Ukraine Secret Service arrests hacker helping Russian invaders
SBU, the Security Service of Ukraine has announced the detention of a “hacker who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory.” This individual is alleged to have broadcast text messages to Ukrainian officials suggesting they surrender and take the side of Russia. “The individual has also been accused of routing phone calls from Russia to the mobile phones of Russian troops in Ukraine.”
SolarWinds warns of attacks targeting Web Help Desk users
SolarWinds has issued an alert warning customers of “potential cyberattacks targeting unpatched Web Help Desk instances. According to Security Week, quoting a SolarWinds alert “a SolarWinds customer reported an external attempted attack on their instance of Web Help Desk (WHD) 12.7.5. The customer’s endpoint detection and response (EDR) system blocked the attack and alerted the customer to the issue.” The company recommends that Web Help Desk customers ensure that their implementations no longer be accessible from the internet, until risks are assessed.
Russia faces IT crisis with just two months of data storage left
Russia faces a critical IT storage crisis following a retreat by Western cloud providers. The country has only two more months before they run out of data storage. The Russian government is busy exploring solutions to this IT storage problem, from leasing all available domestic data storage through to seizing IT resources left behind by businesses that pulled out. The Ministry of Digital Development amended the 2016 Yarovaya Law to “suspend a yearly requirement for telecom operators to increase storage capacity allocations by 15% for anti-terrorist surveillance purposes.” Another move that could free up space would be to demand ISPs abandon resource-hungry media streaming services and other online entertainment platforms.
Microsoft creates tool to scan MikroTik routers for TrickBot infections
Microsoft has released a scanner that “detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers.” Once executed, TrickBot will “connect to a remote command and control server to receive commands and download further payloads to run on the infected machine.” A report from Eclypsium last December showed that “hundreds of thousands of MikroTik routers are still vulnerable to malware botnets, several years after the vendor cautioned about the existence of critical flaws.” Microsoft has released a tool named ‘routeros-scanner’ that network admins can use to scan MikroTik devices for signs that it was compromised by TrickBot.
Thanks to our episode sponsor, Varonis
Sandworm-linked botnet has ASUS in its sights
Researchers from Trend Micro are warning that malware called CyclopsBlink is targeting routers from ASUS. This is a development from them being spotted initially on Firebox devices from WatchGuard. Both manufacturers have issued security bulletins to customers. CISA and other security agencies have linked the botnet to the state-backed Russian advanced persistent threat (APT) group known as Sandworm. Researchers so far have not tied CyclopsBlink to any high-profile target. Trend Micro believes that “its main purpose is to build an infrastructure for future attacks on high-value targets.”
Misconfigured Firebase databases exposing data in mobile apps
New research from Check Point suggests that thousands of mobile apps, some of which have been downloaded tens of millions of times, are “exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations.” The research shows that in three months’ time, “2,113 mobile apps using the Firebase cloud-based database exposed data, leaving victims unprotected and easily accessible for threat actors to exploit,” according to a blog post published this week. “Exposed information includes: chat messages in popular gaming apps, personal family photos, token IDs on … healthcare applications, data from cryptocurrency exchange platforms, and more,” according to the post.
Microsoft datacenter to heat homes in Finland
Microsoft, along with Finland’s largest energy company, Fortum, are building a new datacenter near Helsinki that will heat homes as it cools servers. This is according to an announcement yesterday, and which follows several years of development. The final location of the data center was chosen specifically to move waste datacenter heat through existing water pipes to homes and businesses in the surrounding cities of Espoo and Kauniainen, as well as the municipality of Kirkkonummi. “The technique used is called called district heating, which involves hot water or steam pumped from a central source through insulated pipes that feed radiators. Though common in much of Europe, in the US this technique is mostly used institutionally, in places like college campuses or government complexes.”