The Breach News

Researchers Uncover Cyber Campaign by Space Pirates Targeting Organizations in Russia and Serbia

August 1, 2023
Cyber Attack / Malware

The cyber threat group known as Space Pirates has been implicated in attacks on at least 16 organizations across Russia and Serbia in the past year, utilizing innovative tactics and expanding their cyber arsenal. According to a detailed report from Positive Technologies released last week, the group’s primary objectives remain espionage and the theft of sensitive information, but they have broadened both their targets and geographical reach. The affected entities include government agencies, educational institutions, private security firms, aerospace manufacturers, agricultural producers, and companies in the defense, energy, and healthcare sectors. Space Pirates was initially identified by Positive Technologies in May 2022, specifically for its attacks on the aerospace industry in Russia. The group is believed to have been active since at least late 2019 and is linked to another cyber adversary tracked by Symantec under the name Webworm. Positive Technologies’ investigation into these attacks reveals further insights into the group’s methods and targets.

Space Pirates’ Cyber Operations Targeting Organizations in Russia and Serbia Unveiled In a troubling revelation, researchers from Positive Technologies have identified a series of cyber attacks conducted by a threat actor known as Space Pirates, targeting at least 16 organizations in Russia and Serbia throughout the past year. This group…

Read More

Researchers Uncover Cyber Campaign by Space Pirates Targeting Organizations in Russia and Serbia

August 1, 2023
Cyber Attack / Malware

The cyber threat group known as Space Pirates has been implicated in attacks on at least 16 organizations across Russia and Serbia in the past year, utilizing innovative tactics and expanding their cyber arsenal. According to a detailed report from Positive Technologies released last week, the group’s primary objectives remain espionage and the theft of sensitive information, but they have broadened both their targets and geographical reach. The affected entities include government agencies, educational institutions, private security firms, aerospace manufacturers, agricultural producers, and companies in the defense, energy, and healthcare sectors. Space Pirates was initially identified by Positive Technologies in May 2022, specifically for its attacks on the aerospace industry in Russia. The group is believed to have been active since at least late 2019 and is linked to another cyber adversary tracked by Symantec under the name Webworm. Positive Technologies’ investigation into these attacks reveals further insights into the group’s methods and targets.

Live Webinar | Empowering Teams for Compliance and Cyber Resilience in Meeting Security Standards

Profile of Theo Zafirakos: CISO and Cybersecurity Strategist CISO and Professional Services Lead at Fortra’s Terranova Security Theo Zafirakos stands out as a prominent figure in the cybersecurity landscape, serving as the Chief Information Security Officer at Fortra’s Terranova Security. With extensive expertise in security awareness strategy, governance, and privacy,…

Read MoreLive Webinar | Empowering Teams for Compliance and Cyber Resilience in Meeting Security Standards

Safaricom Faces Scrutiny as Senators Seek Explanations on Alleged Data Breaches

Pedestrians walk past a Safaricom customer service center in Nairobi’s central business district during the launch of its 5G internet service on October 27, 2022. (Reuters) Safaricom, Kenya’s leading telecommunications provider, is currently under investigation by Kenyan legislators regarding allegations of subscriber privacy violations and potential state surveillance facilitation. The…

Read MoreSafaricom Faces Scrutiny as Senators Seek Explanations on Alleged Data Breaches

Dependency Confusion Attack Targets Archived Apache Cordova App Harness

Apr 23, 2024
Supply Chain Attack / Application Security

Researchers have uncovered a dependency confusion vulnerability affecting the archived Apache project Cordova App Harness. These types of attacks exploit a flaw in package managers that prioritize public repositories over private registries. This allows malicious actors to publish harmful packages under the same name to public repositories, causing package managers to mistakenly download the fraudulent version instead of the intended private one. If executed successfully, this attack can severely impact downstream customers who install the compromised package. A May 2023 analysis conducted by enterprise security firm Orca found that nearly 49% of organizations are at risk of such an attack, as they rely on npm and PyPI packages stored in cloud environments. Although npm and other package managers have introduced fixes to favor private versions of packages, the threat remains significant, according to application security firm Legit Security.

