This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
This posting is here to collect cyber security news in February 2022.
I post links to security vulnerability news to comments of this article.
You are also free to post related links to comments.
511 Comments
Tomi Engdahl says:
New “SockDetour” Fileless, Socketless Backdoor Targets U.S. Defense Contractors
https://thehackernews.com/2022/02/new-sockdetour-fileless-socketless.html
Tomi Engdahl says:
Anonymous declares ‘cyber war’ against Putin, shuts down Kremlin-backed media website
https://meaww.com/anonymous-cyber-war-against-putin-kremlin-media-channel-website-hacked
The declaration of a cyberwar increases the chances that Russia is targeted with systematic hacking attempts in the coming days or weeks
Notorious hacking group Anonymous appears to have declared a “cyberwar” against Russian President Vladimir Putin’s government after he launched a full-scale invasion of Ukraine.
The hacktivist group issued a stark announcement on their Twitter account Thursday evening, February 24, writing, “The Anonymous collective is officially in cyberwar against the Russian government.” About half an hour later, they revealed they had taken down the website of Kremlin-funded media channel Russia Today or RT. Earlier reports claimed their website was inaccessible and displayed an error message. However, the site appears to be back online at the time of publication.
Tomi Engdahl says:
Most concerned with cyber war in critical infrastructure and financial sector, says TrustedSec CEO
https://www.cnbc.com/video/2022/02/25/most-concerned-with-cyber-war-in-critical-infrastructure-and-financial-sector-says-trustedsec-ceo.html?utm_content=199194167&utm_medium=social&utm_source=facebook&hss_channel=fbp-539813956129876
David Kennedy, TrustedSec CEO and former NSA and Marine Corps hacker, joins ‘Power Lunch’ to discuss what companies and American consumers should prepare for in the event of Russian cyber warfare, what the dangers are of further cyber war and more.
Tomi Engdahl says:
Donations, including those made with cryptocurrencies, have been pouring into Ukraine since the start of the Russian invasion, launched on Thursday. https://trib.al/zRQkkUa
Tomi Engdahl says:
Anonymous on twitter
https://mobile.twitter.com/youranonnews/status/1496954233492541444
“#Anonymous is currently involved in operations against the Russian Federation. Our operations are targeting the Russian government. There is an inevitability that the private sector will most likely be affected too.”
Tomi Engdahl says:
https://www.independent.co.uk/tech/anonymous-attacks-russia-ukraine-invasion-rt-ddos-b2023177.html
https://www.businessinsider.in/tech/news/russia-ukraine-war-anonymous-hackers-launch-cyberwar-against-russia-taking-down-government-websites/articleshow/89817168.cms
Tomi Engdahl says:
Asiantuntija: Suomen puolustuksessa on yksi ”aivan selvä ongelmakohta” – Venäjä iski jo samalla alueella Ukrainaa vastaan https://www.iltalehti.fi/kotimaa/a/d40fc59d-e988-45c4-93e8-ad32998a487c
Tomi Engdahl says:
Good article on Cyclops Blink
“Like VPNFilter but stealthier”
Russia’s most cutthroat hackers infect network devices with new botnet malware
The Russian government’s Sandworm group uses previously unseen Cyclops Blink.
https://arstechnica.com/information-technology/2022/02/russias-most-cut-throat-hackers-infect-network-devices-with-new-botnet-malware/
Hackers for one of Russia’s most elite and brazen spy agencies have infected home and small-office network devices around the world with a previously unseen malware that turns the devices into attack platforms that can steal confidential data and target other networks.
Cyclops Blink, as the advanced malware has been dubbed, has infected about 1 percent of network firewall devices made by network device manufacturer WatchGuard, the company said on Wednesday. The malware is able to abuse a legitimate firmware update mechanism found in infected devices in a way that gives it persistence, meaning the malware survives reboots.
Tomi Engdahl says:
Conti ransomware gang: You attack Russia, we’ll hack you back > https://grahamcluley.com/conti-ransomware-gang-you-attack-russia-well-hack-you-back/
Tomi Engdahl says:
Conti ransomware gang: You attack Russia, we’ll hack you back
Notorious cybercrime gang says it will strike back at critical infrastructure if cyber attacks are launched against Russia
https://grahamcluley.com/conti-ransomware-gang-you-attack-russia-well-hack-you-back/
Tomi Engdahl says:
Ukraine seeks volunteers to defend networks as Russian troops menace Kyiv
While Moscow tells its operators: Treat any infrastructure outage as a ‘computer attack’
https://www.theregister.com/2022/02/25/ukraine_cyber_russia/
As the Russian invasion of Ukraine continues, the latter’s government is reportedly seeking cybersecurity volunteers to help defend itself. Meanwhile, Russia’s CERT has warned critical infrastructure operators that any strange outages should be treated as “a computer attack.”
