- GoDaddy joins the dots and realizes it’s been under attack for three years
February 20, 2023
Web hosting and domain name concern GoDaddy has disclosed a fresh attack on its infrastructure, and concluded that it is one of a series of linked incidents dating back to 2020. The business took the unusual step of detailing the attacks in its Form 10-K – the formal annual report listed entities are required to file ...
- Suffolk County starting to restore online services amid months-long cyberattack
February 18, 2023
Suffolk County has been suffering through a massive cyberattack for months, but progress has been made to restore security. Social security numbers of 26,000 county employees and drivers license numbers of 470,000 were exposed or accessed. Read more… Source: MSN News
- FBI tackles ‘isolated’ IT security breach
February 17, 2023
The FBI claims it has dealt with a cybersecurity “incident” that reportedly involved computer systems being used to investigate child sexual exploitation. “The FBI is aware of the incident and is working to gain additional information,” a spokesperson said in a statement to The Register. “This is an isolated incident that has been contained. As this ...
- Earth Kitsune delivers new WhiskerSpy backdoor via watering hole attack
February 17, 2023
Trend Micro researchers discovered a new backdoor which Trend Micro have attributed to the advanced persistent threat actor known as Earth Kitsune, which they have covered before. Since 2019, Earth Kitsune has been distributing variants of self-developed backdoors to targets, primarily individuals who are interested in North Korea. In many of the cases, Trend Micro have ...
- Top cyber official steps down as Biden admin charts new strategy
February 17, 2023
John C. Inglis left his post as the first national cyber director this week while the Biden administration plans a new cyber strategy. Mr. Inglis formally exited before the administration details its long-anticipated national cybersecurity strategy that his team has played a lead role in developing. Read more… Source: The Washington Times
- Norway finds a way to recover crypto North Korea pinched in Axie heist
February 17, 2023
Norwegian authorities announced on Thursday that they had recovered $5.9 million of cryptocurrency stolen in the Axie Infinity hack – an incident widely held to have been perpetrated by the Lazarus Group, which has links to North Korea. The Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim) has called the seizure ...
- Cisco’s ClamAV has a heckuva flaw
February 17, 2023
“A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code,” states Cisco’s security advisory, which identifies the issue as CVE-2023-20032. “This vulnerability is due to a missing buffer size check that may result in a ...
- Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor
February 16, 2023
Symantec, by Broadcom Software, has observed a new malware that abuses a feature of Microsoft’s Internet Information Services (IIS) to deploy a backdoor onto targeted systems. The malware, dubbed Frebniis (Backdoor.Frebniis), was used by a currently unknown threat actor against targets in Taiwan. Read more… Source: Symantec
- CISA Releases Fifteen Industrial Control Systems Advisories
February 16, 2023
CISA released fifteen (15) Industrial Control Systems (ICS) advisories on February 16, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations: ICSA-23-047-01 Siemens Solid Edge ICSA-23-047-02 Siemens SCALANCE X-200 IRT ICSA-23-047-03 Siemens Brownfield Connectivity Client ICSA-23-047-04 Siemens ...
- Fog of war: how the Ukraine conflict transformed the cyber threat landscape
February 16, 2023
Nearly one year ago, Russia invaded Ukraine, and we continue to see cyber operations play a prominent role in the war. To provide more insights into the role of cyber, today, we are releasing our report Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape based on analysis from Google’s Threat Analysis ...
- Invitation to a secret event: Uncovering Earth Yako’s campaigns
February 16, 2023
In 2021, Trend Micro researchers observed several targeted attacks against researchers of academic organizations and think tanks in Japan. Trend Micro have since been tracking this series of attacks and identified the new intrusion set we have named “Earth Yako”. Their research points the attribution to the known campaign “Operation RestyLink” or “Enelink”. Upon investigating several ...