Security News

Palo Alto Networks has rolled out a new supply chain security system that the cybersecurity vendor claims can identify vulnerabilities and misconfigurations across the lifecycle of cloud native applications. It's called Prisma Cloud Supply Chain Security, and it scans for any issues in code - such as version control system and CI pipeline misconfigs - across open-source packages, infrastructure-as-code files and delivery pipelines, according to the security shop.

British infosec pro Vic Harkness traveled to Ukraine to offer humanitarian help - and while taking a break in the western city of Lviv she described to The Register what it's like in the war-torn country. Harkness, who originally traveled to Poland with a group of friends to try to help out before crossing the border, is not there to do any infosec work, she explained.

China's Cyberspace Administration has claimed that "Since late February" it has observed continuous attacks on the Chinese internet and local computers by actors who used the resources they co-opted to target Russia, Belarus, and Ukraine. The allegation, the title of which translates as "My country's internet suffers from overseas cyber attacks," was posted last Friday and include a list of IP addresses that the Administration claims as the source or target of the attacks.

Russia may try to dodge sanctions using ransomware payments, warns US Treasury. As the United States and its companies distance themselves from Russia in the wake of its invasion of Ukraine, the Treasury says Russia may be attempting to avoid the sanctions by utilizing ransomware payments to do so.

Much of the promise associated with future digital identity infrastructures is associated with greater automation of the identity lifecycle and the provision of greater control of personal data to end-users. New approaches to digital identity aim to provide more autonomy to end-users and to enforce a separation of concerns between the organization that initially verifies an identity and organizations that rely upon the trustworthiness of that identity.

"In most of the web application compromises, APT41 conducted.NET deserialization attacks; however, we have also observed APT41 exploiting SQL injection and directory traversal vulnerabilities," they said. APT41 "Heavily" used the Windows version of the KEYPLUG backdoor at state government victims between June 2021 and December 2021, researchers said.

Chinese hackers attempted phishing on emails affiliated with US government. According to Google's Threat Analysis Group, multiple Gmail users affiliated with the U.S. government were alerted to an attempted phishing attack by a Chinese-backed hacking group noted as APT31 in February.

The Treasury Department's Financial Crimes Enforcement Network warned U.S. financial institutions this week to keep an eye out for attempts to evade sanctions and US-imposed restrictions following Russia's invasion of Ukraine. FinCEN said [PDF] that it's critical to "Identify and quickly report suspicious activity associated with potential sanctions evasion, and conduct appropriate risk-based customer due diligence or, where required, enhanced due diligence."

Department of Defense contractors struggling to comply with upcoming cybersecurity regulations under the Cybersecurity Maturity Model Certification can breathe a sigh of relief-the DoD has announced its intent to release CMMC 2.0, with promises to streamline the certification process and ease security regulations for contractors and sub-contractors handling low-priority information. Intended to promote compliance with DoD cybersecurity procedures and give teeth to enforcement, the CMMC program was first announced in 2020 to regulate the control of unclassified information and high-value assets by external contractors.

The Ragnar Locker ransomware gang has so far infected at least 52 critical infrastructure organizations in America across sectors including manufacturing, energy, financial services, government, and information technology, according to an FBI alert this week. The crew steals sensitive data, encrypts the victim's systems, and threatens to leak the stolen documents if the ransom to restore the files isn't paid.