Reuters reported this morning that a Google Docs form had been published so Ukrainian infosec specialists can register their services.
https://www.reuters.com/world/exclusive-ukraine-calls-hacker-underground-defend-against-russia-2022-02-24/
Tomi Engdahl says:
Anonymous leaks database of the Russian Ministry of Defence
https://cybernews.com/news/anonymous-leaks-database-of-the-russian-ministry-of-defence/
Thursday evening, the Anonymous collective declared a cyberwar against Russia as Putin’s forces closed in on the Ukrainian capital. And it looks like they were serious.
On Friday evening, Anonymous claimed they managed to breach the database belonging to the Russian Ministry of Defence. The group’s actions appear to be part of a growing trend that is seeing a growing number of cyber soldiers take to the newest front in the war against Russia.
Anonymous posted the database online and made it accessible to anyone. “Hackers all around the world: target Russia in the name of #Anonymous let them know we do not forgive, we do not forget. Anonymous owns fascists, always,” the group tweeted.
It seems that the database contains officials’ phone numbers, emails, and passwords. Twitter users seem excited about the news and continue discussing how they could use them to harm Putin’s regime.
“Sign them up for GOP and Trump fundraising emails. That will be enough to drive them all crazy,” one user suggested.
Tomi Engdahl says:
EU valmistelee kolmatta pakotekierrosta Venäjää vastaan – ukrainalaisia kehotetaan ottamaan sijaintitiedot pois käytöstä, Ranska lähettää lisää sotatarvikkeita
https://www.hs.fi/ulkomaat/art-2000008623000.html?share=235ad6d9bfccf2e734cdcda411c22706
Ukrainalaisia pyydetään ottamaan sijaintitiedot pois käytöstä
Ukrainalaisia on kehotettu lauantaina laittamaan puhelimien ja muiden mobiililaitteiden sijaintitiedot pois päältä. Kehotuksen antoi Ukrainan parlamentti Telegram-kanavallaan.
Parlamentin mukaan venäläiset voivat seurata ihmisten liikkeitä sijaintitietojen perusteella. Tämän avulla venäläiset voivat muun muassa suunnitella iskujaan.
Tomi Engdahl says:
Russian vigilante hacker: ‘I want to help beat Ukraine from my computer’
https://www.bbc.com/news/technology-60528594
“This site can’t be reached.”
That was the message greeting visitors to dozens of Ukrainian websites on Wednesday afternoon.
From 16:00 local time webpages for banks and government ministries started going down.
Naturally, fingers quickly pointed towards Moscow – Russia’s cyber army once again accused of hacking to spread fear and confusion online as troops massed on Ukraine’s borders.
But the BBC has learned that at least some of the cyber-attacks that afternoon and since have come not from the Kremlin but from groups of so called “patriotic” Russian hackers.
They work in small groups without direct orders from the Russian state and are intent on adding to the chaos in cyber-space.
By day, Dmitry (not his real name) works for a respectable Russian cyber-security company.
On Wednesday afternoon he finished work helping protect his customers from malicious hackers and went home for the night.
But while watching the unfolding cyber-attacks against Ukraine, he decided to assemble his hacking team and get stuck in.
“Considering everyone is attacking Ukraine servers. I am thinking we should cause some disruption too?” he posted on social media.
He says his team of six hackers then temporarily brought down a number of Ukrainian government websites, by flooding servers with data in denial of service (DDoS) attacks.
Tomi Engdahl says:
Tools for #OpRussia
Browser
TOR: https://www.torproject.org
I2P Anonymous Network: https://geti2p.net/
The Freenet Project: https://freenetproject.org/
Browser Addons
Privacy Badger: https://www.eff.org/privacybadger/
uBlock Origin: https://addons.mozilla.org/firefox/addon/ublock-origin/
Cookie AutoDelete: https://addons.mozilla.org/firefox/addon/cookie-autodelete/
HTTPS Everywhere: https://www.eff.org/https-everywhere
Decentraleyes: https://addons.mozilla.org/firefox/addon/decentraleyes/
NOScript: https://addons.mozilla.org/firefox/addon/noscript/
uMatrix: https://addons.mozilla.org/firefox/addon/umatrix/
Privacy Guide
https://www.privacytools.io/#addons
VPN
AirVPN: https://airvpn.org/
blackVPN: https://www.blackvpn.com/
CRYPTOSTORM: https://cryptostorm.is/
Perfect Privacy: https://www.perfect-privacy.com/
ProtonVPN: https://protonvpn.com/
Encrypted Email Services
ProtonMail: https://protonmail.com/ Not sure if its good since they shared info with Swiss Authorities
Dis root: https://disroot.org/en
Tutanota: https://www.tutanota.com/
Mailfence: https://mailfence.com/
Runbox: https://runbox.com/
NeoMailBOX: https://www.neomailbox.com/
Virtual Machines
VirtualBox: https://www.virtualbox.org/
Secure TOR tunnel.
