Polish government officials have issued a warning that a cyberespionage group, believed to be linked to Russia's intelligence services, is targeting diplomatic and foreign ministries from NATO and EU member states. The group, known as APT29, Cozy Bear, and NOBELIUM, is believed to be part of Russia's Foreign Intelligence Service (SVR). This group was responsible for the 2020 supply chain attack against software company SolarWinds, which...
Read More
Cybercriminals are increasingly turning to stolen credentials as a valuable commodity on the underground market. According to a report by cybersecurity firm Flashpoint, last year saw 4,518 data breaches reported, with attackers stealing or exposing 22.62 billion credentials and personal records. Over 60% of these were stolen from organizations in the information sector. Flashpoint's database of threat intelligence includes 575 million posts on illegal forums, 3.6...
Read More
Chinese online fashion retailer, Shein, has been found to have had a bug in an older version of its Android application that periodically captured and transmitted clipboard contents to a remote server. The issue was discovered by the Microsoft 365 Defender Research Team in version 7.9.2 of the app, which was released on December 16, 2021. The issue has since been addressed as of May...
Read More
On February 23, 2023, multiple threat actors have been observed exploiting a critical security vulnerability impacting several Zoho ManageEngine products since January 20, 2023. Tracked as CVE-2022-47966 (CVSS score: 9.8), the remote code execution flaw allows a complete takeover of the susceptible systems by unauthenticated attackers. Martin Zugec of Bitdefender's cybersecurity firm revealed in a technical advisory that the vulnerability "allows unauthenticated remote code execution due...
Read More
China-based cyberespionage actor DEV-0147 has been observed compromising diplomatic targets in South America, according to Microsoft’s Security Intelligence team. The initiative is “a notable expansion of the group’s data exfiltration operations that traditionally targeted gov’t agencies and think tanks in Asia and Europe,” the team tweeted on Monday. DEV-0147’s attacks in South America included post-exploitation activity involving the abuse of on-premises identity infrastructure for reconnaissance...
Sandworm Targets Ukraine and its Supporters In the last months of 2022, Russian Advanced Persistent Threat (APT) group Sandworm continued its data wiping attacks against Ukrainian organizations, but expanded its efforts to organizations from countries that are strong supporters of Ukraine, such as Poland, according to a new report by cybersecurity firm ESET. Sandworm is believed to operate as a unit inside Russia's military intelligence agency,...
Read More
LastPass, maker of a popular password management application, revealed Thursday that an unauthorized party gained access to its development environment through a compromised developer account and stole some source code and proprietary technical information. An initial probe of the incident has revealed no evidence that customer data or encrypted password vaults were accessed by the intruder, CEO Karim Toubba stated in a company blog post. Toubba...
Read More
The need for organisations to guard against the dangers of ransomware is not new, yet never has the threat to data been so pervasive as in 2022. In addition to the perpetually ongoing growth in the scale and sophistication of the capabilities which threat actors possess, there’s been the requirement for businesses to rapidly shift to work-from-home models since the outbreak of the Covid-19 pandemic –...
Read More
The hacker group that recently broke into systems belonging to graphics chip maker Nvidia has released two of the company's old code-signing certificates. Researchers warn the drivers could be used to sign kernel-level malware and load it on systems that have driver signature verification. The certificates were part of a large cache of files that hackers claim totals 1TB and includes source code and API documentation...
Read More
The Australian insurance industry is being inundated with rapidly changing customer expectations and demands with digital transformation a necessity for insurers to increase customer engagement, make claims processes easier, better serve employees and for competitive advantage. This increased reliance on digital technologies, as well as the sensitive data collected by insurance providers, have made the industry a prime target for cybercriminals. Insurance accounted for 34 of...
Read More