BleepingComputer reports that fraudulent United States Postal Service websites used in phishing campaigns recorded similar traffic as the legitimate domain on regular days, while surpassing the traffic of the postal service's real domain during the holiday season.
Belarus had its primary KGB security agency's network claimed to have been compromised by the Belarusian Cyber-Partisans hacktivist operation, resulting in the theft of data belonging to more than 8,600 KGB employees, The Associated Press reports.
Ukraine had its systems subjected to attacks involving the exploitation of an almost seven-year-old Microsoft Office remote code execution vulnerability, tracked as CVE-2017-8570, to facilitate Cobalt Strike deployment late last year, reports The Hacker News.
Attacks by Russian threat operation APT28, also known as Fancy Bear, Strontium, and Forest Blizzard, using the GooseEgg malware to exploit the Windows print spooler flaw, tracked as CVE-2022-38028, have prompted the security issue's inclusion to the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, Security Affairs reports.
Cybersecurity and Infrastructure Security Agency Director Jen Easterly said that the agency's automated vulnerability warning program will be ready for full deployment by the end of the year, according to CyberScoop.
Casey recently was involved in an event that brought hackers and 5G technology together, tune-in to learn about the results and how we can use bug bounty programs to improve the security of "things".
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!