Information Technology Security

By  Krebs On Security Costa Rica’s national health service was hacked sometime earlier this morning by a Russian ransomware group known as Hive . The intrusion comes just weeks after Costa Rican President Rodrigo Chaves declared a state of emergency in response to a data ransom attack from a different Russian ransomware gang — Conti . Ransomware experts say there is good reason to believe the same cybercriminals are behind both attacks, and that Hive has been helping Conti rebrand and evade international sanctions targeting extortion payouts to cybercriminals operating in Russia. The Costa Rican publication CRprensa.com reports that affected systems at the Costa Rican Social Security Fund (CCSS) were taken offline on the morning of May 31, but that the extent of the breach was still unclear. The CCSS is responsible for Costa Rica’s public health sector, and worker and employer contributions are mandated by law. A copy of the ransom note left behind by the intruders and subsequently

By Ryan Browne, CNBC Digital tools used by the military to conduct cyberwarfare could eventually end up in the hands of cybercriminals, a top Interpol official has warned. Jurgen Stock, the international police agency’s secretary general, said he’s concerned state-developed cyberweapons will become available on the darknet — a hidden part of the internet that can’t be accessed through search engines like Google — in a “couple of years.” “That is a major concern in the physical world — weapons that are used on the battlefield and tomorrow will be used by organized crime groups,” Stock said during a CNBC-moderated panel at the World Economic Forum in Davos, Switzerland, Monday. “The same applies for the digital weapons that, maybe today are used by the military, developed by military, and tomorrow will be available for criminals,” he added. Cyberweapons come in many forms, with ransomware — where hackers lock down a company’s computer systems and demand a ransom payment to restore contro

By Bill Toulas, Bleeping Computer In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. This discovery comes from cybersecurity firm Sekoia, which built upon previous findings of Google’s TAG , which has been following Russian hackers closely this year. Google warned about coordinated Russian-based threat group activity in late March 2022, while in May, they spotted two Turla domains used in ongoing campaigns. Sekoia used this information to investigate further and found that Turla targeted the federal organization in Austria and the military college in the Baltic region.

By Rich DeMuro, Nexstar Media Wire Ever wonder how hackers get your password and gain access to your account? Recent research has identified several major ways: Password theft Password guessing Unauthorized password resetting or bypass “The biggest reason why people hate passwords is they’re all being told that they all need to be longer and longer and more complex,” started Roger Grimes, a Data-Driven Defense Evangelist at security awareness training company KnowBe4. He says phishing emails are a top way hackers get our passwords. You’ve seen them before — they say your Netflix account is about to be deactivated, your Facebook account has a copyright issue or something needs to be fixed with your Instagram. They trick us into handing over our information by making us log into a page that looks like the real thing but instantly sends our username and password to hackers, who immediately take over our accounts. Another way your password gets out into the wild: when a website is hacked.

By Bill Toulas, Bleeping Computer Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. Andrew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online services and found that at least 35 are vulnerable to account pre-hijacking attacks. These attacks vary in type and severity, but they all stem from poor security practices on the side of the websites themselves. As some vulnerable websites run bug bounty programs, it is surprising and worrying to see that such elementary attacks are still possible against their users.

The Wi-Fi 6E successor is likely more than a year away, but it promises to significantly boost the speed and stability of your wireless connections. From Simon Hill, Wired While many people only recently upgraded to Wi-Fi 6, and some may be considering a jump to Wi-Fi 6E, their successor is already in the works. Wi-Fi 7 is the next significant advance on the horizon, and, just like its predecessors, the new standard promises faster connections, lower latency, and the ability to gracefully manage more connections than ever before. If you are looking to improve your Wi-Fi today, Wi-Fi 7 is not the answer, because it’s still more than a year away (and, realistically, it will be a good while longer than that before most of us should consider it). If you need to upgrade pronto, first consider delving into how to buy a router before you check out our picks of the best Wi-Fi routers and the best mesh Wi-Fi systems.

