Security News
Infosecurity Europe 2022 opened its doors today at the ExCeL in London. Here’s a look at the event, the featured vendors are: Arctic Wolf Networks, Bridewell, Checkmarx, Cisco, CrowdStrike,...
A suspected state-aligned threat actor has been attributed to a new set of attacks exploiting the Microsoft Office "Follina" vulnerability to target government entities in Europe and the U.S. Enterprise security firm Proofpoint said it blocked attempts at exploiting the remote code execution flaw, which is being tracked CVE-2022-30190. The payload, which manifests in the form of a PowerShell script, is Base64-encoded and functions as a downloader to retrieve a second PowerShell script from a remote server named "Seller-notification[.]live."
A new joint Cybersecurity Advisory has been issued by the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury and the Financial Crimes Enforcement Network to raise awareness and provide information about the Karakurt Data Extortion Group. The Karakurt Data Extortion Group, also known as Karakurt Team and Karakurt Lair, is a threat actor threatening companies to publicly disclose internal stolen data unless they receive payment of a ransom, which ranges from $25,000 USD to $13,000,000 USD in Bitcoin, within a week.
In an ArXiv paper titled "YASM," Kaspar Rosager Ludvigsen and Shishir Nagaraja, of the University of Strathclyde, and Angela Daly, of the Leverhulme Research Center for Forensic Science and Dundee Law School, in Scotland, revisit CSS as a way to ferret out CSAM and conclude the technology is both ineffective and unjustified. Client-side scanning in this context involves running software on people's devices to identify unlawful images - generally those related to the exploitation of children but EU lawmakers have also discussed using CSS to flag content related to terrorism and organized crime.
Europe has moved closer toward new cybersecurity standards and reporting rules following a provisional network and information systems agreement dubbed NIS2 by the European Council and Parliament. Once approved, NIS2 [PDF] will replace the current Directive on Security of Network and Information Systems, aka NIS, which was adopted in 2016.
The European Parliament announced a "Provisional agreement" aimed at improving cybersecurity and resilience of both public and private sector entities in the European Union. The revised directive, called "NIS2", is expected to replace the existing legislation on cybersecurity that was established in July 2016.
Proposed Europe regulations that purport to curb child abuse by imposing mass surveillance would be a "Disaster" for digital privacy and strong encryption, say cybersecurity experts. A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "Detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."
The US and the European Union have officially blamed Russia for a series of destructive data-wiping malware infections in Ukrainian government and private-sector networks - and said they will "Take steps" to defend against and respond to Kremlin-orchestrated attacks. Beginning in January, and continuing after Russian troops illegally invaded Ukraine the following month, as Ukrainian websites were vandalized or pummeled offline in distributed denial-of-service attacks, Russian cyberspies planted malicious data-destroying code in Ukraine's computers.
Cisco Talos Intelligence Group reported a new attack campaign from the infamous cyberespionage threat actor Mustang Panda, also known as Bronze President, RedDelta, HoneyMyte, TA416 or Red Lich with a particular focus on Europe. The downloader now downloads the decoy document from one URL and uses another URL to download the benign executable file, the DLL file and the final PlugX payload. More malware infections.
A Russian state-sponsored threat actor has been observed targeting diplomatic and government entities as part of a series of phishing campaigns commencing on January 17, 2022. Threat intelligence and incident response firm Mandiant attributed the attacks to a hacking group tracked as APT29, with some set of the activities associated with the crew assigned the moniker Nobelium.