WHONIX: https://www.whonix.org/
VPN/TOR Scripts
Torghost: https://github.com/susmithHCK/torghost
Anonym8: https://github.com/HiroshiManRise/anonym8
4nonimizer: https://github.com/Hackplayers/4nonimizer
Anonsurf: https://github.com/Und3rf10w/kali-anonsurf
Email Clients
Thunderbird: https://mozilla.org/thunderbird
Claws: http://www.claws-mail.org/
GNU Privacy Guard: https://www.gnupg.org/
EMail Alternatives
I2P-Bote: https://i2pbote.xyz/
Bitmessage: https://bitmessage.org/
RetroShare: http://retroshare.net/
Encrypted Messenger
Signal: https://signal.org/
Wire: https://get.wire.com/
Ricochet: https://ricochet.im/
Cryptocat: https://crypto.cat/
Telegram: https://telegram.org/
Wickr: https://www.wickr.com/
Firechat: https://itunes.apple.com/au/app/firechat/id719829352?mt=8
Discord: https://discordapp.com/
Linphone: https://www.linphone.org/
Password Manager Software
Master Password: https://ssl.masterpasswordapp.com/
KeePass / KeePassX – Local: http://keepass.info/download.html
LessPass – Browser: https://lesspass.com/
File Encryption Software
VeraCrypt – Disk Encryption: https://veracrypt.fr/
GNU Privacy Guard – Email Encryption: https://www.gnupg.org/
PeaZip – File Archive Encryption: http://www.peazip.org/
Domain Name System (DNS)
DNSCrypt – Tool: https://dnscrypt.info/
OpenNIC – Service: http://www.opennicproject.org/
Paste Services
Ghostbin: https://ghostbin.com/
PrivateBin: https://privatebin.info/
0bin : https://0bin.net/
Live CD Operating Systems
Tails: https://tails.boum.org/
KNOPPIX: http://www.knopper.net/knoppix/
Puppy Linux: http://puppylinux.org/
Open Source Router Firmware
OpenWrt: https://openwrt.org/
pfSense: https://www.pfsense.org/
LibreWRT: http://librewrt.org/
Tools
ipleak.net – IP/DNS Detect – What is your IP, what is your DNS, what informations you send to websites.
https://www.ghacks.net/2015/12/28/the-ultimate-online-privacy-test-resource-list/
https://prism-break.org/en/
https://securityinabox.org/en/
https://securedrop.org/
https://pack.resetthenet.org/
https://secfirst.org/
Tomi Engdahl says:
brave dude. he stole 11bn$ while living in singapore, a country that would seriously punish you for stealing 100$
Exclusive: Austrian Programmer And Ex Crypto CEO Likely Stole $11 Billion Of Ether
https://www.forbes.com/sites/laurashin/2022/02/22/exclusive-austrian-programmer-and-ex-crypto-ceo-likely-stole-11-billion-of-ether/?sh=72c41ed27f58
Tomi Engdahl says:
https://www.facebook.com/groups/shahidzafar/permalink/5172698559415896/
Could any of you explain why these scenarios are examples of poor cyber hygiene?
A SysAdmin accessed her personal webmail via a browser while logged on to a system with her privileged administrative account.
A system administrator needed to copy files from one server to another. He enabled the FTP service on both systems and performed the task, leaving the service installed.
#1: Security standards for personal and corporate email are quite different, which can allow malicious activity in through un-/less-protected channels.
#2: Unsecured protocols are a violation of some audit frameworks unto themselves
Tomi Engdahl says:
Kremlin website down for several hours
Six Russian government websites are currently down, according to the Kyiv Independent.
That list reportedly includes the official sites of the Kremlin and Russia’s media regulatory agency.
The outlet attributed its reporting to sources at Ukraine’s state telecommunications agency.
