Cyberspace is yet another frontier in the Russia-Ukraine war. Russia-backed large-scale сyber-attacks accompany military aggression against Ukraine, aiming to bring key elements of Ukrainian infrastructure offline. The newly spotted CaddyWiper malware adds to a strain of previously revealed cyber threats – HermeticWiper, WhisperGate, and IsaacWiper. The novel data wiping malware does not bear a resemblance […]
The notorious Emotet is back, having its Epoch 5 resurgence after all the command and control (C&C) servers of the botnet were disrupted in a joint international law enforcement Operation Ladybird in early 2021. As per researchers, it was only a matter of time for Emotet’s C&C infrastructure to restore and begin a full-fledged cyber-attack […]
On February 24, 2022, Russia ignored international law and long-standing diplomatic agreements to launch a full-scale invasion of Ukraine by land, sea, and air. Disinformation campaigns continue to try and hide the facts that the Russian aggression has abandoned the basic principles of humanity, killing civilians, destroying cities, and creating a massive humanitarian crisis as […]
A notorious Initial Access Broker PROPHET SPIDER was found exploiting CVE-2021-22941 vulnerability to gain unauthorized access to a Microsoft Internet Information Services (IIS) webserver. Cybercriminals aim at breaching organizations’ security systems to block sensitive data and then sell access to ransomware groups. Exploiting the abovementioned path-traversal vulnerability allows adversaries to deliver a webshell that would […]
The APT41 actors compromised six and counting U.S. state government networks starting May last year. APT41 conducted numerous exploits of public-facing web applications, including using notorious zero-day in Log4j, and leveraging a CVE-2021-44207 in USAHERDS web application, which is used in 18 states to monitor and report on animal health. Recent attacks are characterized by […]
Power of Community Collaboration On Thursday, February 24, 2022, the independent country of Ukraine was brutally attacked by Russian military forces. Turning down the regulations of international law, existing diplomatic agreements, and basic principles of humanity, the armed forces of the Russian Federation actively and openly supported by the ruling regime, have been barbarously attacking […]
The Chinese state-sponsored APT group TA416 (aka Mustang Panda/Red Delta) has been found targeting European government agencies and diplomatic entities that deliver services for Ukrainian refugees and migrants who flee from Russian aggression. A detailed analysis shows that attackers primarily aim at conducting long-term cyber-espionage campaigns rather than chasing immediate gains. The research conducted by […]
A novel bug dubbed Dirty Pipe (CVE-2022-0847) enables privilege escalation and allows attackers to gain root access by overwriting data in read-only files and SUID binaries. The weakness lies in the faulty handling of pipe buffer flags by Linux Kernel. The name refers to a Linux mechanism of processes’ interaction within the OS, dubbed a […]
One of the fiercest Russia-backed ransomware actors, Conti Group, has become a victim of a data breach. On February 27, 2022, a mysterious Twitter member @ContiLeaks started publishing a series of posts linking to archives with private messages and the source code of Conti. Other posts of a whistleblower make it quite obvious that he […]
On Feb 24, 2022, Ukraine woke up to multiple shelling attacks across the country as Russia aggressively invaded its neighbor, violating all current international agreements. Russian troops and tanks attacked Ukrainian borders on the East, West, and North, sent by the Kremlin as a next savage step in the continuous violation of territorial integrity of […]