Security News

If ZTE and other Chinese giants defy bans on selling American technology to Russia, it will be because they can't help but chase the revenue, says Ashley Yablon, the whistleblower whose evidence led to ZTE being fined for willfully ignoring the US ban on exports to Iran. Yablon is a lawyer who, after working in senior roles at Huawei USA, in late 2011 became general counsel at Chinese telco kit-maker ZTE's US operations.

A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month, making it the second China-based hacking group after Mustang Panda to capitalize on the conflict. "The malicious activity represents one of the first public examples of a Chinese threat actor targeting Ukraine since the invasion began," SentinelOne researcher Tom Hegel said in a report published this week.

Roskomnadzor, Russia's telecommunications regulator, has banned Alphabet's news aggregator service Google News and blocked access to the news. Google.com domain for providing access to "Unreliable information" on the ongoing war in Ukraine.

The Russian government is exploring "Options for potential cyberattacks" on critical infrastructure in the U.S., the White House warned on Monday, in retaliation for sanctions and other punishments as the war in Ukraine grinds on. "The current conflict has put cybersecurity initiatives in hyperdrive, and today, industry leaders aren't just concerned about adversaries breaching critical infrastructure but losing access and control to them," Saket Modi, co-founder and CEO at Safe Security, said via email.

United States President Joe Biden has revealed "Evolving intelligence that the Russian Government is exploring options for potential cyber attacks" and that the risks posed to critical infrastructure are so significant that hundreds of US organizations have been given classified briefings on the matter. Biden nonetheless urged the private sector to get its cyber security house in order - ASAP. We're seeing potential cyberattacks on critical infrastructure.

Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence intel-sharing cyberdefense hub to an attempt at blackmail. Although being accepted as a contributing participant, this does not make Ukraine a NATO member, but it will most likely tighten collaboration and will also allow it to gain access to NATO members' cyber-expertise and share its own.

In what's yet another act of sabotage, the developer behind the popular "Node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.

Russia's invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management leaders to reassess previously established organizational risk profiles in at least four key areas, according to Gartner. "Russia's invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey," said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

The US Cybersecurity and Infrastructure Security Agency and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks. In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO. The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw - tracked as CVE-2021-34527 - to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security against using the company's security solutions in the country over "Doubts about the reliability of the manufacturer." The statement from Kaspersky follows a warning from Germany's cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik aka BSI, which recommended "Replacing applications from Kaspersky's portfolio of antivirus software with alternative products" due to risks that they could be exploited by Russia for a cyber attack.