State TV channels have also been “hacked to play Ukrainian songs”, it says.
The Anonymous hacking collective has taken credit for the attacks, but this has not been independently confirmed.
https://www.bbc.co.uk/news/live/world-europe-60517447
Tomi Engdahl says:
Google Maps, Apple Maps, and smartphones are at the forefront of modern war
https://appleinsider.com/articles/22/02/25/google-maps-apple-maps-and-smartphones-are-at-the-forefront-of-modern-war?utm_source=sendible&utm_medium=social&utm_campaign=RSS
We’ve gone beyond “the revolution will be televised,” and are in a reality where the latest European war is live-streamed not just through social media, but on online mapping services without Google or Apple intending it.
The sheer volume of mapping data now available at our fingertips means it was possible for civilians half a world away to see when Russian forces began moving. Specifically, that data pinpointed a traffic jam starting on the Russian side of the border, actively moving into Ukraine in the first few minutes of the Russian and Ukraine conflict.
Just as with any cartography, this information required interpreting. Google Maps did not specifically say that it was troop movements, nor was its satellite imagery up to the minute. During the process of researching this story, we’ve confirmed that Apple Maps presented similar inbound troop movement information — but it wasn’t setting out to do that either.
What these services did, though, was register all of the smartphone users whose driving was slowed or halted by unusual traffic conditions. Wherever the majority of the data came from, it was possible to determine what was happening when coupled with known details of Russian troop locations.
So it was possible to know that the invasion was starting, long before conventional news could break the story. And, it was all relayed in real-time on Twitter.
That raises issues about the almost accidental power of big tech over issues seemingly far from their intended use. There is now a new clash between civil rights, civilian-oriented technology, and security.
Nobody set out to make Google Maps be a military tool, but if it and other big tech services have become that, they have done so without any kind of oversight. Democracy needs information, but governments want to control it, so you can bet that Google and Apple going to be getting some phone calls about it.
As for this specific example of the invasion of the Ukraine, tweeter Dr. Lewis told Vice that he thinks he and his team “were the first people to see the invasion.”
“And we saw it in a traffic app,” he said
Google Maps Live Traffic Showed the Russian Invasion of Ukraine
“I think big data companies often don’t want to face squarely how useful their data can be.”
https://www.vice.com/en/article/xgd7dd/google-maps-live-traffic-showed-the-russian-invasion-of-ukraine
Tomi Engdahl says:
Roughly 18,000 guns were distributed to civilians in the Kyiv area as of Friday and the government is encouraging Ukrainians to make Molotov cocktails.
In Photos: Ukrainian Volunteers Take Up Arms As Russian Attacks Wreak Havoc On Kyiv
https://lm.facebook.com/l.php?u=https%3A%2F%2Fwww.forbes.com%2Fsites%2Flisakim%2F2022%2F02%2F26%2Fin-photos-ukrainian-volunteers-take-up-arms-as-russian-attacks-wreak-havoc-on-kyiv%2F%3Futm_campaign%3Dforbes%26utm_source%3Dfacebook%26utm_medium%3Dsocial%26utm_term%3DGordie&h=AT2ab7g2fo4daXW2yXgAg1pVtsxHljzmVK7n_lKifYa67HL9fdMk46kEa2pyY3LRhsJh3Sx25K6bFJ9SGSvhc3n3zSJS6TBAg9K-iuluA377ZZkDpThySFJ1yrWv2GAuCzJEL0DgVXfDZoXDRw
Tomi Engdahl says:
https://www.theguardian.com/world/2022/feb/25/vladimir-putin-ukraine-attack-antisemitism-denazify
Tomi Engdahl says:
“The Russian leader’s pretext for invasion recasts Ukraine’s Jewish president as a Nazi and Russian Christians as true victims of the Holocaust”
https://www.theguardian.com/world/2022/feb/25/vladimir-putin-ukraine-attack-antisemitism-denazify
The presence of far-right elements within Ukraine’s self-defence forces has been seized on by the Kremlin in a bid to smear Ukrainian forces as “fascists,”
https://www.vice.com/en/article/3ab7dw/azov-battalion-ukraine-far-right
Tomi Engdahl says:
‘Sleeping with the enemy’ Russian troops try to pick up Ukrainian women on Tinder
https://nypost.com/2022/02/24/ukrainian-women-say-russian-troops-are-flirting-with-them-on-tinder/
Russian soldiers poised to invade Ukraine have bombarded women on the other side of the border with Tinder messages Tuesday, according to the Sun.
