Security News

In what's yet another act of sabotage, the developer behind the popular "Node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain. Affecting versions 10.1.1 and 10.1.2 of the library, the changes introduced undesirable behavior by its maintainer RIAEvangelist, targeting users with IP addresses located either in Russia or Belarus, and wiping arbitrary file contents and replacing it with a heart emoji.

This month, the developer behind the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. Newer versions of the 'node-ipc' package began deleting all data and overwriting all files on developer's machines, in addition to creating new text files with "Peace" messages.

Russia's invasion of Ukraine has altered the emerging risk landscape, and it requires enterprise risk management leaders to reassess previously established organizational risk profiles in at least four key areas, according to Gartner. "Russia's invasion of Ukraine has increased the velocity of many risks we have tracked on a quarterly basis in our Emerging Risks survey," said Matt Shinkman, VP with the Gartner Risk and Audit Practice.

The Security Service of Ukraine said it has detained a "Hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of Russia.

Researchers have discovered yet another destructive data-wiping malware targeting organizations in Ukraine, the third to be found in as many weeks attacking systems in the country that's currently defending itself against a Russian physical invasion. The HermeticWiper attack also used a custom worm dubbed HermeticWizard for propagating the wiper inside local networks, as well as HermeticRansom, a decoy ransomware used in the attack, according to ESET. A free decryptor later was released to unlock HermeticRansom, which also targeted organizations in Lithuania and Latvia.

As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team is battling. To start, the team earlier this month said miscreants had spammed out emails impersonating government agencies containing links to fake Windows antivirus updates.

Cybercriminals are taking sides over Russia's deadly invasion of Ukraine, putting either the West or Moscow in their sights, according to Accenture. "Pro-Ukrainian actors are refusing to sell, buy, or collaborate with Russian-aligned actors and are increasingly attempting to target Russian entities in support of Ukraine," Accenture claimed.

Ukraine's Computer Emergency Response Team is warning that threat actors are distributing fake Windows antivirus updates that install Cobalt Strike and other malware. The phishing emails are sent to Ukrainian state bodies and propose downloading "Critical security updates," which come in the form of a 60 MB file named "BitdefenderWindowsUpdatePackage.exe."

As Russian ground forces closed in on key Ukrainian cities including capital Kyiv, and airstrikes hit military bases near the western city of Lviv, the expected cyber-onslaught by Russia has largely failed to become reality. Until last week, when it emerged that Western spy agencies were investigating a large-scale satellite broadband outage affecting satellite communications provider Viasat, which began on 24 February - the day Russia invaded Ukraine.

British infosec pro Vic Harkness traveled to Ukraine to offer humanitarian help - and while taking a break in the western city of Lviv she described to The Register what it's like in the war-torn country. Harkness, who originally traveled to Poland with a group of friends to try to help out before crossing the border, is not there to do any infosec work, she explained.