US and UK Expose New Malware Used by MuddyWater Hackers

This is expected as we continue to see the ongoing conflict between Russia and Ukraine.

“US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide.

This was revealed today in a joint advisory issued by CISA, the Federal Bureau of Investigation (FBI), the US Cyber Command’s Cyber National Mission Force (CNMF), UK’s National Cyber Security Centre (NCSC-UK), and the National Security Agency (NSA).”

continue to read: https://www.bleepingcomputer.com/news/security/us-and-uk-expose-new-malware-used-by-muddywater-hackers/

U.S. Banks Are Prepared for Russia Sanctions

U.S. financial institutions are largely prepared to handle a new round of Russia-related sanctions in the wake of the invasion of Ukraine, given the steady ratcheting up of pressure against Russia over the past eight years and recent warnings of such measures from the Biden administration, according to experts with knowledge of the U.S. banking sector.

The expanding conflict, however, will present some additional challenges for U.S. banks, from how they manage their correspondent banking relationships to possible retaliatory cyberattacks deriving from Russia.

continue reading: https://www.wsj.com/articles/u-s-banks-are-prepared-for-russia-sanctions-but-concerns-grow-about-potential-hacks-11645743246

Data wiper attacks on Ukraine were planned at least in November and used ransomware as decoy

Yesterday, researchers from cybersecurity firms ESET and Broadcom’s Symantec discovered a new data wiper malware that was employed in a recent wave of attacks that hit hundreds of machines in Ukraine.

A tweet from ESET revealed that the company’s telemetry shows the presence of the wiper, tracked as “HermeticWiper” (aka KillDisk.NCV), on hundreds of machines in the country. According to the security firm, the infections followed the DDoS attacks against several Ukrainian websites, including Ministry of Foreign Affairs, Cabinet of Ministers, and Rada.

continue reading: https://securityaffairs.co/wordpress/128361/malware/ukraine-ransomware-decoy-wiper.html

Strategies for complying with multiple data privacy regimes

Your company will be held to treating the personally identifiable information (PII) it collects with respect, storing it securely, and not using it for purposes other than what was disclosed.

These are common-sense data privacy protections that, coincidentally and conveniently, are also requirements of laws like the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).

continue reading: https://www.complianceweek.com/data-privacy/strategies-for-complying-with-multiple-data-privacy-regimes/31367.article

Cybercriminals seeking more than just ransomware payment

Venafi announced the findings of a global survey of IT decision-makers looking into the use of double and triple extortion as part of ransomware attacks. The data reveals that 83% of successful ransomware attacks now include alternative extortion methods, such as using the stolen data to extort customers (38%), exposing data on the dark web (35%), and informing customers that their data has been stolen (32%). extortion ransomware attacks

Just 17% of successful attacks solely asked for a ransom in return for a decryption key, meaning that many new forms of extortion are now more common than traditional methods. As data is now being exfiltrated, having a back-up of data – while still essential for recovery from an attack – is no longer effective for containing a breach.

continue reading: https://www.helpnetsecurity.com/2022/02/25/extortion-ransomware-attacks/

IT leadership: Your first 90 Days as CIO

One of the most rewarding experiences you can have as a CIO is successfully transforming an IT organization to make a significant impact on an organization. This is one reason most CIOs accept a new opportunity: to embrace the challenge of taking a company to the next level.

Your first 90 days as a new CIO are extremely important. You’ll have the attention of executive leadership and an open runway to chart a new course for IT and the company. To do this, you need to define an IT strategy and execution plan.

continue reading: https://enterprisersproject.com/article/2022/2/it-leadership-your-first-90-days-cio

Putin Warns Russian Critical Infrastructure to Brace for Potential Cyber Attacks

The Russian government on Thursday warned of cyber attacks aimed at domestic critical infrastructure operators, as the country’s full-blown invasion of Ukraine enters the second day.

In addition to cautioning of the “threat of an increase in the intensity of computer attacks,” Russia’s National Computer Incident Response and Coordination Center said that the “attacks can be aimed at disrupting the functioning of important information resources and services, causing reputational damage, including for political purposes.”

continue reading: https://thehackernews.com/2022/02/putin-warns-russian-critical.html

Fears Rise of Potential Russian Cyberattacks on US, Allies Over Sanctions

Tension is mounting over the potential for Russia’s cyberattacks in Ukraine to spread to organizations in the US and other countries that have imposed economic and other sanctions on Russia over its invasion of Ukraine this week.

The fears are being fueled both by recent precedent and by the nature of the malicious activity directed at organizations in Ukraine over the past several weeks and months by cyber threat actors believed to be affiliated with the Russian government.

continue reading: https://www.darkreading.com/attacks-breaches/fears-rise-of-potential-russian-cyberattacks-on-us-allies-over-sanctions

UK urges businesses to bolster online defences

The threat of cyberattacks against Ukraine and countries opposed to Russia’s invasion of its neighbour prompted National Cyber Security Centre (NCSC) to issue a call Monday for UK businesses and other entities to strengthen their cyber resilience.

In a posting on its website, the NCSC said while it was not yet aware of any current specific threats to UK businesses and other entities stemming from the Ukraine conflict, organisations should be taking steps to lower their risk of falling victim to a cyberattack.

continue reading: https://www.fm-magazine.com/news/2022/feb/uk-urges-businesses-bolster-online-defences.html

Zenly Social-Media App Bugs Allow Account Takeover

A pair of bugs in the Snap-owned tracking app reveal phone numbers and allow account hijacking.

Zenly, a social app from Snap that allows users to see the locations of friends and family on a live map, contains a pair of vulnerabilities that could endanger those being tracked.

According to the Checkmarx Security Research Team, the bugs are a user-data exposure vulnerability and an account-takeover vulnerability. Both have been patched, and users should upgrade their apps to the latest version to avoid compromise.

continue reading: https://threatpost.com/zenly-bugs-account-takeover/178646/

More Cyber Security News at https://que.com/tag/cybersecurity

Support @QUE.COM

Founder, QUE.COM Internet Media. | Founder, Yehey.com a Shout for Joy! | MAJ.COM Management of Assets and Joint Ventures. More at KING.NET Ideas to Life.

Leave a Reply