal’s dataset, and perform malware hunts – and started searching for them. It didn’t take long
What’s going on with AWS this week? First up, AWS shows off a major overhaul to the Management Console homepage. Plus, launch speeds for Microsoft Windows Server instances on EC2 just got optimized. And AWS has released a new EC2 instance type. Let’s get started! Accelerate your career Get started with ACG and transform your career […] The post What’s up with the new AWS Console home page? appeared first on A Cloud Guru.
Data center solution provider T5 Data Centers has announced plans to build a new 200-megawatt government and enterprise cloud data center campus in Georgia. The 140-acre T5@Augusta development will be sited in the Southeast’s cybersecurity hub, Augusta, next to Fort Gordon and the US Army’s Cyber Command Headquarters. T5 Data Centers said the campus location “is ideal for secure federal hyperscale, or government contracted enterprise businesses and builds on the cluster for advanced cybersecurity initiatives based in Augusta.” Initiatives of this kind already up and running in Augusta include the Georgia Cyber Center, a collaboration between state, federal and higher education institutions, whose first building opened in July 2018. Costing $100m, the Georgia Cyber Center is the single largest investment in a cybersecurity facility by a state government in the US to date. “The vast, premium location of this property makes it ideal for federal cloud space and government contractors, with access to a large labor force with required security clearances, access to lit, dark and black fiber, and any necessary physical security measures,” said T5 Data Centers CEO, Pete Marin. “In addition, our clients get a business-friendly and stable tax environment, with 100% sales tax abatement on IT purchases, property tax rebates, and low-cost reliable power,” he added. T5 Data Centers, which has created 54 data centers, described the telecommunications infrastructure at the new campus location as “superior.” The site has access to 16 carriers and low latency connectivity to existing federal cloud zones. Augusta’s new data center is supported by the Augusta Economic Development
by Paul Ducklin Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple’s web browser software. Technically, the bug exists in Apple’s open source WebKit browser engine, which means it affects any browser that relies on WebKit. As you might expect, this includes all versions of Apple’s own Safari browser, whether you’re running it on macOS, your iPhone or your iPad. But on iOS and iPadOS, even non-Apple browsers that don’t usually use WebKit at all are required by Apple’s own App Store rules to ditch their regular underpinnings and use WebKit. On Windows and Linux, for example, Firefox uses its own Gecko rendering engine; Microsoft Edge, Google Chrome and many other browsers are based on Google’s Blink renderer. Although Blink was originally derived from WebKit, the forked-off project is now separate from, and very different to, Apple’s current WebKit codebase. So Safari on macOS, and pretty much any browser you’re using on an iPhone or iPad, is affected by this bug. OTHERS STOP AT NOTIFICATION. WE TAKE ACTION Get 24/7 managed threat hunting, detection, and response delivered by Sophos experts Learn more A little leakage goes a long way At first telling, the bug sounds both undramatic and unimportant: although it allows private data to leak between separate browser tabs that contain content from unrelated websites, the amount of data that leaks is minuscule. So,
Updating all the software solutions that we use daily is one of the main cybersecurity practices, since it allows us to keep our systems always protected by applying the corrections that the manufacturers of these products prepare for the possible exploitation of security flaws. However, it is necessary to stay alert, as threat actors can also use fake updates to hack our systems. For years, hacking groups have used malicious updates jointly with phishing campaigns to launch attacks against unsuspecting users. In the most recent campaign, reported by Malwarebytes, it has been detected that users of the Microsoft Edge web browser are receiving a fake update that hides a malicious payload. This malicious update delivers the Magnitude exploit kit, a set of tools that aim to install a powerful ransomware variant known as Magniber. The campaign was detected a few weeks ago and focuses on users in South Korea. According to experts, the attack follows a fully identifiable chain and described below: The target user visits a malicious websiteThis ad redirects the user to Magnigate malwareMagnigate runs IP address and browser checks to determine if the user meets the criteria for choosing a victim; if so, Magnigate will redirect the user to a home page of the exploit kitThe exploit kit chooses a way to attack the user; in this case the malicious microsoft edge updateThis fake update hides a malicious Windows application package (.appx) fileThe .appx file downloads the Magniber ransomware, which will