Apache Cordova App Harness Exposed in Dependency Confusion Attack On April 23, 2024, cybersecurity researchers revealed a vulnerability in an archived Apache project known as Cordova App Harness. This security risk arises from dependency confusion attacks, a technique leveraged by threat actors exploiting weaknesses in package management systems. In these…

Read More

Dependency Confusion Attack Targets Archived Apache Cordova App Harness

Apr 23, 2024
Supply Chain Attack / Application Security

Researchers have uncovered a dependency confusion vulnerability affecting the archived Apache project Cordova App Harness. These types of attacks exploit a flaw in package managers that prioritize public repositories over private registries. This allows malicious actors to publish harmful packages under the same name to public repositories, causing package managers to mistakenly download the fraudulent version instead of the intended private one. If executed successfully, this attack can severely impact downstream customers who install the compromised package. A May 2023 analysis conducted by enterprise security firm Orca found that nearly 49% of organizations are at risk of such an attack, as they rely on npm and PyPI packages stored in cloud environments. Although npm and other package managers have introduced fixes to favor private versions of packages, the threat remains significant, according to application security firm Legit Security.

U.K. Electoral Commission Cyberattack Compromises Voter Data of 40 Million Citizens On August 9, 2023, the U.K. Electoral Commission revealed a “complex” cyberattack that remained undetected for over a year, resulting in unauthorized access to voter data for 40 million individuals. The breach was identified in October 2022 following the detection of suspicious activity, revealing that attackers had first infiltrated the systems in August 2021. This intrusion allowed access to the Commission’s servers, which housed email systems, control infrastructure, and copies of electoral registers for research purposes. The culprits behind the attack have not yet been identified. The compromised registers include names and addresses of U.K. voters who registered between 2014 and 2022, along with details of registered overseas voters; however, data for those registered anonymously and overseas elector addresses were not included.

U.K. Electoral Commission Data Breach Exposes Personal Information of 40 Million Voters On August 8, 2023, the U.K. Electoral Commission revealed that it had fallen victim to a significant cyber attack, a breach that remained undetected for over a year. This malicious intrusion granted attackers access to a comprehensive dataset…

Read MoreU.K. Electoral Commission Cyberattack Compromises Voter Data of 40 Million Citizens On August 9, 2023, the U.K. Electoral Commission revealed a “complex” cyberattack that remained undetected for over a year, resulting in unauthorized access to voter data for 40 million individuals. The breach was identified in October 2022 following the detection of suspicious activity, revealing that attackers had first infiltrated the systems in August 2021. This intrusion allowed access to the Commission’s servers, which housed email systems, control infrastructure, and copies of electoral registers for research purposes. The culprits behind the attack have not yet been identified. The compromised registers include names and addresses of U.K. voters who registered between 2014 and 2022, along with details of registered overseas voters; however, data for those registered anonymously and overseas elector addresses were not included.

ISMG Summit Sheds Light on Rising Threats from Third-Party Vendors

Explore topics like Third-Party Risk Management, Finance & Banking, and Governance & Risk Management. Industry Experts Urge Enhanced Focus on Third-Party Risk Management in Financial Services Chris Riotta (@chrisriotta) • November 8, 2024 Metaphorically, castles made of sand are bound to crumble. (Image: Shutterstock) Cybercriminals, frustrated by the fortified defenses…

Read MoreISMG Summit Sheds Light on Rising Threats from Third-Party Vendors

Mastering Secrets Management: Overcoming Common Challenges

In the world of cybersecurity, the importance of effective secrets management cannot be overstated—it is the cornerstone of your security framework. We all understand the necessity of protecting API keys, connection strings, and certificates. However, this is not merely a ‘set it and forget it’ task; rather, it involves the continuous safeguarding of sensitive information in an ever-evolving threat landscape. In this guide, we will illuminate frequent pitfalls that can lead to security breaches and provide you with the tools and strategies needed to navigate and conquer these challenges. Think of it as your essential roadmap to mastering secrets management across various scenarios.

