U.S. Officials Warn That Moscow Could Manipulate Kaspersky Software to Cause Harm
Apple and Meta provided customer data to fake cops, Threat actors use Ukraine war to target Eastern European and NATO countries, Spring Core flaw is not Log4Shell-level, more
Metacurity is a reader-supported publication. To receive new posts and support my work, consider becoming a free or paid subscriber.
According to a senior U.S. official and two people familiar with the matter, the U.S. government began privately warning some American companies the day after Russia invaded Ukraine that Moscow could manipulate software designed by Russian cybersecurity company Kaspersky to cause harm.
The senior official said that Russian law enforcement or intelligence agencies could coerce Kaspersky's Russia-based staff into providing or helping establish remote access to their customers' computers. A Kaspersky spokeswoman said that the briefings would be "further damaging" to Kaspersky’s reputation "without allowing the company to respond directly to such concerns" and that it "is not appropriate or just."
The U.S. government has long suspected Kaspersky of being a national security risk, banning its products from federal information systems in 2017. Last week, the Federal Communications Commission (FCC) added Russian cybersecurity firm Kaspersky to its Covered List, saying it poses unacceptable risks to U.S. national security. (Chris Bing / Reuters)
According to three people with knowledge of the matter, Apple and Meta Platforms, the parent company of Facebook, provided customer data to hackers who masqueraded as law enforcement officials.
The companies provided basic subscriber details, such as a customer’s address, phone number, and IP address, in response to what they believed were bona fide emergency data requests or EDRs. EDRs, unlike other law enforcement data requests, don’t require a court order.
Researchers suspect that some of the hackers sending the forged requests are minors located in the U.K. and the U.S. One of the minors is also believed to be the mastermind behind the cybercrime group Lapsus$, which hacked Microsoft Corp., Samsung Electronics Co., and Nvidia Corp., among others. Snap Inc. received a forged legal request from the same hackers, but it isn’t known whether the company provided data in response. (William Turton / Bloomberg)
Related: The Verge, Gizmodo, iDownloadBlog.com, iPhone Hacks, Business Insider, WCCFtech, protocol, BGR, The Hill: Cybersecurity, Cult of Mac, Engadget, Cult of Mac, MacRumors, 9to5Mac, Philip Elmer DeWitt's Apple 3.0, reddit TECH NEWS, DataBreaches.net, Pixel Envy, PYMNTS.com, Digital Journal, iMore, RT USA, WCCFtech, The Hill: Cybersecurity, Cult of Android, MacDailyNews, Security News | Tech Times, Tech Xplore, NDTV Gadgets360.com, Security Week, Gizchina.com, Big News Network, BGR, Silicon Republic, Benzinga, Softpedia News
William Turton @WilliamTurtonSCOOP: Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests https://t.co/RS5uzyi4a5
William Turton @WilliamTurtonSCOOP: Apple and Facebook provided user data in response to forged legal requests sent by hackers using compromised law enforcement email systems, according to three people familiar with the matter. Full story with much more details to follow.
Google’s Threat Analysis Group (TAG) says more and more threat actors are now using Russia's war in Ukraine to target Eastern European and NATO countries, including Ukraine, in phishing and malware attacks.
Google points to credential phishing attacks coordinated by a Russian-based threat group tracked as COLDRIVER against a NATO Centre of Excellence and Eastern European militaries. The hackers also targeted a Ukrainian defense contractor, several US-based non-governmental organizations (NGOs), and think tanks. (Sergiu Gatlan / Bleeping Computer)
A newly disclosed remote code execution (RCE) vulnerability in Spring Core, a widely used Java framework, does not appear to represent a Log4Shell-level threat, despite some media characterizations.
Researchers at Flashpoint and its Risk Based Security unit say the newly disclosed RCE in Spring Core, dubbed “SpringShell” or “Spring4Shell” in some reports, has significant differences from Log4Shell and most likely is not as severe. Researchers suggest that while it’s technically possible for the vulnerability to be exploited, the critical question is how many real-world applications are impacted. (Kyle Alspach / Venture Beat)
Industry sources say that insurers face potential multi-billion dollar claims for cyber-attacks related to Russia's invasion of Ukraine, despite policy wording designed to get them off the hook for war.
Cyber insurance covers a business to repair hacked networks, business interruption losses, and cyber ransom payments. But, such policies do not cover war or attacks by so-called "state-sponsored actors.” However, a particular grey area is over cyber terror attacks, which are generally covered by insurance. (Carolyn Cohn and Noor Zainab Hussain / Reuters)
Wireless and wired data communications company Ubiquiti filed a lawsuit against highly-regarded cybersecurity journalist Brian Krebs for $425 million in damages for allegedly falsely accusing the company of “covering up” a cyberattack.
The lawsuit alleges that Krebs intentionally misled the public about a data breach and a subsequent blackmail attempt. Ubiquiti’s complaint says that Krebs disregarded the company's steps to target Ubiquiti and increase ad revenue by driving traffic to his website, KrebsonSecurity. (Steve Zurier / SC Magazine)