By Bill Toulas,  Bleeping Computer The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable volume since the start of the year, causing the browser hijack to become a widespread threat. ChromeLoader is a browser hijacker that can modify the victim's web browser settings to show search results that promote unwanted software, fake giveaways and surveys, and adult games and dating sites.  The malware's operators receive financial gains through a system of marketing affiliation by redirecting user traffic to advertising sites. There are many hijackers of this kind, but ChromeLoader stands out for its persistence, volume, and infection route, which involves the aggressive use of PowerShell.

By Joseph Marks & Aaron Schaffer, Washington Post Welcome to The Cybersecurity 202! Before the month is over consider checking out Louis Malle's 1990 film “May Fools” about the 1968 Paris student riots. Arcade Fire's “Month of May” isn't half bad either.  Below: Twitter will pay a $150 million fine for collecting users' personal information for security but using it for advertising, and the U.N. Security Council is poised to vote on sanctioning North Korean hackers.  The United States has mostly won the fight to restrict China’s role in building next-generation 5G telecom systems over spying concerns. But the battle over who will control the future of global communications technology is only beginning. Canada belatedly joined the U.S. and its closest allies this month in blocking the Chinese tech giant Huawei from its 5G system.  The move followed years of warnings from U.S. officials that Huawei is too closely tied to the Chinese Communist Party and could be leaned

by Jenna McLaughlin, NPR Microsoft's global ubiquity gives its cybersecurity experts a unique window into the Russian cyberwar against Ukraine. The software giant is involved in both monitoring and combatting attacks.

By Scott Ikeda, CPO Magazine National Security Agency (NSA) director of cybersecurity Rob Joyce told attendees of a recent UK security conference that ransomware attacks are down in roughly the last two months, and that trend can be traced directly to sanctions placed on Russia. Criminals that operate out of the country are struggling to find ways to cash out ransom payments and set up infrastructure, due in large part to sanctions attached to the invasion of Ukraine.

By Dr. Tim Sandle, Digital Journal The U.S., U.K., Australia and Canadian Cybersecurity Advisories have released a warning of an expected increase in attacks on managed service providers (MSPs). A managed security service provider provides outsourced monitoring and management of security devices and systems. Common services used by companies include managed firewall, intrusion detection, virtual private network, vulnerability scanning and anti-viral services. The main concern expressed by these state agencies is that if hackers are able to successfully breach a service provider’s network, the door is wide open for follow-up ransomware attacks across a provider’s infrastructure and customer base. In the wake of this warning, Mike Walkey, SVP Global Channels and Alliances at Veritas Technologies, tells Digital Journal why businesses should get up to speed. Walkey has developed some key points to advise MSPs and organizations on the best practices required to prepare and respond from rans

By Sergiu Gatlan, Bleeping Computer Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. Today's alert comes after Intuit received multiple user reports who received these phishing emails and notified their QuickBooks accounts were suspended following a failed business info review. "We're writing to let you know that after conducting a review of your business, we have been unable to verify some information on your account. For that reason, we have put a temporary hold on your account," the attackers say in the phishing messages while impersonating the QuickBooks support team. "If you believe that we've made a mistake, we'd like to remedy the situation as quickly as possible. To help us effectively revisit your account please complete the below verification form. Once verification has been completed

By Sergiu Gatlan, Bleeping Computer Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. Attackers can launch this attack using the KrbRelayUp tool developed by security researcher Mor Davidovich as an open-source wrapper for Rubeus, KrbRelay, SCMUACBypass, PowerMad/SharpMad, Whisker, and ADCSPwn privilege escalation tools. Since late April 2022, when the tool was first shared on GitHub, threat actors could escalate their permissions to SYSTEM in Windows domain environments with default settings (where LDAP signing is not enforced). Davidovich released an updated version of KrbRelayUp on Monday that also works when LDAP signing is enforced and will provide attackers with SYSTEM privileges if Extended Protection for Authentication (EPA) for Active Directory Certificate Services (AD CS) is not enabled. Microsoft says that this pri

By Ionut Ilascu, Bleeping Computer Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. As the name of the feature implies, WSL allows running native Linux binaries to run on Windows in an environment that emulates the Linux kernel. WSL-based malware samples discovered recently rely on open-source code that routes communication through the Telegram messaging service and gives the threat actor remote access to the compromised system. RATs and shells Malicious Linux binaries for WSL were first discovered over a year ago, with researchers at Lumen Technologies’ Black Lotus Labs publishing a report on this new type of threat in September 2021. Since then, their number has grown constantly, with all variants enjoying low detection rates, despite being based on publicly available code. Black Lotus Labs researchers

By Ionut Ilascu, Bleeping Computer Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. This type of advertisement is present on both publicly available cybercriminal online forums as well as marketplaces on the dark web.