Top 5 Common Secrets Management Mistakes

Let’s explore some of the typical secrets management blunders that can trip up even the most experienced teams:

  1. Hard Coding Secrets in Code Repositories: One of the most prevalent mistakes…

Secrets Sensei: Addressing Secrets Management Challenges Date: Mar 08, 2024 Category: Secrets Management / Access Control In the ever-evolving landscape of cybersecurity, the importance of effective secrets management cannot be overstated. As businesses increasingly rely on digital infrastructure, securing sensitive information—such as API keys, connection strings, and certificates—becomes paramount. This…

Read More

Mastering Secrets Management: Overcoming Common Challenges

In the world of cybersecurity, the importance of effective secrets management cannot be overstated—it is the cornerstone of your security framework. We all understand the necessity of protecting API keys, connection strings, and certificates. However, this is not merely a ‘set it and forget it’ task; rather, it involves the continuous safeguarding of sensitive information in an ever-evolving threat landscape. In this guide, we will illuminate frequent pitfalls that can lead to security breaches and provide you with the tools and strategies needed to navigate and conquer these challenges. Think of it as your essential roadmap to mastering secrets management across various scenarios.

Top 5 Common Secrets Management Mistakes

Let’s explore some of the typical secrets management blunders that can trip up even the most experienced teams:

  1. Hard Coding Secrets in Code Repositories: One of the most prevalent mistakes…

Cybersecurity Updates: Data Breaches, Vulnerabilities, and Attack Insights

In this week’s Cybersecurity Newsletter, we bring you informed updates and critical insights from the ever-evolving sector of cybersecurity. Our selection of top stories keeps you appraised of the latest threats and trends in this fast-paced digital environment. Equip yourself with knowledge to safeguard your organization against emerging risks while…

Read MoreCybersecurity Updates: Data Breaches, Vulnerabilities, and Attack Insights

Lazarus Group from North Korea Unleashes New Kaolin RAT via Fake Job Offers

April 25, 2024
Malware / Cyber Threat

The North Korean cyber threat actor Lazarus Group has once again leveraged its longstanding tactic of using bogus job offers to distribute a new remote access trojan (RAT) known as Kaolin RAT. Targeting specific individuals in the Asia region during the summer of 2023, this malware not only performs standard RAT functions but also has the ability to modify file timestamps and load DLL binaries from a command-and-control server, as noted by Avast security researcher Luigino Camastra in a recent report. The Kaolin RAT serves as an entry point for the FudModule rootkit, which has been found exploiting a recently patched admin-to-kernel vulnerability in the appid.sys driver (CVE-2024-21338, CVSS score: 7.8). This exploit enables it to gain kernel read/write capabilities and disable security mechanisms. Lazarus Group’s strategy of using job offers for infiltration, known as Operation Dream Job, has a history of successfully employing various social media platforms for this purpose.

Lazarus Group Launches New Kaolin RAT Targeting Individuals in Asia Through Deceptive Job Offers April 25, 2024 Malware / Cyber Threat In a concerning development, the Lazarus Group, a North Korea-linked threat actor, has recently leveraged fake job postings to disseminate a sophisticated remote access trojan (RAT) named Kaolin RAT.…

Read More

Lazarus Group from North Korea Unleashes New Kaolin RAT via Fake Job Offers

April 25, 2024
Malware / Cyber Threat

The North Korean cyber threat actor Lazarus Group has once again leveraged its longstanding tactic of using bogus job offers to distribute a new remote access trojan (RAT) known as Kaolin RAT. Targeting specific individuals in the Asia region during the summer of 2023, this malware not only performs standard RAT functions but also has the ability to modify file timestamps and load DLL binaries from a command-and-control server, as noted by Avast security researcher Luigino Camastra in a recent report. The Kaolin RAT serves as an entry point for the FudModule rootkit, which has been found exploiting a recently patched admin-to-kernel vulnerability in the appid.sys driver (CVE-2024-21338, CVSS score: 7.8). This exploit enables it to gain kernel read/write capabilities and disable security mechanisms. Lazarus Group’s strategy of using job offers for infiltration, known as Operation Dream Job, has a history of successfully employing various social media platforms for this purpose.