This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
511 Comments
Tomi Engdahl says:
https://thehackernews.com/2022/02/critical-rce-flaws-in-php-everywhere.html
Tomi Engdahl says:
https://www.bloomberg.com/news/newsletters/2022-02-09/iran-malware-in-hpe-server-stuns-cybersecurity-experts
Tomi Engdahl says:
https://pentestmag.com/broadcast-signal-intrusion-with-rpi-zero-and-an-old-rusty-guitar-string/
https://arstechnica.com/cars/2022/02/radio-station-snafu-in-seattle-bricks-some-mazda-infotainment-systems/
https://www.kuow.org/stories/we-didn-t-mean-to-ruin-your-mazda-s-stereo
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-active-directory-bug-caused-by-jan-updates/
Tomi Engdahl says:
“Mazda North American Operations said: “A radio station in the Seattle area sent image files with no extension (eg missing ‘.jpeg’ or ‘.gif’), which caused an issue on some 2014-17 Mazda vehicles with older software.”
Tech bug keeps Mazda radios locked in to NPR
https://lm.facebook.com/l.php?u=https%3A%2F%2Fbbc.in%2F34rxIdd&h=AT2OhWKN6VaGwy4uiCJVSV8zoCPRjKRkv6FDd-wEqS9RInsOXyJl4EpqlsbbZ_NvGRE4-0vXHSinOOvvWTYgTlc7WwDU6s4ZNfr3-NixTGtgtnovn5r4qsP2sduQ-uJs-g
Tomi Engdahl says:
Apple Says WebKit Zero-Day Hitting iOS, macOS Devices
https://www.securityweek.com/apple-says-webkit-zero-day-hitting-ios-macos-devices
Apple’s struggles with zero-day attacks on its iOS and macOS platforms are showing no signs of slowing down.
For the second time in as many months, Cupertino released iOS, iPadOS and macOS updates to address a critical WebKit security defect (CVE-2022-22620) that exposes Apple devices to remote code execution attacks.
“Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited,” the company said in a barebones advisory.
As is customary, Apple did not provide details on the scope of the attack, the platform being targeted, or any indicators of compromise to help defenders look for signs of infections.
Tomi Engdahl says:
Meta Sues Two Nigerians Who Lured Facebook Users to Phishing Sites
https://www.securityweek.com/meta-sues-two-nigerians-who-lured-facebook-users-phishing-sites
Facebook parent company Meta this week announced it has taken legal action against two Nigerians for their alleged roles in financial scams targeting Facebook and Instagram users.
Between March 2020 and October 2021, the social media giant says, the two individuals – Arafat Eniola Arowokoko and Arowokoko Afeez Opeyemi – lured Facebook and Instagram users to phishing websites in an attempt to harvest credentials and compromise their financial services accounts.
To make sure they can perform the nefarious activities unhindered, the defendants employed a network of more than 800 fake Facebook and Instagram accounts.
Meta says it has already taken several enforcement actions against the two individuals, by disabling accounts they used on Facebook and Instagram, by blocking the phishing domains on its platforms, and by sending them cease and desist letters.
Tomi Engdahl says:
New Vulnerabilities Can Allow Hackers to Remotely Crash Siemens PLCs
https://www.securityweek.com/new-vulnerabilities-can-allow-hackers-remotely-crash-siemens-plcs
Tomi Engdahl says:
Alphabet’s CapitalG Makes Big Bet on Salt Security
https://www.securityweek.com/alphabets-capitalg-makes-big-bet-salt-security
Salt Security is the latest addition to a growing list of cybersecurity startups boasting billion-dollar valuations.
The Palo Alto, Calif.-based Salt Security on Thursday announced a new $140 million funding round that brings its valuation to $1.4 billion and signals heightened investor interest in the API security space.
Tomi Engdahl says:
Varoitus pankeille: Varautukaa Venäjän verkkohyökkäykseen https://www.is.fi/digitoday/tietoturva/art-2000008602978.html
EUROOPAN keskuspankki valmistelee pankkeja mahdollisiin Venäjän valtion tukemiin verkkohyökkäyksiin, kaksi asiasta tietävää henkilöä kertoi uutistoimisto Reutersille. Syynä on kiristynyt tilanne Ukrainan rajalla ja pelko Venäjän hyökkäyksestä.
