At least six different Russia-aligned actors launched no less than 237 cyberattacks against Ukraine from February 23 to April 8, including 38 discrete destructive attacks that irrevocably destroyed files in hundreds of systems across dozens of organizations in the country.

“Collectively, the cyber and kinetic actions work to disrupt or degrade Ukrainian government and military functions and undermine the public’s trust in those same institutions,” the company’s Digital Security Unit (DSU) said in a special report.

The major malware families that have been leveraged for destructive activity as part of Russia’s relentless digital assaults include: WhisperGate, HermeticWiper (FoxBlade aka KillDisk), HermeticRansom (SonicVote), IssacWiper (Lasainraw), CaddyWiper, DesertBlade, DoubleZero (FiberLake), and Industroyer2.

WhisperGate, HermeticWiper, IssacWiper, and CaddyWiper are all data wipers designed to overwrite data and render machines unbootable, while DoubleZero is a .NET malware capable of data deletion. DesertBlade, also a data wiper, is said to have been launched against an unnamed broadcasting company in Ukraine on March 1.

SonicVote, on the other hand, is a file encryptor detected in conjunction with HermeticWiper to disguise the intrusions as a ransomware attack, while Industroyer2 specifically targets operational technology to sabotage critical industrial production and processes.

images from Hacker News

Microsoft on Thursday disclosed that it addressed a pair of issues with the Azure Database for PostgreSQL Flexible Server that could result in unauthorized cross-account database access in a region.

“By exploiting an elevated permissions bug in the Flexible Server authentication process for a replication user, a malicious user could leverage an improperly anchored regular expression to bypass authentication to gain access to other customers’ databases,” Microsoft Security Response Centre (MSRC) said.

New York City-based cloud security company Wiz, which uncovered the flaws, dubbed the exploit chain “ExtraReplica.” Microsoft said it mitigated the bug within 48 hours of disclosure on January 13, 2022.

Specifically, it relates to a case of privilege escalation in the Azure PostgreSQL engine to gain code execution and a cross-account authentication bypass by means of a forged certificate, allowing an attacker to create a database in the target’s Azure region and exfiltrate sensitive information.

images from Hacker News

India’s computer and emergency response team, CERT-In, on Thursday published new guidelines that require service providers, intermediaries, data centres, and government entities to compulsorily report cybersecurity incidents, including data breaches, within six hours.

“Any service provider, intermediary, data centre, body corporate and Government organization shall mandatorily report cyber incidents […] to CERT-In within six hours of noticing such incidents or being brought to notice about such incidents,” the government said in a release.

The types of incidents that come under the ambit include, inter alia, compromise of critical systems, targeting scanning, unauthorized access to computers and social media accounts, website defacements, malware deployments, identity theft, DDoS attacks, data breaches and leaks, rogue mobile apps, and attacks against servers and network appliances like routers and IoT devices.

images from Hacker News

A cyberespionage threat actor known for targeting a variety of critical infrastructure sectors in Africa, the Middle East, and the U.S. has been observed using an upgraded version of a remote access trojan with information stealing capabilities.

Calling TA410 an umbrella group comprised of three teams dubbed FlowingFrog, LookingFrog, and JollyFrog, Slovak cybersecurity firm ESET assessed that “these subgroups operate somewhat independently, but that they may share intelligence requirements, an access team that runs their spear-phishing campaigns, and also the team that deploys network infrastructure.”

TA410 — said to share behavioural and tooling overlaps with APT10 (aka Stone Panda or TA429) — has a history of targeting U.S.-based organizations in the utilities sector as well as diplomatic entities in the Middle East and Africa.

Other identified victims of the hacker collective include a manufacturing company in Japan, a mining business in India, and a charity in Israel, in addition to unnamed victims in the education and military verticals.

TA410 was first documented by Proofpoint in August 2019 when the threat actor unleashed phishing campaigns containing macro-laden documents to compromise utility providers across the U.S. with a modular malware called LookBack.

images from Hacker News

You’ve been asked for a Vulnerability Assessment Report for your organisation and for some of you reading this article, your first thought is likely to be “What is that?”

Worry not. This article will answer that very question as well as why you need a Vulnerability Assessment Report and where you can get one from.

As it’s likely the request for such a report came from an important source such as the Board, a partner, a client or an auditor, there isn’t a moment to waste. So let’s drive straight in.

What is a Vulnerability Assessment Report and why do you need one?

A Vulnerability Assessment Report is simply a document that illustrates how you are managing your organisation’s vulnerabilities. It’s important because, with tens of thousands of new technology flaws being discovered every year, you need to be able to prove that your organisation does its best to avoid attack if you want to be trusted by partners and customers.

A best security practice recommended by governments across the world, a vulnerability assessment is an automated review process that provides insights into your current security state. The vulnerability assessment report is the outcome of this review. Used as a roadmap to a better state of security preparedness, it lays out the unique risks your organisation is up against due to the technology you use, and reveals how best to overcome them with minimal disruption to your core business strategy and operations.

images from Hacker News