August 14, 2024 at 02:52PM Russia’s FSB cyberspies and a new group conducted a phishing campaign targeting US and European entities, including opposition figures, media outlets, and defense-industrial targets. Named “River of Phish,” the campaign aimed to steal user credentials and influence Western elections. The attackers impersonated colleagues and used encrypted PDFs to trick victims … Read more
April 22, 2024 at 09:21PM Russian spies have leveraged a Windows print spooler vulnerability to deploy GooseEgg, a custom tool, for stealing credentials and elevating privileges in compromised networks. Microsoft’s threat intelligence team revealed exploitation involving the Forest Blizzard group, linked to Russian intelligence. Microsoft patched the vulnerability in October 2022 and provided recommendations for … Read more
January 29, 2024 at 03:55PM SolarWinds, victim of Russian cyber-attack, accuses SEC of unfair treatment. The company argues the watchdog’s charges are baseless and seek to impose unreasonable cybersecurity disclosure requirements. SolarWinds maintains it made proper and accurate disclosures before and after the attack. The SEC alleges that SolarWinds misled investors about its security practices, … Read more
October 24, 2023 at 12:52PM A former NSA tech has pleaded guilty to violating the Espionage Act by providing classified information to individuals he believed were Russian spies. Jareh Sebastian Dalke faces a maximum sentence of life in prison, but the government has agreed to seek a sentence of no more than 22 years if … Read more