Tomi Engdahl says:
Murtuiko bitcoinin yksityisyys? Poliisi pidätti kaksi 4, 7 miljardin euron kryptoryöstöstä https://www.is.fi/digitoday/art-2000008603407.html
YHDYSVALTAIN oikeusministeriö tiedottaa läpimurrosta kryptovaluuttapörssi Bitfinexiin vuonna 2016 kohdistuneen ryöstön tutkinnassa. Kaksi henkilöä pidätettiin tiistaina Manhattanilla New Yorkissa epäiltyinä ryöstösaaliin rahanpesusta.
Tomi Engdahl says:
Verkkorikolliset ovat tarttuneet tähän tilaisuuteen ja alkaneet pommittaa ihmisiä väärennetyillä Windows 11 -päivityksillä.
Todellisuudessa kyse on haittaohjelmasta, joka varastaa käyttäjän salasanat
https://www.kauppalehti.fi/uutiset/hakkerit-yrittavat-huijata-windowsin-paivityksella-luottokorttitiedot-kalasteleva-haittaohjelma-on-naamioitu-microsoft-valesivulle/27843fab-f8e6-4db6-b49f-3151517bc267
Bleeping Computerin mukaan kyse on RedLine-haittaohjelmasta, joka varastaa käyttäjän salasanat, selainevästeet sekä tiedot luottokorteista ja kryptovaluuttalompakoista. Myös:
https://www.zdnet.com/article/this-password-stealing-malware-posed-as-a-windows-11-download/
Tomi Engdahl says:
A new Magecart campaign is making waves
https://blog.malwarebytes.com/web-threats/2022/02/a-new-magecart-campaign-is-making-waves/
Malwarebytes’ researchers are closely monitoring web skimmers and have noticed that one of the infamous Magecart groups is causing a rise in the number of attacks while gobbling up over a quarter of the total number of attacks in one campaign. What all these attacks have in common is the domain where the malicious javascript is hosted:
naturalfreshmall.com. Additional research by Sansec shows a mass breach of stores running the Magento 1 ecommerce platform that can be tied to this campaign.
Tomi Engdahl says:
Malware distributors have turned to an older trick known as Squiblydoo to spread Qbot and Lokibot via Microsoft Office document using regsvr32.exe https://www.bleepingcomputer.com/news/security/qbot-lokibot-malware-switch-back-to-windows-regsvr32-delivery/Qbot,
A report from the threat research team at security analytics platform Uptycs shows that the use of regsvr32.exe has been spiking for the past couple of months, occurring via various document formats but mainly Excel files. The sudden focus this particular command-line utility is explained by the fact that it allows threat actors to bypass application blocklisting that could put an end to the infection chain.
Tomi Engdahl says:
Vodafone Portugal struggles to restore service following cyberattack https://arstechnica.com/information-technology/2022/02/vodafone-portugal-struggles-to-restore-service-following-cyberattack/
“[It was] a targeted attack on the network, with the purpose, surely voluntary, intentional to leave our customers without any service, ”
Vodafone Portugal CEO Mário Vaz said at a news conference, according to Portuguese news site Lusa. “The aim of this attack was clearly to make our network unavailable and with a level of severity to make the level of services as difficult as possible.”
Tomi Engdahl says:
The FritzFrog botnet that’s been active for more than two years has resurfaced with an alarminge infection rate, growing ten times in just a month of hitting healthcare, education, and government systems with an exposed SSH server https://www.bleepingcomputer.com/news/security/fritzfrog-botnet-grows-10x-hits-healthcare-edu-and-govt-systems/
Researchers at internet security company Akamai spotted a new version of the FritzFrog malware, which comes with interesting new functions, like using the Tor proxy chain. The new botnet variant also shows indications that its operators are preparing to add capabilities to target WordPress servers.
Tomi Engdahl says:
Russian Govt. Continues Carding Shop Crackdown https://krebsonsecurity.com/2022/02/russian-govt-continues-carding-shop-crackdown/
The crackdown the second closure of major card fraud shops by Russian authorities in as many weeks comes closely behind Russia’s arrest of
14 alleged affiliates of the REvil ransomware gang, and has many in the cybercrime underground asking who might be next.. Russian authorities have arrested six men accused of operating some of the most active online bazaars for selling stolen payment card data
Tomi Engdahl says:
Ukraine Busts Alleged Russian Bot Farm Using Thousands of SIM Cards https://www.vice.com/en/article/4awq8m/video-ukraine-busts-alleged-russian-bot-farm-using-thousands-of-sim-cards
“The SSU cyber specialists uncovered and dismantled two bot farms in Lviv with a total capacity of 18, 000 fake accounts, ” an SSU press release said. “According to preliminary information, organizers from Russia supervised the administrators of the bot farms.”. The SSU said it seized two sets of GSM gateways, 3, 000 SIM cards, laptops, and accounting records. GSM gateways are equipment that allows people to use SIM cards to connect to networks outside the default network they’re meant to be connected to. They’re popular tools for hackers and other cyber criminals, who can use them to manage several phone numbers, and to connect to Voice Over IP, or VoIP networks.