Plus: The Conti ransomware gang shuts down, Canada bans Huawei and ZTE, and more of the week’s top security news. By Matt Burgess, Wired As Russia's full-scale war in Ukraine heads towards its hundredth day, opposition from Ukrainian forces is as strong as ever. At the same time, hacktivists all around the world continue to breach Russian institutions and publish their files and emails. This week one hacktivist collective took a different—and slightly peculiar—approach: launching a service to prank-call Russian government officials. The new website uses leaked details to put two random Russian officials on a call with each other. It obviously won't make any difference to the outcome of the war, but the group that created it hopes the tool will cause some confusion and annoy those in Moscow. New research from Google’s Threat Analysis Group has delved into the surveillance-for-hire industry and found that spyware vendors are targeting Android devices with zero-day exploits. State

By Kavita Iyer, Tech Worm In its latest attempt to prevent phishing, Google has expanded its warning banner feature to Google Chat to help protect users against malicious users and keep their data safe. These warning banners, which are already available in Gmail and Google Drive, would warn users against potential phishing and malware messages coming from users with personal Google Accounts. “In Gmail, warning banners are displayed when responding to emails sent from outside of your organisation. Now, Android warning banners are also displayed as you add new external recipients. Admins can turn these specific warning labels on or off for their organisation,” Google announced in a blog post on Thursday. The new ‘red warning’ banner will appear at the bottom of the mobile and desktop web app with the invites from users with personal Google Accounts. The message displayed will be, “This invite is suspicious. This conversation contains links to known phishing sites that may try to steal yo

By Lawrence Abrams, Bleeping Computer Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia. This does not mean, though, that there has been no ransomware activity. This week's biggest news is the Conti ransomware gang beginning to shut down their operation, with internal infrastructure taken offline and team leaders/members told that the brand is ending. While the 'Conti' brand may be shut down, cybersecurity firm Advanced Intel says that the cybercrime syndicate will continue to operate, with members joining other ransomware operations or the Conti leadership taking over smaller operations. By splintering into smaller 'cells,' it is believed that Conti will be able to evade law enforcement more easily and simply switch between different ransomware operation's encryptors. While this may mean less revenue for the syndicate, it creates greater mobility for the

By Cardiff University, Techxplore A new method that could automatically detect and kill cyberattacks on our laptops, computers and smart devices in under a second has been created by researchers at Cardiff University. Using artificial intelligence in a completely novel way, the method has been shown to successfully prevent up to 92 percent of files on a computer from being corrupted, with it taking just 0.3 seconds on average for a piece of malware to be wiped out. Publishing their findings in the journal Security and Communications Networks, the team say this is the first demonstration of a method that can both detect and kill malicious software in real-time, which could transform approaches to modern cybersecurity and avoid instances such as the recent WannaCry cyberattack that hit the NHS in 2017. Using advances in artificial intelligence and machine learning, the new approach, developed in collaboration with Airbus, is based on monitoring and predicting the behavior of malware as o

By Gordon Kelly, Forbes How do you sign into services? Because a newly disclosed Facebook exploit might change how you go about it in future... In an eye-opening blog post, security researcher Youssef Sammouda has revealed that chaining Gmail's OAuth authentication code with vulnerabilities in Facebook enabled him to hijack Facebook accounts when users logged in with their Gmail credentials. Speaking to The Daily Swing, Sammouda explained that he was able to use redirects in Google OAuth and chain them with elements of Facebook's logout, checkpoint and sandbox systems to break into accounts. He explained that while he demonstrated the proof of concept with Gmail credentials, "it was possible to target all Facebook users" Sammouda says Facebook paid him a $44,625 'bug bounty' for his disclosure of this vulnerability in February. Facebook subsequently patched it in March, though it was only made public this week. And while not directly responsible for the exploi

