Russia Issues Its Own TLS Certs
The country’s citizens are being blocked from the internet because foreign certificate authorities can’t accept payments due to Ukraine-related sanctions, so it created its own CA.
Lisa Vaas
Malware Posing as Russia DDoS Tool Bites Pro-Ukraine Hackers
Be careful when downloading a tool to cyber-target Russia: It could be an infostealer wolf dressed in sheep’s clothing that grabs your cryptocurrency info instead.
Multi-Ransomwared Victims Have It Coming–Podcast
Let’s blame the victim. IT decision makers’ confidence about security doesn’t jibe with their concession that repeated incidents are their own fault, says ExtraHop’s Jamie Moles.
The ever-shifting, ever-more-powerful malware is now hijacking email threads to download malicious DLLs that inject password-stealing code into webpages, among other foul things.
The China-affiliated state-sponsored threat actor used Log4j and zero-day bugs in the USAHerds animal-tracking software to hack into multiple government networks.
NVIDIA certificates are being used to sign malware, enabling malicious programs to pose as legitimate and slide past security safeguards on Windows machines.
Notes threatening to tank targeted companies’ stock price were embedded into the DDoS ransomware attacks as a string_of_text directed to CEOs and webops_geeks in the URL.
Cruddy cryptography means victims whose files have been encrypted by the Ukraine-tormenting ransomware can break the chains without paying extortionists.
It’s not just Ukraine: There’s a flood of intel on Russian military, nukes and crooks, says dark-web intel expert Vinny Troia, even with the Conti ransomware gang shuttering its leaking Jabber chat server.
Stock the liquor cabinet and take a shot whenever you hear GitLab Staff Security Researcher Mark Loveless say “Zero Trust.”
