Security News > 2022 > June

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. While the listings appear genuine and the offered weapons are priced realistically, the chances of them being created by pro-Russian actors for propaganda purposes are high.

Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. While the listings appear genuine and the offered weapons are priced realistically, the chances of them being created by pro-Russian actors for propaganda purposes are high.

A newly discovered Linux malware known as Symbiote infects all running processes on compromised systems, steals account credentials, and gives its operators backdoor access. After injecting itself into all running processes, the malware acts as a system-wide parasite, leaving no identifiable signs of infection even during meticulous in-depth inspections.

While enterprises are still waiting for Microsoft to issue a fix for the critical "Follina" vulnerability in Windows, yet more malware operators are moving in to exploit it. "Symantec has observed attackers using a similar HTML file to that used in the initial attack. Multiple attackers are using a variety of payloads at the end of successful exploitation."

The principle of distinction between the two roles is a critical cornerstone of international humanitarian law­-the law of armed conflict, codified by decades of customs and laws such as the Geneva Conventions. Those considered civilians and civilian targets are not to be attacked by military forces; as they are not combatants, they should be spared.

Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server servers vulnerable to CVE-2021-42321 exploitation are the most common exploit paths medium to large enterprises left open for attackers in Q1 2022, according to Mandiant. The firm has based the list on the most common issues discovered by continuously scanning the external attack surface of its customers from January 1, 2022 to March 31, 2022.

Named Aoqin Dragon, the hacking group is focused on cyber-espionage, targeting government, education, and telecommunication organizations based in Singapore, Hong Kong, Vietnam, Cambodia, and Australia. Aoqin Dragon has employed three distinct infection chains since it was first spotted, according to SentinelLabs.

A previously undocumented Chinese-speaking advanced persistent threat actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. This involved leveraging old and unpatched security vulnerabilities, with the decoy documents enticing targets into opening the files.

As a key factor, the report links BVP47 to the "Equation Group", which in turn has been tied to the Tailored Access Operations Unit at the United States National Security Agency. It's typical of the top-tier tools used by advanced persistent threat groups - including the state-sponsored groups.

RSA Conference 2022 is underway at the Moscone Center in San Francisco. Check out our microsite for the conference for all the most important news.