By Alicia Hope, CPO Magazine U.S. Drug Enforcement Agency (DEA) is investigating a potential law enforcement system data breach associated with an online harassment community that impersonates police officers. KrebsOnSecurity journalist Brian Krebs received a tip that hackers gained unauthorized access to the esp.usdoj.gov data portal, the Law Enforcement Inquiry and Alerts (LEIA) system. Krebs obtained the information from the administrator of the Doxbin cyberbullying community identified as “KT” with links to the LAPSUS$ hacking group. Doxbin members post personal information online and participate in “swatting,” while LAPSUS$ was responsible for high-profile data breaches on Microsoft, NVIDIA, Okta, Samsung, and others. LAPSUS$ also sells a service for making Emergency Data Requests to tech companies, social media platforms, and mobile service providers. The imposters trick organizations by claiming that the data requests could not wait for warrants because of their emergency nature

By Davey Winder, Forbes PWN2OWN Vancouver 2022 has now come to an end with seven hackers picking up a total of $240,000 for successful Windows 11 zero-day exploits. The hacking competition saw Windows 11 successfully hacked six times in all, along with one attempt that failed to work within the allotted time. The six successful Windows 11 hacks were spread across all three days of the hacking competition, two on day one, one on day two, and three on the final day of the event. Marcin Wiazowski executed an out-of-bounds escalation of privilege exploit that earned a $40,000 reward. Phan Thanh Duy and Le Hu'u Quang Linh demonstrated another Windows 11 elevation of privilege attack but this with a use after-free-exploit, also winning a $40,000 cash prize. A hacker known as T0 used an improper access control bug, again resulting in elevation of privilege success and getting another $40,000 prize. Escalation of privilege hacks were the order of the day, well all three days to be precise,

The campaign detailed by a cybersecurity firm highlights Beijing’s increasingly sophisticated tactics to spy on an array of targets, including countries it considers friends.

By Sergiu Gatlan, Bleeping Computer A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. This malware (active since at least 2014) is known as XorDDoS (or XOR DDoS) due to its use of XOR-based encryption when communicating with command-and-control (C2) servers and being employed to launch distributed denial-of-service (DDoS) attacks. As the company revealed, the botnet's success is likely due to its extensive use of various evasion and persistence tactics which allow it to remain stealthy and hard to remove. "Its evasion capabilities include obfuscating the malware's activities, evading rule-based detection mechanisms and hash-based malicious file lookup, as well as using anti-forensic techniques to break process tree-based analysis," Microsoft 365 Defender Research Team said. "We observed in recent campaigns that XorDdos hides m

By Bill Toulas , Bleeping Computer The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-faith" security research from being prosecuted. With this policy update, the DOJ is separating cases of good-faith security research from ill-intended hacking, which were previously distinguished by a blurred line that frequently placed ethical security research in a problematic, gray legal area. Under these new policies, software testing, investigation, security flaw analysis, and network breaches intended to promote the security and safety of the target devices or services are not to be prosecuted by federal prosecutors. "Computer security research is a key driver of improved cybersecurity," said Deputy Attorney General Lisa O. Monaco.  "The department has never been interested in prosecuting good-faith computer security research as a cri

By  Krebs On Security Millions of U.S. government employees and contractors have been issued a secure smart ID card that enables physical access to buildings and controlled spaces, and provides access to government computer networks and systems at the cardholder’s appropriate security level. But many government employees aren’t issued an approved card reader device that lets them use these cards at home or remotely, and so turn to low-cost readers they find online. What could go wrong? Here’s one example. KrebsOnSecurity recently heard from a reader — we’ll call him “Mark” because he wasn’t authorized to speak to the press — who works in IT for a major government defense contractor and was issued a Personal Identity Verification (PIV) government smart card designed for civilian employees. Not having a smart card reader at home and lacking any obvious guidance from his co-workers on how to get one, Mark opted to purchase a $15 reader from Amazon that said it was made to handle U.S. gove

