Security News > 2022 > February

Facebook says it took down accounts used by a Belarusian-linked hacking group to target Ukrainian officials and military personnel on its platform. "We detected attempts to target people on Facebook to post YouTube videos portraying Ukrainian troops as weak and surrendering to Russia, including one video claiming to show Ukrainian soldiers coming out of a forest while flying a white flag of surrender," Meta's Head of Security Policy Nathaniel Gleicher and Threat Disruption Director David Agranovich said.

Tarah Wheeler and Josephine Wolff analyze a recent court decision that the NotPetya attacks are not considered an act of war under the wording of Merck's insurance policy, and that the insurers must pay the $1B+ claim. Wheeler and Wolff argue that the judge "Did the right thing for the wrong reasons."

The worst security looks much the same as the best. By way of justifying the invasion, he made a speech saying that Ukraine is not a country, that the West is an evil empire, and that Russia's security concerns are paramount.

"We are no longer dealing with just vulnerabilities, but also with vulnerable flows between microservices. On top of that, as cloud-native applications are built on multiple infrastructure layers - the container, the cluster, and the cloud - they way these layers are configured affects what a hacker can do with these vulnerabilities," notes Ron Vider, one of the co-founders and the CTO of Oxeye. "Old-school" software composition analysis and static, dynamic, and interactive application security testing tools are run independently, are not synchronized with one another, and are unable to cross-reference and use enriched data from other code layers in the environment.

In this interview with Help Net Security, Rowland Corr, Director of National Security Intelligence at AdaptiveMobile Security, explains how mobile networks can be leveraged as part of a cyber warfare strategy, why is this a growing national concern, and how to implement defences against such sophisticated attacks. Where nations face the threat of overt military attack, mobile telecom networks can potentially be used by an attacker to further amplify advantage in offensive military operations as a force multiplier by enhancing real-time targeting capabilities.

With SharePass, secure communication has never been more intuitive. SharePass allows users to seamlessly integrate secure communication into their current workflow and enjoy the best of both worlds: secure and effortless communication.

Fortinet's threat intelligence from the second half of 2021 reveals an increase in the automation and speed of attacks demonstrating more advanced persistent cybercrime strategies that are more destructive and unpredictable. New and evolving attack techniques span the entire kill chain but especially in the weaponization phase, showing an evolution to a more advanced persistent cybercrime strategy that is more destructive and unpredictable.

As Russia's invasion of Ukraine continues, the technology industry is trying to use its services to make a difference - and to keep those services available as the war makes it harder to operate. The Global Sourcing Association - a UK-based body formerly known as the National Outsourcing Association and which promotes strategic use of services resources around the world - last week reported "Evidence of service disruption as companies are struggling to exercise their business continuity plans due to the extent of the disruption and employees are having to decide if they want to stay and work or choose to evacuate the main cities."

The report reveals that attackers were more active in 2021 than 2020, with findings uncovering that 78% of organizations saw email-based ransomware attacks in 2021, while 77% faced business email compromise attacks, reflecting cybercriminals' continued focus on compromising people, as opposed to gaining access to systems through technical vulnerabilities. In line with this, 68% of organizations said they dealt with at least one ransomware infection stemming from a direct email payload, second-stage malware delivery, or other exploit.

PlainID published a report, based on research conducted among IT and security professionals in North America and the UK. Among its headline findings, the report reveals that authorization is the rising priority in identity and access management, while organizations are also looking to consolidate and standardize access control and authorization. With the shift to identity-first security and with security perimeters now spread across data, APIs, applications and more, managing access has become highly complex, manual, and distributed across multiple systems.