Ukraine Secret Service arrests hacker helping Russian invaders
The Security Service of Ukraine (SBU) said it has detained a “hacker” who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory. The anonymous suspect is said to have broadcasted text messages to Ukrainian officials, including security officers and civil servants, proposing that they surrender and take the side of Russia. The individual has also been accused of routing phone calls from Russia to the mobile phones of Russian troops in Ukraine.
SolarWinds warns of attacks targeting Web Help Desk users
SolarWinds this week issued an alert to warn customers of potential cyberattacks targeting unpatched Web Help Desk instances. The Web Help Desk solution provides a ticketing system, service and asset management capabilities, a centralized knowledge base, Active Directory integration, and more. “A SolarWinds customer reported an external attempted attack on their instance of Web Help Desk (WHD) 12.7.5. The customer’s endpoint detection and response (EDR) system blocked the attack and alerted the customer to the issue,” SolarWinds notes in its alert. SolarWinds recommends that Web Help Desk customers ensure that their WHD implementations can no longer be accessed from the internet, at least until potential risks are assessed.
Russia faces IT crisis with just two months of data storage left
Russia faces a critical IT storage crisis after Western cloud providers pulled out of the country, leaving Russia with only two more months before they run out of data storage. The Russian government is exploring various solutions to resolve this IT storage problem, ranging from leasing all available domestic data storage to seizing IT resources left behind by businesses that pulled out of the country. Last week, the Ministry of Digital Development amended the 2016 Yarovaya Law to suspend a yearly requirement for telecom operators to increase storage capacity allocations by 15% for anti-terrorist surveillance purposes. Another move that could free up space would be to demand ISPs abandon media streaming services and other online entertainment platforms that eat up precious resources.
Microsoft creates tool to scan MikroTik routers for TrickBot infections
Microsoft released a scanner that detects MikroTik routers hacked by the TrickBot gang to act as proxies for command and control servers. TrickBot is a malware botnet distributed via phishing emails or dropped by other malware that has already infected a device. Once executed, TrickBot will connect to a remote command and control server to receive commands and download further payloads to run on the infected machine. An Eclypsium report highlighted last December that hundreds of thousands of MikroTik routers are still vulnerable to malware botnets, several years after the vendor cautioned about the existence of critical flaws. Microsoft has now released a forensics tool named ‘routeros-scanner’ that network admins can use to scan MikroTik devices for signs that it was compromised by TrickBot.
Thanks to our episode sponsor, Varonis
Sandworm-linked botnet has ASUS in its sights
The CyclopsBlink malware is now targeting routers from hardware maker ASUS, the researchers said Thursday, after first being discovered on Firebox devices from WatchGuard. Both manufacturers have issued security bulletins to customers. CISA and other security agencies have linked the botnet to the state-backed Russian advanced persistent threat (APT) group known as Sandworm. Researchers so far have not tied CyclopsBlink to any high-profile target. Trend Micro believes that its main purpose is to build an infrastructure for future attacks on high-value targets.
Misconfigured Firebase databases exposing data in mobile apps
Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research (CPR) found that in three months’ time, 2,113 mobile apps using the Firebase cloud-based database exposed data, “leaving victims unprotected and easily accessible for threat actors to exploit,” according to a blog post published this week. “Exposed information includes: chat messages in popular gaming apps, personal family photos, token IDs on … healthcare applications, data from cryptocurrency exchange platforms, and more,” according to the post.
Be ready to lose all your money in crypto, EU regulators warn
Consumers risk losing all their money invested in cryptoassets and could fall prey to scams, the European Union’s securities, banking and insurance watchdogs said in a joint statement on Thursday. It marks a racheting up of direct warnings to consumers about cryptoassets by EU authorities, spelling out that consumers have no protections or recourse to compensation under existing EU financial services law. Regulators are increasingly worried that more consumers are buying 17,000 different cryptoassets, including bitcoin and ether, which account for 60% of the market, without being fully aware of the risks, the regulators said.
(Reuters)
Microsoft datacenter to heat homes in Finland
Microsoft and Finland’s largest energy company have partnered to build a new datacenter near Helsinki that will heat homes as it cools servers. Microsoft and Fortum made the announcement yesterday after several years of development, with the final location chosen specifically for the purpose of moving waste datacenter heat via existing water pipes to homes and businesses in the surrounding cities of Espoo and Kauniainen, as well as the municipality of Kirkkonummi. The technique used is called called district heating, which involves hot water or steam pumped from a central source through insulated pipes that feed radiators. Though common in much of Europe, in the US this technique is mostly used institutionally, in places like college campuses or government complexes.