By Bill Toulas,  Bleeping Computer The Spanish police have announced the arrest of 13 people and the launch of investigations on another seven for their participation in a phishing ring that stole online bank credentials. The threat actors used phishing lures to trick their victims into believing they received an alert from their bank and proceeded to steal their account credentials. Having access to banking accounts, the adversaries used their victims' money to make online purchases, direct transfers to "money mule" accounts, or request personal loans. The police say the threat actors stole at least 443,600 Euros ($466,000). from approximately 146 victims as part of these phishing attacks. "The operation, carried out in several phases between January 2019 and April of this year, has ended with the arrest of 13 people -and another 7 investigated but not detained- in A Coruña, Córdoba (5), Huelva, Madrid (2), Málaga, Murcia, Palma de Mallorca and Terrassa (Barcelona).

CISA has issued Emergency Directive (ED) 22-03 and released a Cybersecurity Advisory (CSA) in response to active and expected exploitation of multiple vulnerabilities in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager. The CSA, AA22-138B: Threat Actors Chaining Unpatched VMware Vulnerabilities for Full System Control , provides indicators of compromise and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to active exploitation of CVE-2022-22954 and CVE-2022-22960.  Malicious cyber actors were able to reverse engineer the vendor updates to develop an exploit within 48 hours and quickly began exploiting these disclosed vulnerabilities in unpatched devices. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit CVE-2022-22972 an

By Lane Babuder, Hot Hardware On the 10th of May this year the patch Tuesday updates for Windows started rolling out. Unfortunately, as almost always seems to be the case, there are more and more problems piling up. Of course, the first issue people started reporting was related to servers who use Kerberos and Domain Controllers on server editions. That issue, of course, doesn't really affect most home users. However, users who did get the KB5013943 patch for personal use editions of Windows 11 have started reporting blue screen crashes. A blue screen for Windows is a "Stop Error," which is basically an operation that is triggered when the operating system tells the system to stop all action in order to prevent damage to the OS or data. They can definitely be a headache if you're trying to get some work done and just everything stops, as you can lose your work. But at least your system is "safe." If you want to know more detail on that, former Microsoft Engi

By Nathan Wasson, Hot Hardware The beginning of the year saw a flurry of stories about security breaches as the cybercriminal gang known as LAPSUS$ stole data from an alarming number of big name companies in a short period of time. However, while LAPSUS$ is no longer in operation, after the London police arrested all seven members of the group, other cybercriminal groups are still afoot and out to steal data. One of these groups is the Russian-based Conti ransomware group. When Russia’s war on Ukraine broke out in February, the Conti ransomware gang announced that it fully supported the Russian government and would carry out counterattacks against anyone who organized cyberattacks or other offensive measures against Russia. The group specifically called out “Western warmongers” and “American cyber aggression.” Earlier this month, the US Department of State announced its offering of up to $10 million for information that helps identify or locate key members of the Conti ransomware gang.

A hack effective on the popular S and Y Tesla cars would allow a thief to unlock a vehicle, start the electric motor and speed away, according to Sultan Qasim Khan, principal security consultant at security firm NCC Group. By  Blooomberg Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of the electric vehicles. A hack effective on the popular S and Y Tesla cars would allow a thief to unlock a vehicle, start the electric motor and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group. By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle. The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg

By Sergiu Gatlan,  Bleeping Computer The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals. Zagala (aka Nosophoros, Aesculapius, and Nebuchadnezzar) also offered support to cybercriminals who bought the malware and shared profits earned after ransoming victims worldwide. "As alleged, the multi-tasking doctor treated patients, created and named his cyber tool after death, profited from a global ransomware ecosystem in which he sold the tools for conducting ransomware attacks, trained the attackers about how to extort victims, and then boasted about successful attacks, including by malicious actors associated with the government of Iran," said US Attorney Breon Peace. "We allege Zagala not only created and sold ransomware products to hackers, but also trained them in their use