Spain dismantles SIM swapping group who emptied bank accounts https://www.bleepingcomputer.com/news/security/spain-dismantles-sim-swapping-group-who-emptied-bank-accounts/
Spanish National Police has arrested eight suspects allegedly part of a crime ring who drained bank accounts in a series of SIM swapping attacks. They presumably spoofed the targets’ bank in phishing messages via email, SMS, or direct messages on social media platforms.
By means of phishing, the suspects obtained the sensitive personal information needed to impersonate the potential victims and deceive phone store employees into issuing new SIM cards with the same number.
Tomi Engdahl says:
Returning Japan Olympians to have smartphones undergo security check
https://mainichi.jp/english/articles/20220209/p2g/00m/0in/049000c
The Japan Sports Agency said Tuesday members of the country’s Beijing Winter Olympics delegation will have their mobile devices inspected upon their return amid fears the compulsory COVID-19 app could pose a security risk.
The JSA said experts will screen the devices with the Beijing Games official app, My2022, installed and will delete suspicious apps if necessary, all with the permission of the phone’s owner.
It is looking to lend mobile devices to the Japanese Paralympic delegation attending the Beijing Games that start March 4,
Tomi Engdahl says:
Nintendo hacker Gary Bowser sentenced to 3 years in prison
By Mollie Taylor published about 20 hours ago
https://www.pcgamer.com/nintendo-hacker-gary-bowser-sentenced-to-3-years-in-prison/?utm_medium=social&utm_campaign=socialflow&utm_source=facebook.com
He’s been handed a 40-month sentence and a $14.5 million fine for his crimes.
Gary Bowser, the public face behind Nintendo ROM hacker group Team Xecuter, has been sentenced to three years in prison.
Bowser was part of the team that helped develop and sell modchips and jailbreaking software for a plethora of Nintendo consoles, including the Nintendo Switch.
Tomi Engdahl says:
Yli 100 000 ihmisen terveystiedot sekoittuivat käyttökelvottomiksi THL:n rekisterissä – ongelma vääristi myös koronarokotuslukuja
https://suomenkuvalehti.fi/jutut/kotimaa/yli-100-000-ihmisen-terveystiedot-sekoittuivat-kayttokelvottomiksi-thln-rekisterissa-ongelma-vaaristi-myos-koronarokotuslukuja/?shared=1210487-4d3d05fc-999&utm_medium=Social&utm_source=Facebook#Echobox=1644567400
Keski-Uudenmaan sotealueen neljän kunnan tiedot oli poistettava kahden vuoden ajalta ja ajettava uudestaan järjestelmään.
Terveyden ja hyvinvoinnin laitos (THL) on tilastoinut rokotusmääriä ikäryhmittäin sekä kunnittain ja laskenut koko maan rokotuskattavuusprosentit. Kunnat ovat lähettäneet tiedot rokotusmääristä omista potilastietojärjestelmistään THL:n ylläpitämään Avohilmo-rekisteriin.
Sinne lähetetään tiedot kaikista suomalaisten käyttämistä terveydenhuollon palveluista: lääkärin tai sairaanhoitajan antamasta hoidoista, mielenterveyspalveluista, kotihoidon käynneistä, fysioterapeutin kuntoutuksista, hammashuollosta ja niin edelleen.
Avohilmon avulla THL seuraa muun muassa terveyspalvelujen kokonaistarvetta, niiden saatavuutta ja väestötason terveysongelmia, kuten epidemioita.
Lokakuussa 2021 THL:ssä huomattiin, että Keski-Uudenmaan sote-alueen, Keusoten, koronarokotustilastoissa oli jotain vialla. Rokotustietoja alettiin tarkistaa ”sosiaaliturvatunnus sosiaaliturvatunnukselta”
”Saamissamme Avohilmo-määrityksissä ei ollut huomioitu tilannetta, jossa tilastotietoja toimitetaan yhden alueen nimissä, mutta eri kunnista ja keskenään samanlaisista järjestelmistä.”
