Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises

The threat actor known as Rare Werewolf formerly Rare Wolf has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States CIS countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developin...

Kazakh Organizations Targeted by 'Bloody Wolf' Cyber Attacks

Organizations in Kazakhstan are the target of a threat activity cluster dubbed Bloody Wolf that delivers a commodity malware called STRRAT aka Strigoi Master. "The program selling for as little as $80 on underground resources allows the adversaries to take control of corporate computers and hijac...

[SECURITY] [DLA 3788-1] tzdata new timezone database

------------------------------------------------------------------------- Debian LTS Advisory DLA-3788-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort April 18, 2024 https://wiki.debian.org/LTS -...

April 9, 2024—KB5036909 (OS Build 20348.2402)

April 9, 2024—KB5036909 OS Build 20348.2402 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out when n...

April 9, 2024—KB5036925 (OS Build 10240.20596) - EXPIRED

April 9, 2024—KB5036925 OS Build 10240.20596 - EXPIRED EXPIRATION NOTICEIMPORTANT As of January 27, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 12/8/20 For...

April 9, 2024—KB5036896 (OS Build 17763.5696) - EXPIRED

April 9, 2024—KB5036896 OS Build 17763.5696 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. ​​​​​​​ 11/17/20 For...

April 9, 2024—KB5036899 (OS Build 14393.6897) - EXPIRED

April 9, 2024—KB5036899 OS Build 14393.6897 - EXPIRED EXPIRATION NOTICEIMPORTANT As of March 31, 2026, this update is no longer available from the Microsoft Update Catalog or other release channels. We recommend that you update your devices to the latest version of Windows. --- 11/19/20 For...

Update of tzdata

Upgrade to tzdata-2024a - Kazakhstan unifies on UTC+5 beginning 2024-03-01. - Palestine springs forward a week later after Ramadan. - localtime no longer mishandles Ciudad Juárez in 2422. - zic no longer pretends to support indefinite-past DST. - Ittoqqortoormiit, Greenland changes time zones on...

How helpful are estimates about how much cyber attacks cost?

Coming from the newspaper and media industry, Im no stranger to wanting to write catchy headlines. Im certainly at fault for throwing together a story about so-and-sos house sold for X million dollars. But recently Ive been wondering if those "big numbers" for cybersecurity are helpful at all, ev...

YoroTrooper: Researchers Warn of Kazakhstan's Stealthy Cyber Espionage Group

A relatively new threat actor known as YoroTrooper is likely made up of operators originating from Kazakhstan. The assessment, which comes from Cisco Talos, is based on their fluency in Kazakh and Russian, use of Tenge to pay for operating infrastructure, and very limited targeting of Kazakhstani...

Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan

Cisco Talos assesses with high confidence that YoroTrooper, an espionage-focused threat actor first active in June 2022, likely consists of individuals from Kazakhstan based on their use of Kazakh currency and fluency in Kazakh and Russian. The actor also appears to have a defensive interest in t...

Russian Cybersecurity Executive Arrested for Alleged Role in 2012 Megahacks

Nikita Kislitsin, formerly the head of network security for one of Russias top cybersecurity firms, was arrested last week in Kazakhstan in response to 10-year-old hacking charges from the U.S. Department of Justice. Experts say Kislitsins prosecution could soon put the Kazakhstan government in a...

Spyware Vendors Caught Exploiting Zero-Day Vulnerabilities on Android and iOS Devices

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group TAG has revealed. The two distinct campaigns were both limited and highly targeted, taking advantage of the patch gap...

Minecraft Servers Under Attack: Microsoft Warns About Cross-Platform DDoS Botnet

Microsoft on Thursday flagged a cross-platform botnet that's primarily designed to launch distributed denial-of-service DDoS attacks against private Minecraft servers. Called MCCrash, the botnet is characterized by a unique spreading mechanism that allows it to propagate to Linux-based devices...

Meta Takes Down Fake Facebook and Instagram Accounts Linked to Pro-U.S. Influence Operation

Meta Platforms on Tuesday said it took down a network of accounts and pages across Facebook and Instagram that were operated by people associated with the U.S. military to spread narratives that depicted the country in a favorable light in the Middle East and Central Asia. The network, which...

New KmsdBot Malware Hijacking Systems for Mining Crypto and Launch DDoS Attacks

A newly discovered evasive malware leverages the Secure Shell SSH cryptographic protocol to gain entry into targeted systems with the goal of mining cryptocurrency and carrying out distributed denial-of-service DDoS attacks. Dubbed KmsdBot by the Akamai Security Intelligence Response Team SIRT, t...

Google Says ISPs Helped Attackers Infect Targeted Smartphones with Hermit Spyware

A week after it emerged that a sophisticated mobile spyware dubbed Hermit was used by the government of Kazakhstan within its borders, Google said it has notified Android users of infected devices. Additionally, necessary changes have been implemented in Google Play Protect — Android's built-in...

Google Warns Spyware Being Deployed Against Android, iOS Users

Google is warning victims in Kazakhstan and Italy that they are being targeted by Hermit, a sophisticated and modular spyware from Italian vendor RCS Labs that not only can steal data but also record and make calls. Researchers from Google Threat Analysis Group TAG revealed details in a blog post...

Google Warns of New Spyware Targeting iOS and Android Users

The spyware has been used to target people in Italy, Kazakhstan, and Syria, researchers at Google and Lookout have found...

Kazakh Govt. Used Spyware Against Protesters

An agent of the Kazakhstan government has been using enterprise-grade spyware against domestic targets, according to Lookout research published last week. The government entity used brand impersonation to trick victims into downloading the malware, dubbed “Hermit.” Hermit is an advanced, modular...