Security News

The US Cybersecurity and Infrastructure Security Agency and FBI issued a joint alert on March 15 warning organizations that state-backed criminals could use the MFA defaults and flaw to access networks. In this case, the unnamed cybercriminal gang took advantage of a misconfigured account to set default MFA protocols at the NGO. The bad actors enrolled a new device for MFA and accessed the NGO's network and then exploited the PrintNightmare flaw - tracked as CVE-2021-34527 - to run malicious code and gain system privileges, giving them access to email accounts and enabling them to move laterally to the organization's cloud environment and to steal documents.

Russian cybersecurity firm Kaspersky on Tuesday responded to an advisory released by Germany's Federal Office of Information Security against using the company's security solutions in the country over "Doubts about the reliability of the manufacturer." The statement from Kaspersky follows a warning from Germany's cybersecurity authority, the Bundesamt für Sicherheit in der Informationstechnik aka BSI, which recommended "Replacing applications from Kaspersky's portfolio of antivirus software with alternative products" due to risks that they could be exploited by Russia for a cyber attack.

Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. The Russian government is exploring various solutions to resolve this IT storage problem, ranging from leasing all available domestic data storage to seizing IT resources left behind by businesses that pulled out of the country.

Cybercriminals are taking sides over Russia's deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture. "Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors and are increasingly attempting to target Russian entities in support of Ukraine," Accenture claimed.

China's Cyberspace Administration has claimed that "Since late February" it has observed continuous attacks on the Chinese internet and local computers by actors who used the resources they co-opted to target Russia, Belarus, and Ukraine. The allegation, the title of which translates as "My country's internet suffers from overseas cyber attacks," was posted last Friday and include a list of IP addresses that the Administration claims as the source or target of the attacks.

Russia's Investigative Committee, the nation's peak criminal and anti-corruption investigation body, has opened a probe into whether Meta is an extremist organization. Responding to reports that the Russian government is considering designating Meta as an extremist organization for its policies in support of speech: pic.

Russian Internet watchdog Roskomnadzor announced that Instagram will also be banned in Russia one week after blocking the Facebook and Twitter social networks. This time around, Instagram's ban comes after reports that Instagram's parent company, Meta, decided to allow calls for violence in some countries on Facebook and Instagram against Russian invaders and the Russian and Belarusian presidents.

Russia is offering its own trusted Transport Layer Security certificate authority to replace certificates that need to be renewed by foreign countries. According to a notice on Russia's public service portal, Gosuslugi, as shown in a translated version in this article's featured art, the certificates will replace foreign security certs if they expire or get yanked by foreign CAs.

Russia may try to dodge sanctions using ransomware payments, warns US Treasury. As the United States and its companies distance themselves from Russia in the wake of its invasion of Ukraine, the Treasury says Russia may be attempting to avoid the sanctions by utilizing ransomware payments to do so.

In a Wednesday threat advisory, Cisco Talos described a campaign it's observed in which a threat actor was offering a supposed distributed denial-of-service tool on Telegram that's purportedly meant to pummel Russian websites. The crisis has brought both new threats and an influx of actors "Of varying skill," Cisco said.