This update was posted at 6:31 PM, Pacific Time. As we shared earlier today, we are conducting a thorough investigation into the recent LAPSUS$ claims and any impact on our valued customers. The Okta service is fully operational, and there are no corrective actions our customers need to take.

The activity we have observed has been attributed to a threat group that Microsoft tracks as DEV-0537, also known as LAPSUS$. DEV-0537 is known for using a pure extortion and destruction model without deploying ransomware payloads.

The latest is a printer hack, which allows the collective to send a message across the transcontinental country.

The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft's internal Azure DevOps server.

Le groupe cybercriminel LAPSUS$ a publié des captures d'écran montrant ce qu'il prétend être des éléments de l'environnement informatique interne de l'entreprise.

A travers plusieurs mises à jour de projets open source, des développeurs ont manifesté leur opposition à l’invasion russe de l’Ukraine. Si dans certains cas, l’impact se limite à des messages de sensibilisation, certains projets vont jusqu’à inclure des logiciels malveillants.

The volunteers who run open-source software projects are changing the code so that they display anti-war messages—or even wipe entire files.

InvisiMole has been collaborating with the Gamaredon APT for years.

A search online lead me to a discovery I didn’t think was possible nowadays. I realized almost immediately that critical security issues were probably involved. I found that out of the many tens of thousands of gas stations the company claimed to have installed their product in, 1,000 are remotely hackable.

When code with millions of downloads nukes user files, bad things can happen.

La bibliothèque de chiffrement web open source OpenSSL est affectée par une vulnérabilité pouvant servir à des attaques par déni de service. Les versions 1.0.2, 1.1.1 et 3.0 doivent être mises à jour dès que possible.

In what's an act of deliberate sabotage, the developer behind the popular "node-ipc" NPM package shipped a new tampered version to condemn Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain.

Lors d’une conférence de presse, un responsable ukrainien a, pour la première fois, donné des détails sur les conséquences de cette cyberattaque.

At the start of 2022, CrowdStrike Intelligence and CrowdStrike Services investigated an incident in which PROPHET SPIDER exploited CVE-2021-22941 — a remote code execution (RCE) vulnerability impacting Citrix ShareFile Storage Zones Controller — to compromise a Microsoft Internet Information Services (IIS) web server. The adversary exploited the vulnerability to deploy a webshell that enabled the downloading of additional tools. This incident highlights how PROPHET SPIDER continues to evolve their tradecraft while continuing to exploit known web-server vulnerabilities.

Interview | La Suisse doit s'attendre à des cyberattaques après les sanctions contre la Russie. Seot questions à Solange Ghernaouti, experte en cybersécurité.

We recently came across a stealer, called Raccoon Stealer, a name given to it by its author. Raccoon Stealer uses the Telegram infrastructure to store and update actual C&C addresses.  Raccoon Stealer is a password stealer capable of stealing not just passwords, but various types of data, including: Cookies, saved logins and forms data from […]

It is unclear what type of “Cyber Security Incident” Ubisoft suffered but on Telegram LAPSUS$ hacking group responded to the news with smirking face emoji suggesting their alleged involvement.

Western intelligence agencies are investigating a cyberattack by unidentified hackers that disrupted broadband satellite internet access in Ukraine coinciding with Russia's invasion, according to three people with direct knowledge of the incident.

Vulnerabilities found in widely-used Uninterruptible Power Supplies could allow attackers to bypass security features and remotely take over or damage critical industrial, medical, and enterprise devices

They’re accused of colluding to carve up the advertising market between them

On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks BHI (or Spectre-BHB) is a revival of cross-privilege Spectre-v2 attacks on modern systems deploying in-hardware defenses. And we have a very neat end-to-end exploit leaking arbitrary kernel memory on modern Intel CPUs to prove it (PoC||GTFO right?).

The Danish data protection authority ('Datatilsynet') announced, on 9 March 2022, that it had published a new guide on the use of cloud services, as well as a short overview of frequently asked questions ('FAQs'). In particular, the Datatilsynet stated that the new guide is targeted at data controllers and notes the considerations which data controllers must keep in mind when using a cloud service, including an outline of the pitfalls, opportunities, and obligations that arise when using such technologies. [Document PDF](https://www.datatilsynet.dk/Media/637824108733754794/Guidance%20on%20the%20use%20of%20cloud.pdf)

Cisco Talos has observed new cyber attacks targeting Turkey and other Asian countries we believe with high confidence are from groups operating under the MuddyWater umbrella of APT groups. U.S. Cyber Command recently connected MuddyWater to Iran's Ministry of Intelligence and Security (MOIS).

Des milliers de particuliers et d’entreprises européennes sont sans connexion depuis le 24 février. De plus en plus d’éléments pointent vers le sabotage d’un satellite, en lien avec le conflit ukrainien.

Geneva is a genetic algorithm that automatically learns how to evade nation state censors.

A new reflection/amplification distributed denial of service (DDoS) vector with a record-breaking potential amplification ratio of 4,294,967,296:1 has been abused by attackers in the wild to launch multiple high-impact DDoS attacks.

New method also stretches out DDoS durations to 14 hours.

Belarus conducted widespread phishing attacks against members of the Polish military as well as Ukrainian officials, security researchers said Monday, providing more evidence that its role in Russia’s invasion of Ukraine has gone beyond serving as a staging area for Russian troops

The National Security Agency (NSA) has released a new Cybersecurity Technical Report (CTR): Network Infrastructure Security Guidance. The report captures best practices based on the depth and breadth of experience in supporting customers and responding to threats. Recommendations include perimeter and internal network defenses to improve monitoring and access controls throughout the network. [PDF Document](https://media.defense.gov/2022/Mar/01/2002947139/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDANCE_20220301.PDF)

Si les sanctions économiques contre la Russie ont un impact significatif, il en est autrement de celles imposées dans le domaine cyber.