A pro-Russian hacker group that targeted the Eurovision song contest declared 'war' against Italy and ten other countries. By Vilius Petkauskas, Cybernews Killnet, a pro-Russian hacker group, was not happy the Italian police announced successfully blocking distributed denial-of-service (DDoS) attacks on the Eurovision song contest hosted by Italy. The Italian police announced that hackers had unsuccessfully tried to infiltrate the opening night and the finals of the song contest. Ukrainian folk-rap band Kalush Orchestra (pictured in the lead photo) performed on both nights of the attacks. Despite the attempted attacks, however, Ukraine went on to win the Eurovision song contest. In contrast, Russia was barred from the event, boasting a viewership of 200 million, due to Moscow's invasion of Ukraine on 24 February. The Italian authorities claim that over 100 officers monitored the event, thus preventing attempts to hinder the contest that most European nations took part in. &

By Ionut Ilascu,  Bleeping Computer Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. Successful exploitation allows a remote attacker to inject arbitrary commands remotely without authentication, which can enable setting up a reverse shell.

By Sergiu Gatlan,  Bleeping Computer Windows admins have been expressing their dismay at Microsoft 's decision to move the Quick Assist remote assistance tool to the Microsoft Store . Quick Assist allows Windows 10 and Windows 11 users to receive or give assistance to other Windows users by taking control of their computer remotely, as we reported four years ago. The app makes it much easier to assist friends, family, and co-workers fix their computer problems without having to go to their location or install a third-party application. While previously a built-in standalone tool that also has a system-wide hotkey (Ctrl+Win+Q), Microsoft announced on April 27 that Quick Assist is reaching the end of service and will be replaced by a Microsoft Store version on May 16. "The end of service is planned for 5/16, after which point the existing inbox app will no longer work," the official Twitter account for the Office Insider Program explained. "Users will see a prompt wh

By Lawrence Abrams,  Bleeping Computer A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. During the May 2022 Patch Tuesday, Microsoft released a security update for an actively exploited NTLM Relay Attack labeled as a 'Windows LSA Spoofing Vulnerability' and tracked as CVE-2022-26925 . "An unauthenticated attacker could call a method on the LSARPC interface and coerce the domain controller to authenticate to the attacker using NTLM. This security update detects anonymous connection attempts in LSARPC and disallows it." An NTLM Relay Attack allows threat actors to force devices, even domain controllers, to authenticate against malicious servers they control. Once a device authenticates, the malicious server can impersonate the device and gain all of its privileges. These attacks are significant problems as they could allow a threat actor to gain complete control over the domain. Whi

By ,  Reuters MILAN, May 15 (Reuters) - Italian police thwarted hacker attacks by pro-Russian groups during the May 10 semi-final and Saturday final of the Eurovision Song Contest in Turin, authorities said on Sunday. Ukraine's Kalush Orchestra won the contest with their entry "Stefania", riding a wave of public support to claim an emotional victory that was welcomed by the country's president Volodymyr Zelenskiy. read more During voting and the performances, the police cybersecurity department blocked several cyber attacks on network infrastructure by the " Killnet " hacker group and its affiliate "Legion", police said. The police also gathered information from the pro-Russian group's Telegram channels to prevent other critical events and identified the attacks' geographic location. On May 11, "Killnet" claimed an attack on the websites of several Italian institutions, including the Senate, Italy's upper house of parliament,

By Scott Ikeda, CPO Magazine A newly-uncovered phishing campaign is targeting diplomats by presenting malicious messages as official embassy communications, and basing out of legitimate cloud-based services such as DropBox and Trello to aid in evading detection and remediation. The scheme was uncovered by security firm Mandiant , who believe that state-backed Russian hackers are behind it. Embassies targeted by Russian hackers The phishing campaign is just one element of a rash of recent activity by advanced persistent threat group 29 (APT 29), probably better known to the general public as “Cozy Bear.” Believed to be backed by Russian intelligence, the group conducted a similar operation in 2021 that focused on compromising diplomats via legitimate-looking Constant Contact emails. Mandiant says that the current phishing campaign makes use of legitimate email addresses that have been previously compromised, and opens with what appears to be an administrative notice from an embassy. The