The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it. This security bug is an actively exploited Windows LSA spoofing zero-day tracked as CVE-2022-26925, confirmed as a new PetitPotam Windows NTLM Relay attack vector. Read more >>>
On Thursday, Apple's security response team released emergency patches to cover a pair of "actively exploited" vulnerabilities affecting macOS, iOS, and iPadOS devices. Apple confirmed the two security defects -- CVE-2022-22675 and CVE-2022-22674 -- in all its major operating systems and warned that remote code execution attacks may already be underway. Read more >>>
On Monday, the U.S. government once again cautioned of potential cyber-attacks from Russia in retaliation for economic sanctions imposed by the west on the country following its military assault on Ukraine last month. The development comes as the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of "possible threats" to U.S. and international satellite communication (SATCOM) networks. Read more >>>
March 11, 2022
A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans. Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities. Read more >>>
Earlier this week, US-led sanctions on Russia for its invasion of Ukraine have sparked considerable concern about retaliatory and spillover cyberattacks from the region on US organizations and those based in other allied nations. Many expect the attacks to run the gamut from destructive campaigns involving the use of disk-wipers and ransomware to distributed-denial-of-service attacks, phishing, disinformation, misinformation, and influence campaigns. Read more >>>
While legitimate concerns abound about the Russian-Ukrainian conflict sparking a far-reaching cyberwarfare conflagration around the globe, small-time crooks are also ramping up their efforts amid the crisis. Phishing emails to Microsoft users warning of Moscow-led account hacking have started to make the rounds, looking to lift credentials and other personal details. Read more >>>