Security News > 2022 > July

Apple's internet traffic took an unwelcome detour through Russian networking equipment for about twelve hours between July 26 and July 27. In a write-up for MANRS, a public interest group that looks after internet routing, Internet Society senior internet technology manager Aftab Siddiqui said that Russia's Rostelecom started announcing routes for part of Apple's network on Tuesday, a practice referred to as BGP hijacking.

There's the latest-and-greatest version, currently 103, which has all the latest features and relevant security fixes. There's the Extended Support Release flavour, which synchs up with the features in the latest version every few months, but in between gets security updates only, thus bringing in new features only after they've been available to try out in the mainstream version for some time.

Microsoft says Microsoft Edge users will notice improved performance and a smaller disk footprint because the web browser now automatically compresses disk caches. "Beginning with Microsoft Edge 102 on Windows, Microsoft Edge automatically compresses disk caches on devices that meet eligibility checks, to ensure the compression will be beneficial without degrading performance," the Microsoft Edge Team said Wednesday.

A new phishing as a service platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services. According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email.

The Spanish police have announced the arrest of two hackers believed to be responsible for cyberattacks on the country's radioactivity alert network, which took place between March and June 2021. "A year of investigations and an exhaustive technical police analysis of all the communications of the sabotaged sensors, as well as the data related to the intrusion in the computer system whose origin could be located in the public use network of a well-known establishment of hospitality in the center of Madrid, allowed to identify the authors of the cyberattack." - Policia National.

Amazon's cloud platform is extending security capabilities for a couple of its widely used services; Amazon Elastic Block Store and Amazon Elastic Kubernetes Service. Amazon GuardDuty is described as a threat detection service that can continuously monitor AWS accounts and workloads for malicious activity, and can initiate automated responses.

Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in persistent campaigns that threaten users, researchers have found. Threat actors are tapping the multi-feature nature of messaging apps-in particularly their content-creation and program-sharing components-as a foundation for info-stealing, according to new research from Intel 471.

One such platform is Odoo, which happens to be one of the most popular open-source ERP solutions on the market. The only thing you'll need to deploy Odoo is a running server that supports Docker.

Microsoft has published an analysis of a Europe-based "Private-sector offensive actor" with a view to helping its customers spot signs of attacks by money-hungry gangsters. Dubbed Knotweed by Microsoft's Threat Intelligence Center and Security Response Center, the private sector targeting crew has made use of multiple Windows and Adobe zero-day exploits in attacks against European and Central American customers.

Microsoft has linked a threat group it tracks as Knotweed to a cyber mercenary outfit named DSIRF, targeting European and Central American entities using a malware toolset dubbed Subzero. Using passive DNS data while investigating Knotweed attacks, threat intelligence firm RiskIQ also found that infrastructure actively serving malware since February 2020 linked to DSIRF, including its official website and domains likely used to debug and stage the Subzero malware.