”On tämä varoittava esimerkki. Välillä on vähän pelätty, mitä käy, kun erillisiä järjestelmiä laitetaan yhteen. Toisaalta moni ohjelmistotoimittaja on jo tehnyt Keusotea vastaavia yhdistämisiä, eikä vastaavia ongelmia ole ilmennyt”, THL:n Kaisa Mölläri sanoo.
”Suoraan sanottuna ohjelmistotoimittajat ovat epäonnistuneet aika helvetin pahasti, jos tämä toistuu ensi vuoden vaihteessa.”
Tomi Engdahl says:
If EARN IT Passes, What Happens On Your iPhone Won’t Stay On Your iPhone
https://www.eff.org/deeplinks/2022/02/if-earn-it-passes-what-happens-your-iphone-wont-stay-your-iphone
Last year, Apple announced a controversial plan to install photo scanning software in every device. Apple has long been seen as a pro-privacy company—billboards emblazoned with the slogan “What happens on your iPhone, stays on your iPhone” were common sights in 2019. A global coalition pushed back, and the company paused the plan.
Now, Congress wants to force Apple’s hand—along with essentially every company that allows users to store or share messages or content—and essentially mandate such scanning.
While Apple’s plan would have put the privacy and security of its users at risk, the EARN IT Act compromises security and free speech for everyone. The bill would create serious legal risk for business that hosts content—messages, photos stored in the cloud, online backups—and, potentially, even cloud-hosting sites like those using Amazon Web Services, unless they use government-approved scanning tools.
The bill’s proponents claim that this isn’t a problem for any service as long as it is scanning files, and then reporting Child Sexual Abuse Material (CSAM) to law enforcement. Internet companies are already required to report suspected CSAM if they come across it, and they report on a massive scale that comes with a lot of mistakes. Facebook is often held up as a positive example by lawmakers, but while new scanning techniques there have produced many millions of reports, many of them are apparently inaccurate.
Tomi Engdahl says:
EARN IT doesn’t specifically attack encryption, but that’s because it doesn’t have to. Instead, it allows encryption to be used as evidence against a company in order to find it liable for hosting CSAM.
The end result is clear: state laws will make companies liable if they don’t scan and report user content for CSAM, which they can’t do unless they break encryption. Apple will likely fold, as will many other companies
https://www.eff.org/deeplinks/2022/02/if-earn-it-passes-what-happens-your-iphone-wont-stay-your-iphone
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/cisa-urges-orgs-to-patch-actively-exploited-windows-serioussam-bug/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/qbot-needs-only-30-minutes-to-steal-your-credentials-emails/
Tomi Engdahl says:
https://appleinsider.com/articles/22/02/10/senate-committee-advances-bill-that-could-threaten-encryption-section-230
Tomi Engdahl says:
US cyber defense agency warns of possible Russian cyberattacks amid tensions
https://thehill.com/policy/cybersecurity/594013-us-cyber-defense-agency-warns-of-possible-russian-cyberattacks-amid
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a “Shields Up” alert for American organizations saying that U.S. systems could face Russian cyberattacks amid warnings from Biden administration officials that a Russian invasion of Ukraine could be imminent.
With U.S. officials warning on Friday that Russia could invade Ukraine “any day now,” CISA’s alert recommended that all organizations in the U.S., regardless of size, “adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.”
Tomi Engdahl says:
FBI Sees Huge Increase in SIM-Swapping Attacks
In 2021, the FBI received 1,611 SIM-swapping complaints, up from 320 complaints in the three years prior.
https://uk.pcmag.com/security/138635/fbi-sees-huge-increase-in-sim-swapping-attacks
Tomi Engdahl says:
Microsoft, Oracle, Apache and Apple vulnerabilities added to CISA catalog
One of the vulnerabilities — a Microsoft Windows SAM local privilege escalation vulnerability — has a remediation date of February 24.
https://www.zdnet.com/article/15-vulnerabilities-added-to-cisa-catalog/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/hacking-group-modifiedelephant-evaded-discovery-for-a-decade/
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-killing-off-wmic-in-windows-will-thwart-attacks/
Tomi Engdahl says:
https://github.com/ChendoChap/PS5-Webkit-Execution
Tomi Engdahl says:
https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/
Tomi Engdahl says:
Fixed a major flaw that would have permitted an illegal and continuous creation of ETH tokens. Ethical Hacker, Jay Freeman, who discovered flaws in the code and saved the network from significant theft risks. He explained that any developer on Ethereum’s chain could automatically use one of its forks to create new tokens. Specifically, a continuous regeneration is triggered by running a SELF-DESTRUCT opcode command on a smart contract that once held ETH tokens.