RUDE ARMY Randy Russian soldiers bombard Ukrainian girls with flirty Tinder requests
https://www.the-sun.com/news/4757640/russian-soldiers-tinder-ukraine/
Dasha Synelnikova’s phone lit up with snaps of dozens of randy Russians when she set her location to Kharkiv on Tinder yesterday.
Video producer Dasha, 33, told The Sun last night: “I actually live in Kyiv but changed my location settings to Kharkiv after a friend told me there were Russian troops all over Tinder.
“And I couldn’t believe my eyes when they popped up trying to look tough and cool.
“One muscular guy posed up trying to look sexy in bed posing with his pistol.
In the space of one hour, Dasha’s Tinder trawl unearthed a steady stream of Russian admirers, all appearing to be among Putin’s force massing north of Kharkiv.
Dasha said: “These guys are just the same as anyone else on Tinder — they want love or companionship.
Russian units have been ordered to switch off mobile phones in preparation for an invasion, it has emerged.
Tomi Engdahl says:
The United States and allies committed to a series of tough new sanctions on Russia on Saturday to choke its financial system in retaliation for the invasion of Ukraine. “Selected” Russian banks will be removed from the SWIFT inter-bank messaging system that is critical for conducting transactions, and the Russian Central Bank will be targeted with measures to restrict its ability to use its international reserves, according to a joint statement from the U.S., the European Union, France, Germany, Italy, the United Kingdom and Canada. Get live updates here: https://trib.al/0X9K8ly
Tomi Engdahl says:
“More terminals en route.”
Elon Musk activates Starlink over Ukraine as rockets fall on Kyiv – ‘More en route’
https://www.express.co.uk/news/world/1572562/elon-musk-startlink-ukraine-russia-kyiv-ont
ELON MUSK has activated Starlink services over Ukraine after the country’s vice prime minister begged the multi-billionaire for help.
The SpaceX founderLink made the announcement on Saturday while responding to the tweet of Ukraine’s First Vice Prime Minister and Minister of Digital Transformation, Mykhailo Fedorov, who called for help as Ukraine fought off an invasion and sustained cyberattacks by Russian forces. Tweeting directly at Mr Musk, Mr Fedorov said: “While you try to colonize Mars — Russia tries to occupy Ukraine!
“We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand.”
In response, Mr Musk said: “Starlink service is now active in Ukraine. More terminals en route.”
In order to connect to Starlink, customers need a terminal, which is essentially a small satellite dish that receives the internet signal.
The service is currently still in beta in the United States, and is an interesting but expensive product.
It costs $100 per month for download speeds of about 100 Mbps (plus a $500 fee for the terminal), which is much faster service than can be purchased in many rural parts of America.
But so far the service has been plagued by outages and intermittent connectivity while the terminal “switches” between satellites.
Tomi Engdahl says:
Ukrainian vice prime minister asks Elon Musk for Starlink satellites as Russia invades
https://nypost.com/2022/02/26/ukrainian-vice-prime-minister-asks-elon-musk-for-starlink-satellites-as-russia-invades/?utm_campaign=SocialFlow&utm_source=NYPFacebook&utm_medium=SocialFlow&sr_share=facebook
Ukraine’s vice prime minister called on SpaceX billionaire Elon Musk to help the embattled nation with communication satellites on Saturday, as they faced a third day of assaults from Russia.
“@elonmusk, while you try to colonize Mars — Russia try to occupy Ukraine! While your rockets successfully land from space — Russian rockets attack Ukrainian civil people! We ask you to provide Ukraine with Starlink stations and to address sane Russians to stand,” Mykhailo Fedorov tweeted, later sharing the post on his Telegram account as well.
Russia’s assaults on cities across Ukraine have left parts of the country with internet outages.
Tomi Engdahl says:
Effective, free, open source Android app released to identify nearby Apple Air Tags
Free Android app lets users detect Apple AirTag tracking
https://www.bleepingcomputer.com/news/security/free-android-app-lets-users-detect-apple-airtag-tracking/amp/
A small team of researchers at the Darmstadt University in Germany have published a report illustrating how their AirGuard app for Android provides better protection from stealthy AirTag stalking than other apps.
An Apple AirTag is a Bluetooth-based device finder released in April 2021 that allows owners to track the device using Apple’s ‘Find My’ service.
Unfortunately, AirTags have great potential for abuse due to their small size as people can slip them into people’s jackets, luggage, or even cars to track them without permission.
Although Apple has implemented an intricate anti-stalking system to prevent cases of abuse, stealthy AirTag tracking continues to remain a problem.
