The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. PDF Document
Online security is extremely important for people in Ukraine and the surrounding region right now. Government agencies, independent newspapers and public service providers need it to function and individuals need to communicate safely. Google’s Threat Analysis Group (TAG) has been working around the clock, focusing on the safety and security of our users and the platforms that help them access and share important information.
2 New Mozilla Firefox 0-Day Bugs Under Active Attack — Patch Your Browser ASAP!
Mozilla has pushed out-of-band software updates to its Firefox web browser to contain two high-impact security vulnerabilities, both of which it says are being actively exploited in the wild.
Samsung Electronics confirmed on Monday that its network was breached and the hackers stole confidential information, including source code present in Galaxy smartphones.
The Dirty Pipe Vulnerability — The Dirty Pipe Vulnerability documentation
This is the story of CVE-2022-0847, a vulnerability in the Linux kernel since 5.8 which allows overwriting data in arbitrary read-only files. This leads to privilege escalation because unprivileged processes can inject code into root processes. It is similar to CVE-2016-5195 “Dirty Cow” but is easier to exploit. The vulnerability was fixed in Linux 5.16.11, 5.15.25 and 5.10.102.
Despite the fact that it is not a 'real' vulnerability, escaping privileged Docker containers is nevertheless pretty funny. And because there will always be people who will come up with reasons or excuses to run a privileged container (even though you really shouldn't), this could really be handy at some point in the future
Hackers leak 190GB of alleged Samsung data, source code
The Lapsus$ data extortion group leaked today a huge collection of confidential data they claim to be from Samsung Electronics, the South Korean giant consumer electronics company.
Malware now using stolen NVIDIA code signing certificates
Threat actors are using stolen NVIDIA code signing certificates to sign malware to appear trustworthy and allow malicious drivers to be loaded in Windows. This week, NVIDIA confirmed that they suffered a cyberattack that allowed threat actors to steal employee credentials and proprietary data.
If you use an Apple Macbook, it’s likely that you have a secret enclave for important secrets — such as your encryption keys. These keys define the core of the trust infrastructure on the device — and protect applications from stealing these secrets. The TEE also allows isolation between code which is fully trusted, and code that cannot be fully trusted. If this did not happen, we could install applications on our computer which would discover our login password and steal the encryption used used to key things secret and trusted.
Scam E-Mail Impersonating Red CrossScam E-Mail Impersonating Red Cross
Earlier today, I received a scam email that impersonates the Ukrainian Red Cross. It attempts to solicit donations via Bitcoin. The email is almost certainly not related to any valid Red Cross effort. There are some legitimate efforts to collect donations for Ukraine using crypto-currencies. This scam may take advantage of these efforts.
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances
Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information.
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
Proofpoint has identified a likely nation-state sponsored phishing campaign using a possibly compromised Ukrainian armed service member’s email account to target European government personnel involved in managing the logistics of refugees fleeing Ukraine. * The email included a malicious macro attachment which attempted to download a Lua-based malware dubbed SunSeed. * The infection chain used in this campaign bears significant similarities to a historic campaign Proofpoint observed in July 2021, making it likely the same threat actor is behind both clusters of activity. * Proofpoint is releasing this report in an effort to balance accuracy with responsibility to disclose actionable intelligence during a time of high-tempo conflict.
L'Anssi sème le doute sur l'usage des solutions Kaspersky
Dans un exercice d'équilibriste, l'Anssi a demandé aux entreprises de s'interroger sur l'utilisation des solutions de l'éditeur Kaspersky du fait des liens avec la Russie. Elle prône à moyen terme une diversification des outils de sécurité.
Les tensions internationales actuelles causées par l’invasion de l’Ukraine par la Russie s’accompagnent d’effets dans le cyberespace. Si les combats en Ukraine sont principalement conventionnels, l’ANSSI constate l’usage de cyberattaques dans le cadre du conflit. Dans un espace numérique sans frontières, ces cyberattaques peuvent affecter des entités françaises et il convient sans céder à la panique de l’anticiper et de s’y préparer. Aussi, afin de réduire au maximum la probabilité de tels événements et d’en limiter les effets, l’ANSSI partage des bonnes pratiques de sécurité ainsi que des éléments sur la menace et invite l’ensemble des acteurs à s’en saisir. A cette fin, ce bulletin centralise et diffuse les éléments d’intérêt cyber en lien avec le contexte actuel pour favoriser le renforcement du niveau de protection de l’ensemble des entités françaises. Il sera mis à jour régulièrement.
Activity in the digital domain may affect the war in Eastern Europe at the margins, but it will not decide it. That should tell us something about the West’s cyber posture.
A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti, an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million…
Phishing attacks target countries aiding Ukrainian refugees
A spear-phishing campaign likely coordinated by a state-backed threat actor has been targeting European government personnel providing logistics support to Ukrainian refugees.
Toyota suspends domestic factory operations after suspected cyber attack
Toyota Motor Corp said it will suspend domestic factory operations on Tuesday, losing around 13,000 cars of output, after a supplier of plastic parts and electronic components was hit by a suspected cyber attack.
Ukrainian cyber resistance group targets Russian power grid, railways
A Ukrainian cyber guerrilla warfare group plans to launch digital sabotage attacks against critical Russian infrastructure such as railways and the electricity grid, to strike back at Moscow over its invasion, a hacker team coordinator told Reuters.
Destructive Malware Targeting Organizations in Ukraine
Actions to Take Today: • Set antivirus and antimalware programs to conduct regular scans. • Enable strong spam filters to prevent phishing emails from reaching end users. • Filter network traffic. • Update software. • Require multifactor authentication. Leading up to Russia’s unprovoked attack against Ukraine, threat actors deployed destructive malware against organizations in Ukraine to destroy computer systems and render them inoperable.
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
ESET researchers uncover IsaacWiper, a new wiper that attacks Ukrainian organizations and HermeticWizard, a worm spreading HermeticWiper in local networks.
Ukrainian Researcher Leaks Conti Ransomware Gang Data
A Ukrainian cybersecurity researcher has released a huge batch of data that came from the internal systems of the Conti ransomware gang. The researcher released the
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FVDNW5WCGGZOMXIPKCZLFCWCRPI.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
%2Fcloudfront-us-east-2.images.arcpublishing.com%2Freuters%2FUX3FKTUUGRO25CCGNZ3FK5IP6Q.jpg?width=92&height=&ar=&mode=&format=avif&dpr=2)
