Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Russian Firm. Show all posts

Here’s Why UltraAV Replaced Kaspersky Antivirus Software

 

Late last week, cybersecurity firm Kaspersky began deleting its anti-malware software from PCs in the United States. As a replacement, the company downloaded antivirus software from UltraAV. 

If you use Kaspersky antivirus software, you may be aware that the Russian firm was added to the US government's Entity List early this year, resulting in a restriction on sales and upgrades in the US. As a result, the company informed BleepingComputer in July that it was closing its U.S. operations and laying off its American staff.

Although these developments are not a secret, it cannot be said that everyone was aware of them. Thus, many were taken aback by Kaspersky's abrupt and poorly justified decision to delete its software automatically. 

Customers were notified via email at the beginning of September that the company had partnered with UltraAV to offer security for them even after Kaspersky left the US. However, it was not made apparent in the emails that their computers would be automatically updated to include this ongoing security. The shift was even more of a surprise to those who, for whatever reason, missed the email.

Users on Reddit and other forums have expressed uncertainty about the situation, as well as distrust in the new UltraAV software. One poster was concerned that their desktop had been compromised when they woke to find their Kaspersky antivirus software gone and UltraAV in its place. 

This distrust is unsurprising given that nothing is known about the corporation other than its affiliation with other VPN companies such as UltraVPN, Hotspot Shield, and Betternet. According to online user reviews, many individuals are removing UltraAV because of this — and because it appeared on the devices in such a disruptive way. 

Following its withdrawal from the market, Kaspersky released an official statement in which it stated that it had taken this measure to ensure that its clients “would not experience a gap in protection.” The statement continued by stating that UltraAV's comparable features and product offerings to Kaspersky's led the organisation to select it. Users of Kaspersky's VPN service, for example, also had UltraVPN installed on their devices.

For many users, the explanation comes too late and is unlikely to stop them from replacing UltraAV with a more well-known antivirus software product.

North Korean Hackers Infiltrate Russian Missile Engineering Firm

 


A sanctioned Russian missile engineering business was successfully penetrated by North Korean hackers, it has been revealed in an astonishing development, prompting worries about the possible repercussions of this security breach. The event shows how North Korea's cyberwarfare capabilities are becoming more sophisticated and how willing it is to target prominent defense organizations outside of its borders.

The compromised business, a significant actor in the Russian defense sector, is focused on the creation of cutting-edge missile technologies. The intrusion, which was initially revealed by cybersecurity company SentinelOne, has alarmed the international security community and shed light on the changing landscape of cyber threats and geopolitical conflicts.

Researchers in cybersecurity have reported that the North Korean hacker squad thought to be responsible for the intrusion is renowned for its skill and ties to the Pyongyang regime. The gang uses a combination of spear-phishing emails and carefully designed malware to infect its targets. Once within the organization's network, the hackers were able to obtain confidential technical information and research about missile systems without authorization.

Concerns over possible cooperation between North Korean hackers and state-approved organizations have been raised in the wake of the incident. According to experts, the stolen missile technology may end up in North Korea's own military research and development efforts or possibly be sold to nations with hostile intents. The North Korean regime may be able to advance its missile capabilities with the help of the stolen data, seriously endangering regional stability.

"The breach of a sanctioned Russian missile engineering company by North Korean hackers underscores the serious nature of cyber threats in today's interconnected world. It serves as a wake-up call for governments and organizations to bolster their cybersecurity measures," warns cybersecurity analyst Jane Thompson.

The compromised Russian company has not disclosed the full extent of the breach, raising concerns about the potential scope of the stolen data. As investigations are ongoing, cybersecurity teams are working tirelessly to assess the damage, contain the breach, and strengthen the company's cyber defenses.

This incident emphasizes the essential necessity for governments and commercial businesses to work together on upgrading their cybersecurity strategy. It is crucial that nations give priority to the security of vital defense infrastructure and sensitive technical developments as cyber threats continue to grow in complexity and scope.

Russian Organizations Targeted By Outdated Threat Actors

 

Currently, European and American organizations top the list in ransomware from Russian state sponsored hackers, however, organizations from these countries are not ready for managing file encryption and double extortion problems on their own. Threat actors troubling CIS and Russian based companies are generally LockBit, REvil, DarkSide and many more criminal groups that target high profile victims with critical infrastructure cyberattacks. According to Kaspersky's report on first half of 2021, the Commonwealth of Independent States (CIS) was also targeted by threat actors which attack Russian organizations monthly, meanwhile no such attacks are reported. 

