Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Russia Sanctions May ...

 Latest Warnings

President Biden joined European leaders this week in enacting economic sanctions against Russia in response to its invasion of Ukraine. The West has promised tougher sanctions are coming, but experts warn these will almost certainly trigger a Russian retaliation against America and its allies, which could escalate   show more ...

into cyber attacks on Western financial institutions and energy infrastructure. Michael Daniel is a former cybersecurity advisor to the White House during the Obama administration who now heads the Cyber Threat Alliance, an industry group focused on sharing threat intelligence among members. Daniel said there are two primary types of cyber threats the group is concerned about potentially coming in response to sanctions on Russia. The first involves what Daniel called “spillover and collateral damage” — a global malware contagion akin to a NotPeyta event — basically some type of cyber weapon that has self-propagating capabilities and may even leverage a previously unknown security flaw in a widely-used piece of hardware or software. Russia has been suspected of releasing NotPetya, a large-scale cyberattack in 2017 initially aimed at Ukrainian businesses that mushroomed into an extremely disruptive and expensive global malware outbreak. “The second level [is that] in retaliation for sanctions or perceived interference, Russia steps up more direct attacks on Western organizations,” Daniel said. “The Russians have shown themselves to be incredibly ingenious and creative in terms of how they come up with targets that seem to catch us by surprise. If the situation escalates in cyberspace, there could be some unanticipated organizations that end up in the crosshairs.” What kinds of attacks are experts most concerned about? In part because the Russian economy is so dependent on energy exports, Russia has invested heavily in probing for weaknesses in the cyber systems that support bulk power production and distribution. Ukraine has long been used as the testing grounds for Russian offensive hacking capabilities targeting power infrastructure. State-backed Russian hackers have been blamed for the Dec. 23, 2015 cyberattack on Ukraine’s power grid that left 230,000 customers shivering in the dark. Experts warn that Russia could just as easily use its arsenal of sneaky cyber exploits against energy systems that support U.S. and European nations. In 2014, then National Security Agency Director Mike Rogers told lawmakers that hackers had been breaking into U.S. power utilities to probe for weaknesses, and that Russia had been caught planting malware in the same kind of industrial computers used by power utilities. “All of that leads me to believe it is only a matter of when, not if, we are going to see something dramatic,” Rogers said at the time. That haunting prophecy is ringing anew as European leaders work on hammering out additional sanctions, which the European Commission president says will restrict the Russian economy’s ability to function by starving it of important technology and access to finance. A draft of the new penalties obtained by The New York Times would see the European Union ban the export of aircraft and spare parts that are necessary for the maintenance of Russian fleets. “The bloc will also ban the export of specialized oil-refining technology as well as semiconductors, and it will penalize more banks — although it will stop short of targeting VTB, Russia’s second-largest bank, which is already crippled by American and British sanctions,” The Times wrote. Dmitri Alperovitch is co-founder and former chief technology officer at the security firm CrowdStrike. Writing for The Economist, Alperovitch said America must tailor its response carefully to avoid initiating a pattern of escalation that could result in a potentially devastating hot war with Russia. “The proposed combination of sanctions on top Russian banks and implementation of export controls on semiconductors would be likely to severely debilitate the Russian economy,” Alperovitch wrote. “And although many in the West may initially cheer this outcome as righteous punishment for Russia’s blatant violation of Ukrainian sovereignty, these measures will probably trigger significant Russian retaliation against America. That prospect all but guarantees that the conflict will not come to an end with an invasion of Ukraine.” Faced with a potentially existential threat to its economic well-being — and seeing itself as having nothing more to lose — Russia will have several tools at its disposal with which to respond, he said: One of those will be carrying out cyber-attacks against American and European financial institutions and energy infrastructure. “Having already exhausted the power of economic sanctions, America and its European allies would have few choices other than to respond to these attacks with offensive cyber-strikes of their own,” Alperovitch wrote. “This pattern of tit-for-tat cyber retaliation could place Russia and the West on a worrying path. It could end with the conflict spilling out of cyberspace and into the realm of a hot conflict. This outcome—a hot conflict between two nuclear powers with extensive cyber capabilities—is one that everyone in the world should be anxious to avoid.” In May 2021, Russian cybercriminals unleashed a ransomware attack against Colonial Pipeline, a major fuel distributor in the United States. The resulting outage caused fuel shortages and price spikes across the nation. Alperovitch says a retaliation from Russia in response to sanctions could make the Colonial Pipeline attack seem paltry by comparison. “The colonial pipeline is going to be like child’s play if the Russians truly unleash all their capability,” Alperovitch told CNBC this week. For example, having your organization’s computers and servers locked by ransomware may seem like a day at the park compared to getting hit with “wiper” malware that simply overwrites or corrupts data on infected systems. Kim Zetter, a veteran Wired reporter who now runs her own cybersecurity-focused Substack newsletter, has painstakingly documented two separate wiper attacks launched in the lead-up to the Russian invasion that targeted Ukrainian government and contractor networks, as well as systems in Latvia and Lithuania. One contractor interviewed by Zetter said the wiper attacks appeared to be extremely targeted, going after organizations that support the Ukrainian government — regardless of where those organizations are physically located. “The wiper, dubbed HermeticaWiper, appears to have been in the works for months but was only released on computers today,” Zetter wrote. “It follows on a previous wiper attack that struck Ukrainian systems in January called WhisperGate. Like that previous infection, HermeticaWiper is designed to overwrite files on systems to render them inoperable.” A joint advisory last week by the FBI, National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) warned that Russian cyber actors have been targeting cleared defense contractors, and that since January 2020 and continuing through this month, the cyber actors had maintained a persistent presence on those contractor networks. The advisory said the attackers exfiltrated email and data, and were able to “acquire sensitive, unclassified information, as well as proprietary and export-controlled technology.” A report Thursday by NBC News suggested President Biden had been presented with options for massive cyberattacks against Russia, including the disruption of Internet access across Russia, shutting off the power, and stopping trains in their tracks. But White House National Security Council spokesperson Emily Home told Reuters the NBC News report was “wildly off base and does not reflect what is actually being discussed in any shape or form.” That’s good news, according to Jim Lewis, director of the public policy program at the Center for Strategic and International Studies. Lewis said the United States and its allies have far more to lose if the West gets embroiled in an escalation of cyber attacks with Russia over sanctions. “The asymmetry in pressure points makes the idea of us doing something probably not a good idea,” Lewis told KrebsOnSecurity. “If Putin hasn’t gone completely nuts, he’ll be cautious of doing anything that might be construed under international law as the use of force through cyber means.” Lewis said a more likely response from Russia would include enlisting cybercriminals throughout Russia and the Commonwealth of Independent States to step up ransomware and other disruptive attacks against high-impact targets in specific industries. “The pressure points for Putin are his political support — the oligarchs and security services,” Lewis said. “If we want to squeeze him, that’s where we have to squeeze, things like seizing all their real estate in Miami Beach, or putting them on no-fly lists. If you want to hurt Putin, a cyberattack probably wouldn’t do it. Unless it was against his bank account.” In a call to action issued earlier this week dubbed “Shields Up,” CISA warned that Russia could escalate its destabilizing actions in ways that may impact others outside of Ukraine. CISA also published a new catalog of free public and private sector cybersecurity services.

