Governments issue alerts after ‘sophisticated’ state-backed actor found exploiting flaws in Cisco security boxes post, april 24, 2024april 26, 2024 A previously unknown and “sophisticated” nation-state group compromised Cisco firewalls as early as November 2023 for espionage purposes — and possibly attacked network devices made by other vendors including Microsoft, according to warnings from the networking giant and three Western governments. Continue Reading
Iran Dupes US Military Contractors, Gov’t Agencies in Cyber Campaign post, april 24, 2024april 26, 2024 The US Departments of Treasury and State are among those compromised in the elaborate campaign, which lasted from 2016 to 2021 according to a US Justice Department indictment unsealed this week. Various defense contractors with high-level security clearances, a New York-based accounting firm, and a New York-based hospitality company were… Continue Reading
MITRE admits ‘nation state’ attackers touched its NERVE R&D operation post, april 22, 2024april 26, 2024 In a cautionary tale that no one is immune from attack, the security org MITRE has admitted that it got pwned.… Continue Reading
Change Healthcare Finally Admits It Paid Ransomware Hackers—and Still Faces a Patient Data Leak post, april 22, 2024april 26, 2024 More than two months after the start of a ransomware debacle whose impact ranks among the worst in the history of cybersecurity, the medical firm Change Healthcare finally confirmed what cybercriminals, security researchers, and Bitcoin’s blockchain had already made all too clear: that it did indeed pay a ransom to the… Continue Reading
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm post, april 17, 2024april 26, 2024 With Russia’s full-scale invasion in its third year, Sandworm (aka FROZENBARENTS) remains a formidable threat to Ukraine. The group’s operations in support of Moscow’s war aims have proven tactically and operationally adaptable, and as of today, appear to be better integrated with the activities of Russia’s conventional forces than in… Continue Reading
Russian hackers may have targeted Ukrainian telecoms with upgrade ‘AcidPour’ malware post, maart 22, 2024april 26, 2024 The data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show.The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence.“AcidPour’s expanded capabilities would enable it to better Continue Reading
Federal warning highlights cyber vulnerability of US water systems post, maart 20, 2024april 26, 2024 The White House urged operators of water and wastewater systems to review and beef up their security controls against attacks by Iran- and China-based groups. Continue Reading
APT28 hacker group targeting Europe, Americas, Asia in widespread phishing scheme post, maart 18, 2024april 26, 2024 The Russia-linked threat actor known as APT28 has been linked to multiple ongoing phishing campaigns that employ lure documents imitating government and non-governmental organizations (NGOs) in Europe, the South Caucasus, Central Asia, and North and South America.“The uncovered lures include a mixture of internal and publicly available documents, as well as possible actor-generated Continue Reading
Microsoft confirms Russian spies stole source code, accessed internal systems post, maart 8, 2024april 26, 2024 Still ‘no evidence’ of any compromised customer-facing systems, we’re told Microsoft has now confirmed that the Russian cyberspies who broke into its executives’ email accounts stole source code and gained access to internal systems. The Redmond giant also characterized the intrusion as “ongoing.” Continue Reading
Possible China link to Change healthcare ransomware attack post, maart 7, 2024april 26, 2024 Alleged crim bought SmartScreen Killer, Cobalt Strike on dark-web markets A criminal claiming to be an ALPHV/BlackCat affiliate — the gang responsible for the widely disruptive Change Healthcare ransomware infection last month — may have ties to Chinese government-backed cybercrime syndicates.… Continue Reading