Security News > 2022 > February
Domain registrar Namecheap is emailing customers registered in Russia saying it will no longer provide them with services because of Russia's invasion of Ukraine. Namecheap also asked Russian users to move their top-level domains to other providers until March 6 and offered to help those who reach out for assistance with the move.
Domain registrar Namecheap is emailing customers registered in Russia saying it will no longer provide them with services because of Russia's invasion of Ukraine. Namecheap also asked Russian users to move their top-level domains to other providers until March 6 and offered to help those who reach out for assistance with the move.
Axis Communications has published a post mortem about a cyberattack that caused severe disruption in their systems, with some systems still partially offline. The Swedish manufacturer of network cameras, access control systems, and surveillance network appliances suffered a cyberattack on Sunday, February 20, 2021, forcing it to shut down all systems to limit the impact.
Microsoft said that Ukrainian networks were targeted with recently found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a malware strain they named FoxBlade. "We immediately advised the Ukrainian government about the situation, including our identification of the use of a new malware package, and provided technical advice on steps to prevent the malware's success."
Microsoft said that Ukrainian networks were targeted with newly found malware several hours before Russia's invasion of Ukraine on February 24th. Researchers with the Microsoft Threat Intelligence Center observed destructive attacks targeting Ukraine and spotted a new malware strain they dubbed FoxBlade. "Several hours before the launch of missiles or movement of tanks on February 24, Microsoft's Threat Intelligence Center detected a new round of offensive and destructive cyberattacks directed against Ukraine's digital infrastructure," Microsoft President and Vice-Chair Brad Smith said.
Approximately 260,000 nonpublic disciplinary records stored on behalf of The State Bar of California were found to be exposed to the public and to have been republished on Judyrecords.com, a website that aggregates over 630 million public court records. Full case records were not disclosed, the State Bar said, and it's not yet clear how many attorney and witness names were revealed.
The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group's internal chat messages online. On Twitter a message from a Conti member saying that "This is a friendly heads-up that the Conti gang has just lost all their sht."
The U.S. Cybersecurity and Infrastructure Security Agency expanded its Known Exploited Vulnerabilities Catalog to include a recently disclosed zero-day flaw in the Zimbra email platform citing evidence of active exploitation in the wild. Tracked as CVE-2022-24682, the issue concerns a cross-site scripting vulnerability in the Calendar feature in Zimbra Collaboration Suite that could be abused by an attacker to trick users into downloading arbitrary JavaScript code simply by clicking a link to exploit URLs in phishing messages.
Users of Horde Webmail are being urged to disable a feature to contain a nine-year-old unpatched security vulnerability in the software that could be abused to gain complete access to email accounts simply by previewing an attachment. "This gives the attacker access to all sensitive and perhaps secret information a victim has stored in their email account and could allow them to gain further access to the internal services of an organization," SonarSource vulnerability researcher, Simon Scannell, said in a report.
Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. "SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as a backup backdoor in case the primary one fails," Palo Alto Networks' Unit 41 threat intelligence said in a report published Thursday.