Geopolitical tensions often make headlines and present a golden opportunity for threat actors to exploit the situation, especially those targeting high-profile victims. In the past month while the Russian invasion of Ukraine was unfolding, Check Point Research (CPR) has observed advanced persistent threat (APT) groups around the world launching new campaigns, or quickly adapting ongoing ones to target victims with spear-phishing emails using the war as a lure. The attackers use decoys ranging from official-looking documents to news articles or even job postings, depending on the targets and region. Many of these lure documents utilize malicious macros or template injection to gain an initial foothold into the targeted organizations, and then launch malware attacks.
Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses. Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.
Russia is preparing disruptive cyberattacks that could target U.S. energy and financial industries to cause further pain to the Biden administration, in retaliation for heavy sanctions against the Kremlin for its invasion of Ukraine, several people familiar with the matter told Foreign Policy. The FBI warned five U.S. energy companies in mid-March that computers using Russian internet addresses had been scanning their networks, in a possible prelude to bigger cyberattacks. Top U.S. cybersecurity officials have warned that Russia is looking to conduct disruptive or destructive digital attacks, as opposed to conducting routine espionage.
Spring released emergency updates to fix the ‘Spring4Shell’ zero-day remote code execution vulnerability, which leaked prematurely online before a patch was released. Yesterday, an exploit for a zero-day remote code execution vulnerability in the Spring Framework dubbed ‘Spring4Shell’ was briefly published on GitHub and then removed. However, as nothing stays hidden on the Internet, the code was quickly shared in other repositories and tested by security researchers, who confirmed it was a legitimate exploit for a new vulnerability.
Millions of dollars worth of crypto donations have flooded into Ukraine since Russia invaded last month, but about half of the purported humanitarian campaigns were scams, according to a new report by blockchain research firm TRM. Based on data TRM collected from 50 distinct crypto-donation campaigns to send funds to humanitarian or military efforts in Ukraine, “obvious scam” campaigns comprised about half of them. TRM researchers noted that the surge in global attention and people’s eagerness to donate to Ukraine created an opportunity for scammers to promote fake fundraisers. Organizations used mock-campaign names like Support Ukraine, Ukraine-Fund, and Ukraine NOW to lure donations.
Apple has released updates for many of its operating systems, fixing vulnerabilities that the tech giant says may be under active exploitation. Affecting macOS, iOS, and iPadOS is CVE-2022-22675, a bug in the audio and video decoder which allows an application to run arbitrary code with kernel privileges. The fix is contained in iOS 15.4.1 and iPadOS 15.4.1, which is available for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and 7th gen iPod touch. The iOS release also fixed a battery drain issue.