In the case of Android users, the problem is magnified because Apple left them without an official way to locate AirTags until December 2021, when it released Tracker Detect on the Play Store.
A superior solution
The university researchers decided to do something about the Apple AirTag privacy problem in the Android world and reverse-engineered the iOS tracking detection to understand its inner workings better.
They then designed the AirGuard app, a fully automatic and passive detection anti-tracking solution that works against all Find My accessories and other tracking devices.
The app was released in August 2021, and since then, it has amassed a user base of 120,000 people. It can detect all Find My devices, including self-made ones like the cloned or modified AirTags, as the ultimate stealthy tracking tool.
In summary, their approach was found to be superior to the iOS system, let alone Apple’s own anti-tracking app for Android.
“The evaluation showed that AirGuard found more actual trackers in different scenarios compared to the iOS tracking detection,” explained the researchers in a paper released this week.
Should you use AirGuard?
The AirGuard app is open source software available for free via the Google Play Store, so its code is open to scrutiny, and the chances of the app being laced with malware are slim.
However, you should note that these apps request some risky permissions to function on your smartphone, which are integral to providing the promised service.
The detailed privacy policy that discloses precisely how AirGuard uses the collected user data can be found on this webpage.
https://tpe.seemoo.tu-darmstadt.de/privacy-policy.html
Tomi Engdahl says:
Hakkeriryhmä: Venäjän hallinnon sivuja kaadettu – tv-kanava hakkeroitiin näyttämään todenmukaista tietoa
https://f7td5.app.goo.gl/19n8AT
Lähetyskanava @updayFI
Tomi Engdahl says:
Hakkeriryhmä: Venäjän hallinnon sivuja kaadettu – tv-kanava hakkeroitiin näyttämään todenmukaista tietoa
Kansainvälinen hakkeriryhmä väittää tehneensä laajan kyberiskun Venäjän hallinnon verkkosivuilla ja väitetysti myös valtion tv-kanavalle.
https://www.iltalehti.fi/ulkomaat/a/0eec3d84-867d-4993-bed1-10e75f31a698
Tunnettu kansainvälinen hakkeriryhmä Anonymous väittää hakkeroineensa Venäjän valtion televisiokanavan.
Ryhmän julkaiseman tviitin mukaan se hakkeroi tv-kanavan näyttämään lähetyksessään ”todenmukaista tietoa siitä, mitä Ukrainassa tapahtuu”.
Tviittiin on liitetty video, jolla televisiolaitteeseen valitaan kyseinen kanava ja se näyttää muun muassa kuvamateriaalia Venäjän aiheuttamista tuhoista Ukrainassa.
Anonymousin väitettä ei ole kuitenkaan vielä kyetty virallisesti vahvistamaan.
Ulkopoliittisen instituutin johtava tutkija Charly Salonius-Pasternak on kommentoinut Anonymousin väitettä Twitterissä. Hänen mukaansa kyseessä on vuoden 2022 kyberteko, jos tieto on ”edes osittain totta”.
Tomi Engdahl says:
https://thehackernews.com/2022/02/russia-ukraine-war-phishing-malware-and.html
Tomi Engdahl says:
NVIDIA investigating cybersecurity incident
The company released a barebones response to a report that developers have faced two days of outages.
https://www.zdnet.com/article/nvidia-investigating-cybersecurity-incident/
Tomi Engdahl says:
Intel and AMD Halt Processor Sales to Russia: Reports (Updated)
https://www.tomshardware.com/news/intel-amd-nvidia-tsmc-russia-stop-chip-sales-ukraine-sanction
In a sign that the United States government’s export restrictions on semiconductor sales to Russia due to its war against Ukraine have been enacted swiftly, multiple reports have emerged today that both Intel and AMD have suspended chip sales to Russia. In addition, reports have also emerged that TSMC’s decision to participate in the sanctions will thwart Russia’s supply of homegrown chips. Intel has provided us with a statement on the matter, and we have also reached out to AMD and Nvidia for comment.
Tomi Engdahl says:
How a Saudi woman’s iPhone revealed hacking around the world https://finance.yahoo.com/news/saudi-womans-iphone-revealed-hacking-100851583.html
An unusual error in NSO’s spyware allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to discover a trove of evidence suggesting the Israeli spyware maker had helped hack her iPhone, according to six people involved in the incident. A mysterious fake image file within her phone, mistakenly left behind by the spyware, tipped off security researchers.
