Meta recently patched a critical vulnerability that could have been exploited to take control of any Facebook account.  The security researcher who found the flaw noted that the vulnerability impacted Facebook’s password reset process, specifically an option where a six-digit unique authorization code is sent to a different device the user is logged into.  This code is provided to confirm the user’s identity and is used to complete the password reset process.

The Idaho National Laboratory has announced the award of two grants to Montana State University researchers to help them advance their efforts to make the country's critical infrastructure more secure against cyberattacks. Professors from the university's Department of Electrical and Computer Engineering and Gianforte School of Computing will conduct research on side-channel attacks, which are used by malicious actors to passively monitor the power consumption of computers. Attackers can use this information to figure out when a system is most vulnerable to attack.

UNC1549, an Iran-linked threat actor, has been attributed to new attacks targeting aerospace, aviation, and defense industries in the Middle East. According to Mandiant, the threat actor appears to overlap with Smoke Sandstorm (previously Bohrium) and Crimson Sandstorm (previously Curium). The attacks involve the use of Microsoft Azure cloud infrastructure for Command-and-Control (C2) and social engineering with job-related lures to deliver two backdoors called MINIBIKE and MINIBUS.

By krahal

U.S. Secretary of State Antony Blinken, as a well-read diplomat, is turning to Sun Tzu's famous military strategy: "The enemy of my enemy is my friend." Secretary Blinken, as of 16 February, is in fact approaching his Chinese and Indian counterparts to ward off a world-threatening cyber move by Russia's Vladimir Putin. This issue has apparently been brewing over the last few weeks.

By grigby1 

By aekwall 

According to Clayton Romans, US Cybersecurity and Infrastructure Security Agency (CISA) Associate Director of the Joint Cyber Defense Collaborative (JCDC), small and local organizations face a unique cybersecurity challenge. They have been hit with ransomware attacks and other cyberattacks, but they often have no way of getting the cybersecurity resources required to defend themselves.

According to Mandiant incident responders and threat hunters, suspected Chinese state-sponsored hackers who exploited Ivanti Connect Secure VPN flaws to breach a number of organizations have showed "a nuanced understanding of the appliance." They were able to make several changes to the device as well as install specialized malware and plugins to ensure persistence across system upgrades, patches, and factory resets.

The US government recently added Canadian network intelligence firm Sandvine to its Entity List, effectively banning organizations from trading with it.  The Waterloo, Ontario-based company provides network policy control products that support networking policies to enable congestion management, security, and censorship.  The US Department of Commerce announced that Sandvine was added to its trade restrictions list for providing the Egyptian government with the technology needed for mass surveillance and censorship.

A threat actor is conducting an investment scam using a Traffic Distribution System (TDS) that leverages the Domain Name System (DNS) to keep its malicious domains changing and resistant to takedowns. The "Savvy Seahorse" threat actor impersonates well-known brand names and uses Facebook ads in nine languages to trick victims into creating accounts on a fraudulent investing platform. Once victims add money to their accounts, the funds are transferred to what is believed to be an attacker-controlled account at a Russian state-owned bank.