Daami PK
11 February 2022update 11 February 2022
38.5 k views
White Hat Hacker Awarded $2 Million for Fixing ETH-Creation Bug
https://cryptoadventure.com/white-hat-hacker-awarded-2-million-for-fixing-eth-creation-bug/
Ethereum layer-2 solution, Optimism, fixed a major flaw that would have permitted an illegal and continuous creation of ETH tokens.
According to sources, Optimism might have just solved a significant system vulnerability issue. The potential glitch got the attention of developers at Ethereum through an Ethical Hacker, Jay Freeman, who discovered flaws in the code and saved the network from significant theft risks.
The bug, now curtailed, was reportedly triggered by an Etherscan employee. Had the issue not been promptly resolved, malicious users on the chain could have exploited the flaw.
Tomi Engdahl says:
blog post, Jay described precisely how this vulnerability could lead to the infinite duplication of the second most-valued cryptocurrency in the world.
Attacking an Ethereum L2 with Unbridled Optimism
https://www.saurik.com/optimism.html
The Summary
On 2/2/2022, I reported a critical security issue to Optimism—an “L2 scaling solution” for Ethereum—that would allow an attacker to replicate money on any chain using their “OVM 2.0″ fork of go-ethereum (which they call l2geth).
Quickly, Optimism—whose platform currently uses a centralized “sequencer”—moved to both fix this bug on their nodes and infrastructure, as well as arrange for downstream projects that used their codebase (Boba and Metis) to get patched.
Tomi Engdahl says:
Tietomurto Savonia-ammattikorkeakouluun opiskelijoiden tietoja julki pimeässä verkossa https://www.is.fi/digitoday/tietoturva/art-2000008607041.html
SAVONIA-ammattikorkeakoulu joutui kiristyshyökkäyksen kohteeksi viikko sitten perjantaina. Oppilaitokseen iskettiin kiristysohjelmalla, joka salakirjoitti ja varasti tiedot. Opiskelijoiden tietoja on julkaistu tällä viikolla pimeässä verkossa. Savonian rehtori Mervi Vidgrén kertoo oppilaitoksen tehneen asiasta rikosilmoituksen. Asia on tutkinnassa Kuopion paikallispoliisilla ja keskusrikospoliisilla.
Tomi Engdahl says:
Ransomware crew dumps stolen Optionis files online https://www.theregister.com/2022/02/11/optionis_stolen_data/
What appears to be stolen data belonging to customers of accounting conglomerate Optionis Group has surfaced on the dark web weeks after the firm confirmed intruders had broken into its systems. Optionis Group houses brands including Parasol Group, Clearsky, SJD Accounting and NixonWilliams.
Tomi Engdahl says:
Jälleen uusi kolaus Google Analyticsin käytölle verkkosivustolle annettiin kuukausi aikaa lopettaa palvelun käyttö https://www.tivi.fi/uutiset/tv/6f27534b-8a23-4698-9112-ff340cea4abe
Ranskan tietosuojaviranomainen CNIL on linjannut, että Google Analytics -palvelun käyttö voi rikkoa EU:n tietosuoja-asetusta eli gdpr:ää. Tammikuussa Google Analyticsin käytön linjattiin rikkovan gdpr:ää Itävallassa. Tämän seurauksena Itävallan tietosuojaviranomainen kielsi Google Analyticsin jatkuvan käytön.
Google Analytics on erittäin laajalti käytetty verkkosivustojen analytiikkapalvelu, jolla seurataan sivustojen kävijämääriä ja liikennettä.
Tomi Engdahl says:
Croatian phone carrier data breach impacts 200, 000 clients https://www.bleepingcomputer.com/news/security/croatian-phone-carrier-data-breach-impacts-200-000-clients/
Croatian phone carrier ‘A1 Hrvatska’ has disclosed a data breach exposing the personal information of 10% of its customers, roughly 200, 000 people.
