Security

Months before the Russian invasion, a team of Americans fanned out across Ukraine looking for a very specific kind of threat.

Some team members were soldiers with the US Army’s Cyber Command. Others were civilian contractors and some employees of American companies that help defend critical infrastructure from the kind of cyber attacks that Russian agencies had inflicted upon Ukraine for years.

Three separate Chinese state-sponsored advanced persistent threat groups have been observed targeting victims, including U.S. state governments, European diplomatic entities and Gmail accounts linked to the U.S. government.

The first group, APT41, also known as Wicked Panda and Winti, is believed by researchers at Mandiant Inc. to have successfully compromised at least six U.S. state government networks. The APT did so by exploiting vulnerable internet-facing web applications, including using zero-day vulnerabilities in the USAHerds application and Apache Log4j.

The web-based software known as the Animal Health Emergency Reporting Diagnostic System, or USAHERDS, serves as a helpful digital tool for state governments to track and trace animal disease through populations of livestock. Now it's turned out to be a kind of infection vector of its own—in the hands of one of China's most prolific groups of hackers.

Specialized health care devices, from imaging tools like CT scanners to diagnostic lab equipment, are often inadequately protected on hospital networks. Now, new findings about seven vulnerabilities in an internet of things remote management tool underscore the interconnected exposures in medical devices and the broader IoT ecosystem.

A new Linux vulnerability known as 'Dirty Pipe' allows local users to gain root privileges through publicly available exploits.

Today, security researcher Max Kellermann responsibly disclosed the 'Dirty Pipe' vulnerability and stated that it affects Linux Kernel 5.8 and later versions, even on Android devices.

Firefox users should install an immediate patch, after with two critical bugs discovered that are reportedly being exploited by attackers.

The first is due to a use-after-free memory corruption issue in the Extensible Stylesheets Language Transformations (XSLT) feature, in which removing a parameter during processing could trigger an exploitable bug.

L33tdawg: 190GB including internal source code is some seriously huge leak :/ 

Samsung has allegedly suffered a major security breach, with hackers claiming to have leaked approximately 190 gigabytes of data, including source code and biometric unlocking algorithms.

On Friday, the Lapsus$ hacking group published a 190-gigabyte trove of confidential data that it claims to have seized from Samsung Electronics. If genuine, the leak may be a big security problem for the Apple rival.

The ransomware group that claims to have taken a terabyte of data from chipmaking giant Nvidia is threatening to release the company’s “most closely-guarded secrets” today unless it meets the gang’s increasingly bizarre demands.

On Thursday, hackers defaced a Russian Space Research Institute website and leaked files that they allege are stolen from Roscosmos, the Russian space agency. Their message? “Leave Ukraine alone else Anonymous will f*ck you up even more.” Meanwhile a DDoS attack pummeled Russia's .ru “top level domain,” with the aim of essentially cutting off access to all URLs that end in .ru. These are just the latest incidents in a surge of hacktivism in support of Ukraine.

Academic researchers have devised a new working exploit that commandeers Amazon Echo smart speakers and forces them to unlock doors, make phone calls and unauthorized purchases, and control furnaces, microwave ovens, and other smart appliances.