Tomi Engdahl says:
Conti ransomware gang takes over TrickBot malware operation https://www.bleepingcomputer.com/news/security/conti-ransomware-gang-takes-over-trickbot-malware-operation/
Based on internal Conti conversations that the researchers had access to and shared with BleepingComputer, AdvIntel says that BazarBackdoor moved from being part of TrickBot’s toolkit to a standalone tool whose development is controlled by the Conti ransomware syndicate
Tomi Engdahl says:
Hackers Attach Malicious.exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Starting in January 2022, Avanan observed how hackers are dropping malicious executable files in Teams conversations. The file writes data to the Windows registry, installs DLL files and creates shortcut links that allow the program to self-administer.. Avanan has seen thousands of these attacks per month. In this attack brief, Avanan will analyze how these.exe files are being used by hackers in Microsoft Teams.
Tomi Engdahl says:
Satoja uhreja: Suomessa kiero sähköpostihuijaus https://www.is.fi/digitoday/tietoturva/art-2000008624246.html
Huijaus perustui turvapostin psykologiseen tehoon. Kohteena oli kunta- ja palvelusektori.
Turvapostissa itse viesti ei tule postilaatikkoon, vaan se luetaan verkkopalvelusta. Siitä tulee saapumisilmoitus sähköpostiin.
Suomen kunta- ja palvelusektoriin on kohdistunut mittava ja menestyksekäs tietojenkalastelukampanja, kertoo Liikenne- ja viestintävirasto Traficomin Kyberturvallisuuskeskus Kybersää-raportissaan.
Hyökkäyksen syöttinä toimivat sähköpostit olivat valheellisia ilmoituksia turvapostiin tulleesta laskusta. Näissä oleva linkki johti tietojenkalastelusivulle. Sivu oli räätälöity suomalaiselle kuntasektorille ja ne oli toteutettu hyödyntäen avoimen lähdekoodin verkkosivupalveluntuottajan ilmaista kokeilujaksoa.
Kampanja on saanut satoja uhreja. Rikolliset ovat ottaneet kaapatut sähköpostitilit saman tien käyttöön ja lähettäneet niiltä tuhansia uusia kalasteluviestejä.
Kampanjan teho perustuu siihen, että väärennetty turvaposti tehoaa paremmin kuin tavallinen sähköposti tai tekstiviesti. Ihmiset käyttävät turvapostia verrattain harvoin, mutta sen monimutkaisuus mahdollistaa uskottavan huijaamisen väärennetyllä viestillä.
– Jo pelkkä ajatus turvapostista tuudittaa vastaanottajan uskomaan, että viestiin voi luottaa, Kyberturvallisuuskeskus kirjoittaa.
Tomi Engdahl says:
GitHub code scanning now finds more security vulnerabilities https://www.bleepingcomputer.com/news/security/github-code-scanning-now-finds-more-security-vulnerabilities/
Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production.
Tomi Engdahl says:
Iranian hackers target VMware Horizon servers with Log4j exploits https://www.bleepingcomputer.com/news/security/iranian-hackers-target-vmware-horizon-servers-with-log4j-exploits/
An Iranian-aligned hacking group tracked as TunnelVision was spotted exploiting Log4j on VMware Horizon servers to breach corporate networks in the Middle East and the United States. The ultimate goal of TunnelVision appears to be the deployment of ransomware, so the group is not focused on cyber espionage alone but data destruction and operational disturbance too.
Tomi Engdahl says:
CISA warns of hybrid operations threat to US critical infrastructure https://www.bleepingcomputer.com/news/security/cisa-warns-of-hybrid-operations-threat-to-us-critical-infrastructure/
CISA urged leaders of U.S. critical infrastructure organizations on Friday to increase their orgs’ resilience against a growing risk of being targeted by foreign influence operations using misinformation, disinformation, and malformation (MDM) tactics.
Tomi Engdahl says:
Despite years of preparation, Ukraines electric grid still an easy target for Russian hackers
https://www.politico.com/news/2022/02/19/despite-years-of-preparation-ukraines-electric-grid-still-far-from-ready-for-russian-hackers-00010373
If Russia wants to take down the Ukrainian electric system, I have full confidence that they can, and the Ukrainian playbook in many ways is in a place where preventions not going to happen, Robert M. Lee, CEO and co-founder of cybersecurity group Dragos, said in an interview. He argued corruption and economic barriers in Ukraine have gotten in the way of hardening the electric grid.
