My Weekly Roundup #139
Fake News of Cyber Attacks Fast-Spreads, as Conflict between Russia and Ukraine Escalates
One of the most active players in the cyberspace during the war in Ukraine are hacktivists that support either Russia or Ukraine for ideological reasons. Those groups currently create the highest “noise” in the cyberspace around the conflict, but not always the highest damage.
Amazon Alexa can be hijacked via commands from own speaker
Without a critical update, Amazon Alexa devices could wake themselves up and start executing audio commands issued by a remote attacker, according to infosec researchers from Royal Holloway, University of London.
Help for Ukraine: Free decryptor for HermeticRansom ransomware
On February 24th, the Avast Threat Labs discovered a new ransomware strain accompanying the data wiper HermeticWiper malware, which our colleagues at ESET found circulating in the Ukraine.
Hackers Who Broke Into NVIDIA’s Network Leak DLSS Source Code Online
American chipmaking company NVIDIA on Tuesday confirmed that its network was breached as a result of a cyber attack, enabling the perpetrators to gain access to sensitive data.
Ukraine Universities Hacked By Brazilian Via Finland As Russian Invasion Started
The Wordfence team has identified a massive attack on Ukrainian universities that coincided with the invasion of Ukraine by Russia, and resulted in at least 30 compromised Ukrainian university websites.
Threat Spotlight: Attacks on Log4Shell vulnerabilities
The Log4Shell complex of vulnerabilities in the Log4J software have now been publicly known for more than two months.
Ransomware as a distraction
Our researchers analyzed the HermeticRansom malware also known as Elections GoRansom. By and large, this is a fairly simple cryptor that. What is interesting in this case is the purpose for which attackers are using it.
Introducing the Golden GMSA Attack
This article introduces a new attack targeting Group Managed Service Accounts (gMSA), dubbed the “Golden GMSA” attack, allowing attackers to dump Key Distribution Service (KDS) root key attributes and then generate the password for all the associated gMSAs offline.
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
As the recent hostilities started between Russia and Ukraine, ESET researchers discovered several malware families targeting Ukrainian organizations.
Trickbot Group’s AnchorDNS Backdoor Upgrades to AnchorMail
IBM Security X-Force researchers have discovered a revamped version of the Trickbot Group’s AnchorDNS backdoor being used in recent attacks ending with the deployment of Conti ransomware.
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
New research by the Symantec Threat Hunter team, part of Broadcom Software, has uncovered a highly sophisticated piece of malware being used by China-linked threat actors, exhibiting technical complexity previously unseen by such actors.
100 Million Samsung Galaxy Phones Affected with Flawed Hardware Encryption Feature
A group of academics from Tel Aviv University have disclosed details of now-patched “severe” design flaws affecting about 100 million Android-based Samsung smartphones that could have resulted in the extraction of secret cryptographic keys.
Updates on Our Security Work in Ukraine
We took down a network run by people in Russia and Ukraine targeting Ukraine for violating our policy against coordinated inauthentic behavior.
Beware of charity scams exploiting war in Ukraine
Looking to help people in Ukraine? Donate wisely – do your research first so you give without getting scammed Times of crisis may bring out the best in you, but they also have a way of bringing out the worst in scammers.
Schneider Electric Easergy P5 and P3
Successful exploitation of these vulnerabilities may disclose device credentials, cause a denial-of-service condition, device reboot, or allow an attacker to gain full control of the relay. This could result in loss of protection to your electrical network.
Moscow Exchange, Sberbank Websites Knocked Offline—Was Ukraine’s Cyber Army Responsible?
Early Monday morning, the website for the Moscow Stock Exchange went down and was inaccessible. While its claims couldn’t be verified, the Ukraine IT Army, a crowdsourced community of hackers endorsed by Kyiv officials, called on members to launch attacks on the website, Moex[.
Conti ransomware’s internal chats leaked after siding with Russia
An angry member of the Conti ransomware operation has leaked over 60,000 private messages after the gang sided with Russia over the invasion of Ukraine.
Some details of the DDoS attacks targeting Ukraine and Russia in recent days
At 360Netlab, we continuously track botnets on a global scale through our BotMon system. In particular, for DDoS-related botnets, we further tap into their C2 communications to enable us really see the details of the attacks.
Toyota to halt operations at all Japan plants due to cyberattack
NAGOYA – Toyota Motor will shut down all of its plants in Japan on Tuesday as a major supplier was hit by a suspected cyberattack, Nikkei has learned. The decision came after the supplier was hit by the attack, bringing a parts supply management system to a halt.
Revised flight plan brings change for Samantha
Throughout her time on board, Samantha will have the role of lead of the United States Orbital Segment (USOS), which includes the US, European, Japanese and Canadian modules and components of the Space Station.
All eyes will be on the historic Launch Complex 39B when Orion and the Space Launch System (SLS) lift off for the first time from NASA’s modernized Kennedy Space Center in Florida. The mission will demonstrate our commitment and capability to extend human existence to the Moon and beyond.
The internet in Ukraine is still mostly online. Could Starlink be a backup if it goes out?
Elon Musk has a tendency to be outrageous on Twitter, and the Ukrainian government may have found a way to leverage him to help the country stay online if the internet goes out during the Russian invasion.
WSJ: Why Age Verification Is So Difficult for Websites
For users determined to flout rules, “there are going to be straightforward workarounds,” says Jake Wiener, domestic surveillance law fellow at the Electronic Privacy Information Center, a nonprofit research group.
Namecheap offers free anonymous hosting, domains for anti-Putin sites
US-based domain registrar Namecheap announced today that it will provide sites protesting the current regime in Russia and Belarus with free domains and web hosting. Namecheap has more than 1,700 employees across 18 countries and manages more than 14 million domains worldwide.
Cybersecurity Experts Urge EU Lawmakers to Fix Website Authentication Proposal That Puts Internet Users’ Security and Privacy at Risk
December 22, 2021H.E.
EU, US close to replacing defunct Privacy Shield II
The State of the Net conference in Washington, DC, has heard officials representing the EU and the US say they believe they are close to reaching a data-sharing agreement to replace Privacy Shield.
Personal Data of 3 Million BitChute Users Sold on Hacker Forum
Personal data of close to 3 million BitChute users is being sold on a popular hacker forum for a sum of $4,000. The data is sold by a hacker or group of hackers known as Pompompurin.
‘Star Trek: Picard’ Recap: Leave Jean-Luc Alone
Picard has earned his retirement. Is there really no one else who can save the universe? Why can’t poor Jean-Luc Picard just be left alone in retirement?
Star Trek Picard Season 2 Premiere Secrets Revealed, Ending Explained
Patrick Stewart, Jeri Ryan, and more break down Picard’s new emotional arc, Seven’s anger, the big villain, and that ending. Warning: This article contains Star Trek: Picard spoilers.