Security News

As Ukrainian organizations are getting hit with yet another data-wiping malware, financially motivated threat actors are choosing sides and some of them are expressing their willingness to target Russian targets. A report released on Monday by Accenture revealed that a rift along ideological lines is happening on Russian-language criminal underground forums, with some threat actors sympathizing with the Ukrainian side.

Mozilla has removed the Yandex Search, Mail.ru, and OK.ru default search providers from the Firefox browser over reports of state-sponsored content favored in search results. Since 2014, Mozilla has made Yandex the default search engine in Russia, and the following year made it the default search for users in Turkey.

British infosec pro Vic Harkness traveled to Ukraine to offer humanitarian help - and while taking a break in the western city of Lviv she described to The Register what it's like in the war-torn country. Harkness, who originally traveled to Poland with a group of friends to try to help out before crossing the border, is not there to do any infosec work, she explained.

The transparency organization Distributed Denial of Secrets has released 800GB of data from Roskomnadzor, the Russian government censorship organization. Specifically, Distributed Denial of Secrets says the data comes from the Roskomnadzor of the Republic of Bashkortostan.

A Russian-speaking ransomware outfit likely targeted an unnamed entity in the gambling and gaming sector in Europe and Central America by repurposing custom tools developed by other APT groups like Iran's MuddyWater, new research has found. The unusual attack chain involved the abuse of stolen credentials to gain unauthorized access to the victim network, ultimately leading to the deployment of Cobalt Strike payloads on compromised assets, said Felipe Duarte and Ido Naor, researchers at Israeli incident response firm Security Joes, in a report published last week.

The DuckDuckGo web search engine is now demoting websites known to spread Russian propaganda following Russia's invasion of Ukraine, according to the company's founder and CEO, Gabriel Weinberg. "At DuckDuckGo, we've been rolling out search updates that down-rank sites associated with Russian disinformation."

Rostec, a Russian state-owned aerospace and defense conglomerate, said its website was taken down today following what it described as a "Cyberattack." Rostec claims the website was brought back online quickly and attributed the attack to Ukrainian "Radicals."

Indian IT services giants Infosys and Wipro both operate offices in Russia - and neither is saying what will become of them. Evidence of the two companies' Russian presences are not hard to find.

Moscow has set up its own certificate authority to issue TLS certs to Russians affected by sanctions or otherwise punished for president Putin's invasion of Ukraine. A notice on the government's unified public service portal states that the certificates will be made available to Russian websites unable to renew or obtain security certificates as a knock-on effect of Western sanctions and organizations refusing to support Russian customers.

A broad range of threat actors, including Fancy Bear, Ghostwriter, and Mustang Panda, have launched phishing campaigns against Ukraine, Poland, and other European entities amid Russia's invasion of Ukraine. Google's Threat Analysis Group said it took down two Blogspot domains that were used by the nation-state group FancyBear - which is attributed to Russia's GRU military intelligence - as a landing page for its social engineering attacks.