Security News

"The attackers attempted to take down several infrastructure components of their target, namely: Electrical substations, Windows-operated computing systems, Linux-operated server equipment, [and] active network equipment," The State Service of Special Communications and Information Protection of Ukraine said in a statement. Slovak cybersecurity firm ESET, which collaborated with CERT-UA to analyze the attack, said the attempted intrusion involved the use of ICS-capable malware and regular disk wipers, with the adversary unleashing an updated variant of the Industroyer malware, which was first deployed in a 2016 assault on Ukraine's power grid.

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM," GitHub's Mike Hanley disclosed in a report.

Cisco has released a security advisory to warn about a critical vulnerability, tracked as CVE-2022-20695, impacting the Wireless LAN Controller software. According to Cisco's advisory, the products affected by this flaw are those that run Cisco WLC Software 8.10.151.0 or Release 8.10.162.0 and have "Macfilter radius compatibility" configured as "Other."

Cloud computing and virtualization technology firm VMWare on Thursday rolled out an update to resolve a critical security flaw in its Cloud Director product that could be weaponized to launch remote code execution attacks. "An authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server," VMware said in an advisory.

The Treasury Department's Office of Foreign Assets Control has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge. The Federal Bureau of Investigation said two North Korean hacking groups, Lazarus and BlueNorOff, were behind last month's Ronin hack.

The Treasury Department's Office of Foreign Assets Control has sanctioned the address that received the cryptocurrency stolen in the largest cryptocurrency hack ever, the hack of Axie Infinity's Ronin network bridge. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of a Lazarus Group update was also used in March to collect the ETH and USDC tokens stolen in the Ronin hack.

The Treasury Department's Office of Foreign Assets Control has updated its Specially Designated Nationals list with new information linking the North Korean-backed Lazarus Group APT to the largest cryptocurrency hack in history. Blockchain data platform Chainalysis first spotted that a new ETH address added by OFAC to the SDN list as part of the Lazarus Group entry was also used in March to collect the ETH and USDC tokens stolen during the Axie Infinity's Ronin bridge hack.

Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware. The Computer Emergency Response Team of Ukraine detected the new campaigns and attributed the IcedID phishing attack to the UAC-0041 threat cluster, previously connected with AgentTesla distribution, and the second to UAC-0097, a currently unknown actor.

The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. The development comes as the U.S. Cybersecurity and Infrastructure Security Agency earlier this week added the Spring4Shell vulnerability to its Known Exploited Vulnerabilities Catalog based on "Evidence of active exploitation."

A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners. The vulnerability is a critical remote code execution impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.