Tag Archive for: east

DPRK hacking for profit. MedusaLocker warning. C2C market notes. Cyber conflict in the Middle East and in Russia’s war.

/in


Dateline Ashgabat, Moscow, Kyiv, and Washington: Russia restates its security objectives.

Ukraine at D+127: Strikes against civilians along the Black Sea coast. (The CyberWire) Having withdrawn from Snake Island (as a humanitarian gesture, says the Kremlin; because the Ukrainians drove them out, says basically everyone else) Russian forces struck an apartment building along the Black Sea coast with Kh-22 Kitchen missiles, killing at least nineteen noncombatants, Norway recovers from what looks like a deniable Russian state DDoS attack, and NATO plans its rapid cyber response capability.

Russia-Ukraine war: what we know on day 128 of the invasion (the Guardian) At least 19 dead after Russian missile strikes multi-story apartment building in Odesa; Russian forces withdraw from Snake Island in Black Sea

Russia-Ukraine war: List of key events, day 128 (Al Jazeera) As the Russia-Ukraine war enters its 128th day, we take a look at the main developments.

Russian missiles kill at least 19 in Ukraine’s Odesa region (AP NEWS) Russian missile attacks on residential areas in a coastal town near the Ukrainian port city of Odesa early Friday killed at least 19 people, authorities reported, a day after Russian forces withdrew from a strategic Black Sea island.

Russian forces withdraw from Ukraine’s Snake Island (Washington Post) Russian forces say they have withdrawn from Ukraine’s Snake Island, a highly contested speck of land in the Black Sea they captured shortly after the start of the war — presenting a small but strategic win for Ukraine on Thursday.

Ukraine “big victory” at Snake Island could be a turning point (Newsweek) Russian troops’ ejection from the Black Sea island is of major significance, Ukraine’s former defense minister told Newsweek.

Why Ukraine’s Snake Island victory could be a major blow for Putin (The Telegraph) In Ukrainian hands, the threat to Moscow’s Black Sea fleet will go up, and the risk of an amphibious assault on Odesa will go down

Snake Island: Why Ukraine just won’t let it go (The Telegraph) The rocky Black Sea outcrop where 13 Ukrainian border guards famously refused to surrender has taken on a new significance

Putin’s week: Facing NATO expansion, West’s unity…

Source…

North East businesses should make ethical hacking a new years’ resolution, says cyber expert

/in


Member Article

CyberWhite, a North East based cybersecurity specialist, is encouraging businesses to start the new year emulating a government initiative to give a team of ‘ethical hackers’ the run of Ministry of Defence (MOD) computer systems to find potential weaknesses and threats.

The bug bounty programme will give 26 hackers access to the MOD systems for 30 days to identify areas that might be vulnerable to potential threats from cybercriminals.

CyberWhite has suggested that businesses in the North East could adopt a similar approach, enlisting a cybersecurity specialist to ‘hack’ their own systems to see how easy or difficult it is to access their data.

Businesses could use the exercise to establish the strength of their passwords, whether sensitive documents can be accessed by outside parties, and a company’s vulnerability to viruses.

Matt Hewison, director at CyberWhite, said: “The new year is the perfect time to test your current systems and implement any changes you need to ensure your security.

“The MOD has the right idea, getting ethical hackers to have free rein of the system to really try and flush out the bugs and make sure it’s cyber safe.

“I would encourage local businesses to follow their lead and get their own army of ethical hackers to check exactly how vulnerable their systems are and help them work out how to resolve these issues.”

David Horn, director at CyberWhite, added: “Many business owners are worried about whether their systems are under threat, particularly with the increase in visibility of scammers, and we’ve spoken to a number of people who want peace of mind about the security of their data.

“The MOD are setting a great example in admitting they may have bugs in the system and nipping these problems in the bud. If all businesses did the same, cybercrime would be a thing of the past.”

This was posted in Bdaily’s Members’ News section
by

Source…

The Acronis cyberthreats report 2022 reveals ongoing malware pandemic – Middle East & Gulf News

/in


Acronis, a global leader in cyber protection, recently released its annual Acronis Cyberthreats Report, the 2022 version, providing an in-depth review of cybersecurity trends and threats worldwide.

The report warns that managed service providers (MSPs) are particularly at risk, with more of their own management tools, such as PSA or RMM, used against them by cybercriminals, and thus are becoming increasingly vulnerable to supply chain attacks.

Supply-chain attacks on MSPs are particularly devastating since attackers gain access to both their business and clients, as seen in the SolarWinds breach last year and the Kaseya VSA attack earlier in 2021.

The report also shows that during the second half of 2021, only 20% of companies reported not having been attacked, as opposed to 32% last year.

Key trends of 2021 and predictions for 2022

Beyond the growing efficiency of cybercriminals and the impact on MSPs and small businesses, the Acronis Cyberthreats Report 2022 shows:

  • Phishing remains the main attack vector. 94% of malware gets delivered by email, using social engineering techniques to trick users into opening malicious attachments or links. just this year, Acronis reported blocking 23% more phishing emails and 40% more malware emails in Q3, as compared with Q2 of the same year.
  • Phishing actors develop new tricks, move to messengers. Now targeting OAuth and multifactor authentication tools (MFA), these new tricks allow criminals to take over accounts. To bypass common anti-phishing tools, they will use text messages, Slack, Teams chats and other tools for attacks such as business email compromise (BEC).
  • Ransomware is still the #1 threat. High-value targets include the public sector, healthcare, manufacturing, and other critical organizations. Ransomware continues to be one of the most profitable cyber attacks these days. Acronis predicts ransomware damages will exceed $20 billion before the end of 2021.
  • Cryptocurrency among the attackers’ favorite playing cards. Info stealers and malware that swaps digital wallet addresses are the reality today. We can expect more such attacks waged directly against smart contracts in 2022. Attacks against Web 3.0 apps will also occur more…

Source…

Journalist warns Missouri about security breach. He’s threatened with criminal charges. – East Bay Times

/in


JEFFERSON CITY, Mo. (AP) — Gov. Mike Parson on Thursday condemned the St. Louis Post-Dispatch for exposing a flaw in a state database that allowed public access to thousands of teachers’ Social Security numbers, even though the paper held off from reporting about the flaw until after the state could fix it.

Parson told reporters outside his Capitol office that the Missouri State Highway Patrol’s digital forensic unit will be conducting an investigation “of all of those involved” and that his administration had spoken to the prosecutor in Cole County.

The governor suggested that the Post-Dispatch journalist who broke the story committed a crime and said the news outlet would be held accountable.

The state’s schools department had earlier referred to the reporter who broke the story as “a hacker.”

The Post-Dispatch broke the news about the security flaw on Wednesday. The newspaper said it discovered the vulnerability in a web application that allowed the public to search teacher certifications and credentials.

It notified the Department of Elementary and Secondary Education and gave it time to fix the problem before the story was published.

After removing the pages from its website Tuesday, the agency issued a news release that called the person who discovered the vulnerability a “hacker” — an apparent reference to the reporter — who “took the records of at least three educators.” The agency didn’t elaborate as to what it meant by “took the records” and it declined to discuss the issue further when reached by The Associated Press.

The Post-Dispatch journalist found that the school workers’ Social Security numbers were in the HTML source code of the pages. It estimated that more than 100,000 Social Security numbers were vulnerable.

Source codes are accessible by right-clicking on public webpages.

The newspaper’s president and publisher, Ian Caso, said in a statement that the Post-Dispatch stands by the story and  journalist Josh Renaud, who he said “did everything right.”

“It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to the Department of Elementary…

Source…