Daily Cyber Brief
A Ukrainian cybersecurity officer was killed in a Russian missile strike, another Australian telecom company announces it was breached, and Caffeine emerges as a new PhaaS toolkit...
Cybersecurity
Rosfinmonitoring, Russia's Federal Financial Monitoring Service, has added Meta, the owner of Facebook, Instagram, and WhatsApp, to its list of terrorists and extremists. Meta was officially designated as a terrorist organization for the first time in Russia in March 2022…
The White House National Security Council will announce plans Tuesday for a consumer products cybersecurity labeling program intended to improve digital safeguards on internet-connected devices, a senior White House official told CyberScoop. About 50 representatives…
Mullvad VPN has discovered that Android leaks traffic every time the device connects to a WiFi network, even if the "Block connections without VPN," or "Always-on VPN," features is enabled. The data being leaked outside VPN tunnels includes source IP addresses, DNS…
A 41-year-old Ukrainian cybersecurity officer was among more than 20 killed by Russian missile barrages Monday, according to Ukraine’s Cyber Police Department. Yuriy Zaskoka headed the critical infrastructure protection department of the Kyiv National Police…
Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a…
First it was Optus, followed by Telstra. Now, a third Australian telecom company has disclosed it was breached — this time it's Dialog, an information technology services provider with a sizable market share of Aussie customers in both the public and private sectors…
Researchers have demonstrated that threat actors could obtain global private keys that protect some of Siemens’ industrial devices, and the vendor says it cannot rule out malicious exploitation in the future. Details were disclosed on Tuesday by industrial cybersecurity…
The operators behind the BazaCall call back phishing method have continued to evolve with updated social engineering tactics to deploy malware on targeted networks. The scheme eventually acts as an entry point to conduct financial fraud or the delivery of next-stage…
VMware informed customers today that vCenter Server 8.0 (the latest version) is still waiting for a patch to address a high-severity privilege escalation vulnerability disclosed in November 2021. This security flaw (CVE-2021-22048) was found by CrowdStrike's Yaron Zinar and…
A notorious pro-Russian hacking group drew headlines on Monday after launching distributed denial-of-service (DDoS) attacks on the websites of airports in at least 24 different states and threatening more operations against U.S. entities. Researchers at cybersecurity firm Radware…