Marketing Will Facebook Make Nextdoor Say, ‘There Goes the Neighborhoods?’ Cyber News Author May 6, 2021 0 68 Is there enough room in the neighborhood for neighborhood social network Nextdoor… Security UN and Europol Warn of Growing AI Cyber-Threat Cyber News Author Nov 20, 2020 0 143 AI-supported ransomware attacks might feature intelligent targeting and evasion,… Security Microsoft Teams: Very Bad Tabs Could Have Led to BEC Cyber News Author Jun 15, 2021 0 63 Attackers could have stepped through a security hole in Microsoft Teams that would… Marketing Create an Irresistible and Magnetic Brand Using Storytelling Cyber News Author Nov 2, 2020 0 146 A case study of how one company turned a sad ad campaign into a winner with staying… Marketing NHL Fan Skills at Home Presented by Geico Winners Revealed Cyber News Author Apr 20, 2021 0 89 The National Hockey League revealed the 15 winners of its
Intelligent Connectivity and Better Business Planning | CIO Skip to content istock/iMrSquid Twenty-five or more years ago, many companies jumped on the ERP bandwagon to consolidate all their major business operations under one technology umbrella. Today, we’re seeing many of those same companies prepare to implement a new ERP system as they migrate from legacy, on-premises applications to cloud-based systems that can be managed and scaled more quickly. These modern systems enable a massive shift in how organizations can automate and integrate business processes and enhance the ways data can be optimized for better business opportunity planning and forecasting. And just like we saw in the 1990s, companies are using this shift to seek a competitive advantage. Take, for example, Boomi customer RHD Tire, a $100 million wholesale tire distributor that supplies more than 90% of car dealerships and individual and franchise tire retailers in the state of Michigan. RHD turned to Boomi when its rapid expansion spawned an IT culture of one-off customizations and inconsistent performance of its legacy, DOS-based point-of-sale system. The proprietary system worked fine for one location, but it just couldn’t handle the growth needed by the business. The upgrade to NetSuite through the Boomi AtomSphere Platform has automated all the business processes between RHD and the tier-one tire brands it carries, including Goodyear, Bridgestone, Michelin, Continental, and Pirelli along with specialty makes like Hankook, Yokohama, and Toyo. The near-immediate impact of that automation of supply chain
Do threat actors feel like walls are closing in on them? They might well be feeling that way — or maybe they should be feeling that way. From Europol, today: This week, law enforcement authorities took action against the criminal misuse of VPN services as they targeted the users and infrastructure of VPNLab.net. The VPN …
Beating the IT Staff Shortage With Integration | CIO Skip to content istock/Hiraman Speed in business often means time to market — get there before the competition, and you can establish yourself as the market leader. The fact is, though, your pace of change is in many ways limited by how quickly your technology can flex to meet a new opportunity or challenge. And your IT team is limited by one major challenge: a talent shortage. One easy workaround is to make integration work to your advantage. A study by blue-chip recruiter Korn Ferry found that by 2030, the United States faces losing $162 billion worth of revenues annually unless it finds more high-tech workers. That dearth of workers translates into delayed IT projects, slower rollouts of new services and offerings, and delays in critical upgrades to your user experience. To paraphrase the ’80s classic movie “Ferris Bueller’s Day Off,” life — and business — move pretty fast. And organizations that need to accelerate can’t afford to wait for the IT shortage to resolve. There are two common approaches we see from businesses using the Boomi AtomSphere Platform to help solve IT resource challenges: Low-code integration A low-code approach speeds project timeframes and lightens the load for IT. For example, Boomi client Eddie Stobart is a logistics company with $1 billion in revenues and 6,600 employees. It works with some of the United Kingdom’s biggest brands to get their products to
Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net. The VPN provider’s service gave users “shielded communications and internet access” that was used in “support of serious criminals acts such as ransomware deployment and other cybercrime activities,” Europol said today. The raids were led by Central Criminal Office of the Hanover Police Department in Germany under the the EMPACT security framework objective of Cybercrime – Attacks Against Information Systems. Police action also took place in the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the US and the UK, the latter being initiated by the National Crime Agency to yank the local node of the network offline. Europol set its sights on VPNLab.net after multiple other investigations lifted the lid on the criminals using the service to control botnets and distribute malware. In other instances, the VPN service was used to set-up infrastructure and comms that underpinned ransomware campaigns, as well as the deployment of the bad stuff. More than 100 businesses were identified as being at risk of attack and the cops are working with these “potential victims to mitigate their exposure”, Europol said. Web domains were yesterday replaced with a law enforcement splash page to confirm the network was down and out. “The actions carried out under this investigation make clear that criminals are running out of ways to hide their tracks online,” said a triumphant Edvardas Šileris, head of