Security News > 2023 > February

The Measure & Share Storage Virtual Fabric addresses a specific and critical need within the DoD to improve the efficiency and effectiveness of cyber testing, allowing accurate information sharing across organizational and classification enclaves. The Me&S Storage Virtual Fabric will enable the DoD to securely ingest, store, manage, analyze and share data in support of its cyber testing operations.

A new cybersecurity advisory from the U.S. Cybersecurity & Infrastructure Security Agency describes recently observed tactics, techniques, and procedures observed with North Korean ransomware operations against public health and other critical infrastructure sectors. The document is a joint report from the NSA, FBI, CISA, U.S. HHS, and the Republic of Korea National Intelligence Service and Defense Security Agency, and notes that the funds extorted this way went to support North Korean government's national-level priorities and objectives.

Patch Tuesday falls on Valentine's Day this year but will it be a special date? While there have been ongoing cyber-attacks of all kinds, it has been relatively quiet on the release of new patches from Microsoft. VMware released a patch back in 2021 which addressed CVE-2021-21974, a heap-overflow vulnerability, which can allow remote code execution.

US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy "State-sponsored" ransomware on hospitals and other organizations that can be considered part of the countries' critical infrastructure. "The authoring agencies assess that an unspecified amount of revenue from these cryptocurrency operations supports DPRK national-level priorities and objectives, including cyber operations targeting the United States and South Korea governments-specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the advisory points out.

State-backed hackers from North Korea are conducting ransomware attacks against healthcare and critical infrastructure facilities to fund illicit activities, U.S. and South Korean cybersecurity and intelligence agencies warned in a joint advisory. This includes "Cyber operations targeting the United States and South Korea governments - specific targets include Department of Defense Information Networks and Defense Industrial Base member networks," the authorities said.

There are thousands of black-hat researchers who examine every line of the tax code looking for exploitable vulnerabilities-tax attorneys and tax accountants. Lobbyists are constantly trying to insert this or that provision into the tax code that benefits their clients financially.

Popular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data."Exposure included limited contact information for company contacts and employees, as well as limited advertiser information. Based on several days of initial investigation by security, engineering, and data science, we have no evidence to suggest that any of your non-public data has been accessed, or that Reddit's information has been published or distributed online," said Reddit CTO Christopher Slowe, who goes online by the handle "KeyserSosa".

Subsequently, the first attacker group monetized the first attack not only through the ransom they obtained, but also by selling the company's network information to the second ransomware group. In the 13 months between the two attacks, the victim changed its network and removed servers, but the new attackers were not aware of these architectural modifications.

"Current members of the TrickBot group are associated with Russian Intelligence Services," the U.S. Treasury Department noted. "The TrickBot group's preparations in 2020 aligned them to Russian state objectives and targeting previously conducted by Russian Intelligence Services."

The US and UK have sanctioned seven Russians for their alleged roles in disseminating Conti and Ryuk ransomware and the Trickbot banking trojan. Conti and Ryuk ransomware extorted at least £27 million from 149 UK individuals and businesses, according to the government's estimate.