Tomi Engdahl says:
Hackers Exploiting Infected Android Devices to Register Disposable Accounts https://thehackernews.com/2022/02/hackers-exploit-bug-in-sms-verification.html
An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation.. n [...] the botnet facilitates easy access to thousands of mobile numbers in different countries, effectively enabling the actors to register new accounts en masse and use them for various scams or even participate in coordinated inauthentic user behavior.
Tomi Engdahl says:
New OpenSea attack led to the theft of millions of dollars in NFT https://blog.checkpoint.com/2022/02/20/new-opensea-attack-led-to-theft-of-millions-of-dollars-in-nfts/
The idea behind the OpenSea migration is to address the existing inactive listings of old NFT’s, and in order to do that, they are planning to upgrade to a new contract. All users will be required to “migrate” their listings on Ethereum to the new smart contract.. [...] Some hackers took advantage of the upgrade process and decided to scam NFT users [...] Signing a transaction is similar to giving someone permission to access all your NFT’s and cryptocurrencies. This is why signing is very dangerous. Pay extra attention to where and when you sign a transaction.
Tomi Engdahl says:
Technical Analysis of the DDoS Attacks against Ukrainian Websites https://www.cadosecurity.com/technical-analysis-of-the-ddos-attacks-against-ukrainian-websites/
Last week the websites for several banks and government organisations in Ukraine were hit with a Distributed Denial-of-Service attack. Below we identify the likely source of the attacks as a botnet called Katana, with preparation for the attack starting at least as early as Sunday 13th February.
Tomi Engdahl says:
Haukutusta Apotista paljastui uusi ominaisuus: Mielenterveyspotilaiden viestit ovat vain yhden “täpän” takana https://www.hs.fi/kaupunki/art-2000008624116.html
KUN helsinkiläinen laittaa sähköisen asiointijärjestelmän kautta viestiä mielenterveysasioissa, hänen viestinsä ei aina menekään vain häntä hoitavalle ihmiselle vaan kaikkiaan neljänkymmenen psykiatrisen sairaanhoitajan tiimille eri puolilta kaupunkia. Asiasta HS:lle kertonut ammattilainen sanoo, että tällaisia toiselle työntekijälle ajateltuja viestejä tulee usein.
Tomi Engdahl says:
Html-hakkeriksi väitetty toimittaja pääsi pälkähästä katsoi vain sivuston lähdekoodia https://www.tivi.fi/uutiset/tv/7bc5feec-bb40-4843-8c16-d892ef796bef
Verkkosivun html:ää vilkaissut toimittaja on vapautettu rikosepäilyistä Missourissa Yhdysvalloissa. Toimittaja oli yrittänyt kertoa paikalliselle kouluhallinnolle tietovuodosta sen sivuilla, mutta joutui itse oudon raastuvalla uhkailun kohteeksi.
Tomi Engdahl says:
Chinese hackers linked to months-long attack on Taiwanese financial sector https://therecord.media/chinese-hackers-linked-to-months-long-attack-on-taiwanese-financial-sector/
A hacking group affiliated with the Chinese government is believed to have carried out a months-long attack against Taiwan’s financial sector by leveraging a vulnerability in a security software solution used by roughly 80% of all local financial organizations.
Tomi Engdahl says:
EvilPlayout: Attack Against Iran’s State Broadcaster https://research.checkpoint.com/2022/evilplayout-attack-against-irans-state-broadcaster/
This article provides an in-depth technical analysis of one of the attacks against the Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB) which occurred in late January 2022.
Tomi Engdahl says:
Jaw-dropping Coinbase security bug allowed users to steal unlimited cryptocurrency https://portswigger.net/daily-swig/jaw-dropping-coinbase-security-bug-allowed-users-to-steal-unlimited-cryptocurrency
A security researcher has netted a $250, 000 bug bounty for disclosing a vulnerability in Coinbase that could have allowed a user to sell’
currency they did not own. [...] Alpha described on Twitter how they used 0.0243 ETH to sell 0.0243 BTC on the BTC-USD pair, “a pair I do not have access to, without holding any BTC”.
Tomi Engdahl says:
Xenomorph: A newly hatched Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Based on the intelligence gathered, users of 56 different European banks are among the targets of this new Android malware trojan, distributed on the official Google Play Store, with more than 50.000 installations.
Tomi Engdahl says:
Asustor NAS owners hit by DeadBolt ransomware attack https://www.bitdefender.com/blog/hotforsecurity/asustor-nas-owners-hit-by-deadbolt-ransomware-attack/
Owners of Asustor NAS drives have woken up to discover that data they believed was safe and sound on their network storage devices has instead been encrypted by ransomware, and that cybercriminals are demanding a ransom.