Tomi Engdahl says:
US nuclear power plants contain dangerous counterfeit parts, report finds https://www.theverge.com/2022/2/11/22929255/us-nuclear-power-plants-dangerous-counterfeit-parts-nrc-report
At least some nuclear power plants in the US contain counterfeit parts that could pose significant risks, an investigation by the inspector general’s office of the Nuclear Regulatory Commission has found. Those parts “present nuclear safety and security concerns that could have serious consequences, ” says the resulting report published on February 9th.
Tomi Engdahl says:
Europe’s biggest car dealer hit with ransomware attack https://www.zdnet.com/article/europes-biggest-car-dealer-hit-with-ransomware-attack/
One of Europe’s biggest car dealers, Emil Frey, was hit with a ransomware attack last month, according to a statement from the company. “We have restored and restarted our commercial activity already days after the incident on January 11, 2022, ” a spokesperson said, declining to answer more questions about whether customer information was accessed.
Tomi Engdahl says:
Notorious Maze Ransomware Gang Closes Up Shop And Releases Decryption Keys https://www.forbes.com/sites/leemathews/2022/02/12/notorious-maze-ransomware-gang-closes-up-shop-and-releases-decryption-keys/?sh=c83c89548dca
Over the past three years the Maze crew ensnared scores of victims with its ransomware. Now, suddenly, Maze seems to have called it quits. They’ve released master decryption keys and destroyed the bulk of the malware’s code.
Tomi Engdahl says:
Facebook exposes ‘god mode’ token that could siphon data https://www.theregister.com/2022/02/12/facebook_god_mode/
Brave this week said it is blocking the installation of a popular Chrome extension called L.O.C. because it exposes users’ Facebook data to potential theft. “If a user is already logged into Facebook, installing this extension will automatically grant a third-party server access to some of the user’s Facebook data, ” explained Francois Marier, a security engineer at Brave, in a GitHub Issues post. “The API used by the extension does not cause Facebook to show a permission prompt to the user before the application’s access token is issued.”
Tomi Engdahl says:
CinaRAT Delivered Through HTML ID Attributes
https://isc.sans.edu/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330
A few days ago, I wrote a diary about a malicious ISO file being dropped via a simple HTML file. I found another sample that again drops a malicious ISO file but this time, it is much more obfuscated and the VT score is 0! Yes, not detected by any antivirus solution!.
Here is the obfuscated technique used. The payload is stored in “ID”
attributes of multiple paragraph tags[...]
Tomi Engdahl says:
SHIELDS UP
https://www.cisa.gov/shields-up
Notably, the Russian government has used cyber as a key component of their force projection over the last decade, including previously in Ukraine in the 2015 timeframe. The Russian government understands that disabling or destroying critical infrastructure – including power and communications – can augment pressure on a country’s government, military and population and accelerate their acceding to Russian objectives. While there are not currently any specific credible threats to the U.S. homeland, we are mindful of the potential for the Russian government to consider escalating its destabilizing actions in ways that may impact others outside of Ukraine. Based on this situation, CISA has been working closely with our critical infrastructure partners over the past several months to ensure awareness of potential threat – part of a paradigm shift from being reactive to being proactive. CISA recommends all organizations – regardless of size – adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
Tomi Engdahl says:
San Francisco 49ers confirm ransomware attack https://therecord.media/san-francisco-49ers-confirm-ransomware-attack/
The San Francisco 49ers NFL team has fallen victim to a ransomware attack that encrypted files on its corporate IT network. The team confirmed the attack earlier today after the operators of the BlackByte ransomware listed the team as one of their victims on Saturday on a dark web “leak site” the group typically uses to shame victims and force them into paying their extortion demands.
Tomi Engdahl says:
CISA orders federal agencies to update iPhones, Macs until Feb 25th https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-update-iphones-macs-until-feb-25th/
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.
Tomi Engdahl says:
Tom Hegel / SentinelOne:
Research: ModifiedElephant APT has targeted activists, journalists, lawyers, and others in India to spy on or plant digital evidence since at least 2012 — Executive Summary — Our research attributes a decade of activity to a threat actor we call ModifiedElephant.
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
Tomi Engdahl says:
Ransomware Gang Says it Has Hacked 49ers Football Team
https://www.securityweek.com/ransomware-gang-says-it-has-hacked-49ers-football-team
Tomi Engdahl says:
Adobe Releases Emergency Patch for Exploited Commerce Zero-Day
https://www.securityweek.com/adobe-releases-emergency-patch-exploited-commerce-zero-day