 Malware and Vulnerabilities

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked.

 Companies to Watch

The Series C round, which brings total funding to date to $183M, was led by Tiger Global with participation from Battery Ventures, Hanaco, Phoenix Insurance, and Key1 Capital.

 Govt., Critical Infrastructure

The center was announced by state governor Kathy Hochul on Tuesday at a joint conference held with the mayors of New York City, Albany, Buffalo, Rochester, Syracuse, and Yonkers.

 Trends, Reports, Analysis

Fraudsters often try to spoof the number of banks and other institutions in order to persuade targets of the legitimacy of their request for personal and financial information.

 Trends, Reports, Analysis

A new report on industrial cybersecurity has revealed three new threat groups, besides LockBit 2.0 and Conti, that have been targeting the industrial sector. Experts spotted three new groups Petrovite, Kostovite, and Erythrite, that have been targeting ICS/OT systems. To protect from threats, the industrial sector ought to have an in-depth security strategy to overcome and withstand such attacks.

 Threat Actors

The U.S. and U.K released a joint security advisory warning that Russian-backed Sandworm has started using a new malware, dubbed Cyclops Blink. The group has mostly deployed the Cyclops Blink to WatchGuard devices. The joint advisory recommends referring to indicators of compromise and provides guidance on how to better detect any possible activity on networks.

 Feed

Red Hat Security Advisory 2022-0565-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.6.55. Issues addressed include a cross site request forgery vulnerability.

 Feed

Red Hat Security Advisory 2022-0672-01 - Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Issues addressed include a code execution vulnerability.

 Feed

This Metasploit module allows remote attackers to execute arbitrary code on Exchange Server 2019 CU10 prior to Security Update 3, Exchange Server 2019 CU11 prior to Security Update 2, Exchange Server 2016 CU21 prior to Security Update 3, and Exchange Server 2016 CU22 prior to Security Update 2. Note that   show more ...

authentication is required to exploit this vulnerability. The specific flaw exists due to the fact that the deny list for the ChainedSerializationBinder had a typo whereby an entry was typo'd as System.Security.ClaimsPrincipal instead of the proper value of System.Security.Claims.ClaimsPrincipal. By leveraging this vulnerability, attacks can bypass the ChainedSerializationBinder's deserialization deny list and execute code as NT AUTHORITYSYSTEM. Tested against Exchange Server 2019 CU11 SU0 on Windows Server 2019, and Exchange Server 2016 CU22 SU0 on Windows Server 2016.

