Security News > 2022 > January

The FBI has formally linked the Diavol ransomware operation to the TrickBot Group, the malware developers behind the notorious TrickBot banking trojan. A month later, IBM X-Force researchers established a stronger connection between Diavol ransomware and other TrickBot Gang's malware, such as Anchor and TrickBot.

The Microsoft RDP vulnerability is a serious problem, but with a few caveats: It's been patched, and experts say it may be less likely to happen than it seems at first glance. A recently discovered vulnerability in Microsoft's remote desktop protocol goes back to Windows Server 2012 R2 and lets anyone who can connect to an RDP session gain near total control over other RDP users, launching a man-in-the-middle attack.

NIS is the main law controlling security practices in the UK today. Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport is the new ability to amend NIS's reporting thresholds.

LastPass's Premium Plan keeps your digital life secure and at your fingertips with management for an unlimited number of passwords and seamless access across all of your devices. Password managers are a far better alternative to jotting down your passwords in a notebook in your desk drawer, but with so many to choose from, it can feel like a task in itself to simply find the right one for you.

Typically, a web browser permits scripts on one web page to access data on a second web page only if both pages have the same origin/back-end server. Without this security policy in place, a snooper who manages to inject a malicious script into one website would be able to have free access to any data contained in other tabs the victim may have open in the browser, including access to online banking sessions, emails, healthcare portal data and other sensitive information.

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service."As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine's critical infrastructure are part of Russia's hybrid tactics to threaten Ukraine."

ProtonMail has introduced an enhanced email tracking protection system for its web-based email solution that prevents senders from being tracked by recipients who open their messages. ProtonMail is an end-to-end encrypted email service based in Switzerland and uses a client-side encryption approach to maintain user privacy and protect their communications from snooping intermediaries.

The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails. 'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.

The Red Cross is imploring threat actors to show mercy by abstaining from leaking data belonging to 515,000+ "Highly vulnerable" people that were stolen from a program used to reunite family members split apart by war, disaster or migration. The attack forced the ICRC, along with the wider Red Cross and Red Crescent network, to shut down the systems underpinning the Restoring Family Links site.

Bank Indonesia, the central bank of the Republic of Indonesia, has confirmed today that a ransomware attack hit its networks last month. During the incident, the attackers stole "Non-critical data" belonging to Bank Indonesia employees before deploying ransomware payloads on over a dozen systems on the bank's network, as CNN Indonesia reported.