Security News > 2022 > February

Microsoft on Friday shared more of the tactics, techniques, and procedures adopted by the Russia-based Gamaredon hacking group to facilitate a barrage of cyber espionage attacks aimed at several entities in Ukraine over the past six months. The attacks are said to have singled out government, military, non-government organizations, judiciary, law enforcement, and non-profit organizations with the main goal of exfiltrating sensitive information, maintaining access, and leveraging it to move laterally into related organizations.

An actually serious scientific journal has published a paper speculating that octopus and squid could be of extraterrestrial origin. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Online work accounts of News Corporation journalists were broken into by snoops with ties to China, it was claimed today. The cyber-attack "Included the targeting of emails and documents of some employees, including journalists," wrote defense editor Larisa Brown.

Report: Data breach numbers may not actually be declining, and reporting them is getting slower. A study released by Flashpoint and Risk Based Security found two startling facts: It's report of a drop in the total number of breaches is likely erroneous, and the time it takes for an organization to report.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

Microsoft said today that a Russian hacking group known as Gamaredon has been behind a streak of spear-phishing emails targeting Ukrainian entities and organizations related to Ukrainian affairs since October 2021. Security and threat researchers with the Microsoft Threat Intelligence Center and the Microsoft Digital Security Unit said today that Gamaredon's cyber-espionage campaign is being coordinated out of Crimea, confirming SSU's assessment that the Gamaredon hackers are officers of the Crimean FSB who sided with Russia during the 2014 occupation.

This week, cryptocurrency company Wormhole lived up to its name by exposing an exploitable vulnerability that apparently allowed cybercriminals to run off with an eye-watering 120,000 Ether tokens. As pointed out by Elliptic, a company that offers blockchain analytics to assist with compliance, the Wormhole team tried the same trick that was used by cryptocoin company Poly Networks when it was defrauded of more than $600,000,000 in August 2021.

Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency, stated in a public news interview that the now-infamous Log4j flaw is the "The most serious vulnerability that [she has] seen in her career." It's not a stretch to say the whole security industry would agree. You all probably already know- on December 9, a remote code execution vulnerability was uncovered in the programming library named Log4j, which is nearly ubiquitous in Java applications and software used all across the internet.

A high-severity security vulnerability in Argo CD can enable attackers to access targets' application-development environments, paving the way for stealing passwords, API keys, tokens and other sensitive information. Argo CD is a continuous-delivery platform deployed as a Kubernetes controller in the cloud, and it's used to deploy applications, then continuously monitor them in real time as they run.

A new Sugar Ransomware operation actively targets individual computers, rather than corporate networks, with low ransom demands. Unlikely most ransomware operations you read about in the news, Sugar does not appear to be targeting corporate networks but rather individual devices, likely belonging to consumers or small businesses.