 Feed

Red Hat Security Advisory 2022-0665-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

 Feed

Red Hat Security Advisory 2022-0669-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

 Feed

Red Hat Security Advisory 2022-0666-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.

 Feed

Red Hat Security Advisory 2022-0555-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Issues addressed include a cross site request forgery vulnerability.

 Feed

Red Hat Security Advisory 2022-0668-01 - The cyrus-sasl packages contain the Cyrus implementation of Simple Authentication and Security Layer. SASL is a method for adding authentication support to connection-based protocols.

 Feed

Red Hat Security Advisory 2022-0667-01 - The python-pillow packages contain a Python image processing library that provides extensive file format support, an efficient internal representation, and powerful image-processing capabilities. Issues addressed include a buffer over-read vulnerability.

 Feed

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot is gone... It is official now as of Thursday, February 24, 2022. See you soon... or not," AdvIntel's

 Feed

Cisco has released software updates to address four security vulnerabilities in its software that could be weaponized by malicious actors to take control of affected systems. The most critical of the flaws is CVE-2022-20650 (CVSS score: 8.8), which relates to a command injection flaw in the NX-API feature of Cisco NX-OS Software that stems from a lack of sufficient input validation of

 Feed

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country's full-blown invasion of Ukraine enters the second day. In addition to cautioning of the "threat of an increase in the intensity of computer attacks," Russia's National Computer Incident Response and Coordination Center said that the "attacks can be aimed at disrupting

 Feed

Cybersecurity agencies from the U.K. and the U.S. have laid bare a new malware used by the Iranian government-sponsored advanced persistent threat (APT) group in attacks targeting government and commercial networks worldwide. "MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors," the agencies 

 Feed

Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the

 Business + Partners

Making the case The pros behind Carbonite + Webroot joined forces with industry leading researchers at IDC to develop an easy-to-understand framework for fighting back against cybercrime. The results? A 6-step plan for adopting a cyber resilience strategy meant to keep businesses safe. IDC looked into the data and   show more ...

past the alarming headlines with million-dollar ransom payments and crippling supply chain attacks. The facts they found are eye-opening and underline why cyber resilience is the best strategy: less than 2% of full-time staff at SMBs are dedicated to tech30% of companies that paid a ransom forked over between $100,000 and $1 million56% of ransomware victims suffered at least a few days or a week of downtime Of course, the best strategies can’t help anyone who doesn’t adopt them. So IDC also compiled tips for communicating with businesses. Whether you’re an MSP, an IT pro or just a friend, you can use these tips to help convince the underprepared that they need a cyber resilience strategy. The 4 reasons why cyber resilience makes sense IDC researchers make an iron-clad case for cyber resilience by looking at the current state of cybercrime. The found 4 main reasons why businesses need a cyber resilience framework: Crippling cyberattacks are on the rise. Evolving methods and sophisticated tactics make cybercrime a booming business for criminals.A distributed IT footprint brings greater risk. The onset of hybrid work opens new pathways ready to be exploited. And let’s face it, the average home WiFi doesn’t have the right kind of security.IT departments are stretched thin. Less than 2% of SMBs’ total employee base is dedicated to full-time IT staff.*Consequences of an attack remain dire. Attacks continue to reverberate past the day of a breach, with 55% of ransomware victims suffering a few days to a week of costly downtime.** The right tools can fight back But it’s not all bad news. Adopting the right strategy and the right tools sets you on the road to protecting your business. The headlines are scary and the stats are alarming, but they’re not prophecy. Businesses don’t have to live in fear of falling victim to cyberattacks. From framework to action IDC goes in depth for the steps businesses can take to adopt cyber resilience. Here’s a quick preview of the framework: Identify. You can’t protect what you haven’t first identified.Protect. Employees and their devices are cybercriminals’ first targets. Protect them and start a systematic file and backup system.Detect. Threat intelligence and experience-based detection can thwart even the most sophisticated attackers.Respond. It’s imperative to stop attackers’ advances before real harm occurs.Recover. Clean up infected devices, close backdoors and have a plan to recover damaged or out-of-commission assets.Educate. Empower your employees to form a citizen army of cybersecurity checkpoints. Combining powers to form the best defense IDC also suggests the best ways that businesses can take action to protect themselves. By combining the powers of outside help with in-house know how, businesses benefit from the best of two worlds. Ready to start protecting yourself and your business? Explore how Carbonite + Webroot provide a full range of cyber resilience solutions. Download the IDC report. * IDC’s Worldwide Small and Medium Business Survey, 2020 ** IDC, Future Enterprise Resiliency & Spending Survey Wave 6, July 2021, IDC’s 2021 Ransomware Study: Where You Are Matters! The post Protect From Cyberattacks With These 6 Steps For Cyber Resilience appeared first on Webroot Blog.

2022-02
Aggregator history
Friday, February 25
TUE
WED
THU
FRI
SAT
SUN
MON
FebruaryMarchApril