The findings were published today in a paper titled “AIR-FI: Generating Covert Wi-Fi Signals from Air-Gapped Computers” by Dr. Mordechai Guri, the head of R&D at BGU’s Cyber-Security Research Center.
The Russia-linked UNC2452 threat actor group has been observed leveraging a supply chain compromise to serve backdoored updates for the SolarWinds Orion Platform software.
The adversaries leverage administrative privileges obtained during the on-premise compromise to access the victim’s global administrator account and/or trusted SAML token-signing certificate.
The DHS, the State Department, and the NIH joined the list of known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive, experts say.
SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems.
The attacker’s post-compromise activity leverages multiple techniques to evade detection and obscure their activity, but these efforts also offer some opportunities for detection.
Unit 42 researchers have been tracking the threat group AridViper, which has been targeting the Middle Eastern region, and identified a new information stealer with relations to the MICROPSIA malware.
Google has announced the launch of a knowledge base called XS-Leaks to help web browser developers and security engineers prepare defense mechanisms against rising side-channel threats.
Manufacturers are increasingly being targeted not just by traditional malicious actors such as unorganized cybercriminals, but by competing companies and nations engaged in corporate espionage.
Security researchers have uncovered a critical flaw in Microsoft Teams that could allow an attacker to access confidential conversations and files from the communications service.