These groups, under unnoticed subcategory of ransomware actors are generally less sophisticated, and mostly use leaked malware or outdated strains, and build their own hacking access instead of buying access to the victims. Some of these famous ransomware families that were used earlier this year against the Russian targets are as followed: XMRLocker, Thanos/Hakbit, Limbozar/VoidCrypt, Fonix/XINOF, CryptConsole, Cryakl/CryLock, Phobos/Eking, Crysis/Dharma, /BigBobRoss. The most effective older strains include Phobos and Dharma. 

Phobos first surfaced in 2017 and reached its final stage in 2020. The threat actors had unauthorised RDP access as the main entry point. It consists of a C++/C malware having similar contextual technicalities to Dharma strain, but has no relation. Dharma came out in the open in 2016 by the name of Crysis, even though outdated, it has one of the most effective encryption schemes. Like Phobos, Dharma has similar unauthorised RDP access following brute-force of credentials and manual planting of malware. 

As per Kaspersky, such attacks come and go, however, they can't be left unnoticed. Kaspersky says these strains are still under development, with threat actors constantly making their strains effective, therefore, they are not without firepower. "Russian companies can prevent many of these threats by simply blocking RDP access, using strong passwords for domain accounts that are changed regularly, and accessing corporate networks through VPN," reports Bleeping Computers.

Serious Flaws Identified in CODESYS Industrial Automation Software

 

Cybersecurity researchers at Russian cybersecurity firm Positive Technologies discovered as many as ten critical flaws impacting CODESYS automation computer software that could be exploited to remote code execution on programmable logic controllers (PLCs). 

The Russian cybersecurity firm initially discovered the vulnerabilities in a programmable logic controller (PLC) available by WAGO, but further investigation revealed that the issues were actually introduced by CODESYS software that is used by more than a dozen automation technology firms including Beckhoff, Kontron, Moeller, Festo, Mitsubishi, HollySys and several Russian companies.

CODESYS offers a better environment for programming controller programs used in industrial control systems. The German software organization credited Vyacheslav Moskvin, Denis Goryushev, Anton Dorfman, Ivan Kurnakov, and Sergey Fedonin of Good Technologies and Yossi Reuven of SCADAfence for identifying the vulnerabilities.

“To exploit the vulnerabilities, an attacker does not need to have a username or password obtaining network obtain to the industrial controller is ample. The main result of the vulnerabilities is insufficient verification of enter information, which may well itself be triggered by failure to comply with the protected improvement tips,” scientists from Positive Technologies stated.

Six of the most critical flaws were discovered in the CODESYS V2.3 web server component used by CODESYS WebVisu to visualize a human-device interface (HMI) in a web browser. The flaws could perhaps be leveraged by an adversary to send specifically-designed web server requests to trigger a denial-of-support condition, publish or study arbitrary code to and from a manage runtime system’s memory. 

All the 6 flaws have been rated critical on the CVSS scale — 
• CVE-2021-30189 – Stack-dependent Buffer Overflow 

• CVE-2021-30190 – Improper Accessibility Handle 

• CVE-2021-30191 – Buffer Copy without Checking Sizing of Input 

• CVE-2021-30192 – Improperly Executed Security Examine 

• CVE-2021-30193 – Out-of-bounds Publish 

• CVE-2021-30194 – Out-of-bounds Examine 

“Their exploitation can guide to distant command execution on PLC, which could disrupt technological procedures and result in industrial incidents and financial losses. The most infamous illustration of exploiting very similar vulnerabilities is by applying Stuxnet,” explained Vladimir Nazarov, Head of ICS Security at Beneficial Technologies. 

CODESYS has published an advisory for its CODESYS V2 web server, Runtime Toolkit, and PLCWinNT products to address the vulnerabilities. The company has published separate advisories for the critical, high, and medium-severity issues while recommending users to install the updates. 

Last month, the Treasury Department of the U.S. government sanctioned Positive Technologies for allegedly supporting Kremlin intelligence agencies. However, the company said it will continue to responsibly disclose the flaws discovered by its employees in the products of major U.S. firms.