Cybersecurity Week: NATO Creates Cyber ​​Rapid Response

Welcome to Cybersecurity Week, bringing you the latest headlines from the world and our ReversingLabs team on the most pressing cybersecurity topics. This week: international relations intersects with cybersecurity, find out how to take advantage of YARA rules, as well as new developments on AstraLocker 2.0.

DevOps Connect: DevSecOps @ RSAC 2022

Featured story of the week

As tensions rise, NATO creates a rapid cyber response

The war in Ukraine is well past the 100-day mark, and like most other aspects of the conflict, the frontline of the cyber conflict between the countries has shifted over time. As with its Kinetic activities, Russia began its invasion with a campaign of “shock and awe” cyberattacks. This included the Viasat hack, an American satellite communications company used by the Ukrainian military. This also included the release of a series of custom “windshield wiper” malware, similar to the notorious NotPetya windshield wiper that devastated Ukraine’s public and private sectors in 2017. (See our march article on Hermeticwiper and Isaacwiper, two new wiper variants seen in the Ukrainian conflict.)

These initial forays were mixed for Russia, which was very hesitant at the start of the war. Since then, however, the cyber component of the conflict has turned into give and take attacks between Russia, Ukraine and even Ukraine’s allies on both sides of the Atlantic. A Microsoft report documented Russian cyberattacks against 128 organizations in 42 countries outside of Ukraine in recent months, along with the United States, Poland, the Baltics, Denmark, Norway, Finland, Sweden and Turkey on Moscow sites. In the meantime, hacking groups sympathizing with Ukraine launched attacks which delayed the St. Petersburg International Economic Forum, which some call the Russian DAVOS. More recently, the Russian company ROSCOSMOS has been hacked after releasing satellite images of NATO bases.

With cyber rapidly emerging as an area of ​​conflict in its own right, NATO is working to strengthen its role in countering Russian attacks on its members. As Politico reported, NATO members meet in Madrid agreed to create a “rapid response virtual cyber capabilityto counter Russian cyberattacks in Ukraine, It comes amid fears that Moscow could target the United States and other NATO nations in retaliation for aiding Ukraine. Under this new plan, NATO will act as a coordinating platform to propose national means to build and exercise a virtual cyber rapid reaction capability in the event of a serious cyber attack. The United States will offer robust national capabilities as part of this support network, according to a statement on the summit published by the White House.

[ Get key takeaways from a survey of 300+ professionals on software security. Plus: Download the related report: Flying Blind: Firms Struggle to Detect Software Supply Chain Attacks ]

The stories we’re paying attention to this week

Cybersecurity researchers launch new YARAify malware hunting tool (Infosecurity Group)

A group of security researchers from and ThreatFox launched a new hub for scanning and finding files. Dubbed YARAify, the defensive tool is designed to scan suspicious files against an extensive repository of YARA rules.YARAify ( can analyze files using public YARA rules and integrate public and non-public YARA rules from Malpedia, which is maintained by the Fraunhofer Institute in Germany.

Over 900,000 Kubernetes instances found exposed online (Computer Beep)

More than 900,000 misconfigured Kubernetes clusters have been found exposed across the internet to potentially malicious scans, with some even vulnerable to cyberattacks exposing the data.

The latest version of OpenSSL is affected by a remote memory corruption flaw (Security Affairs)

Security expert Guido Vranken discovered remote memory corruption vulnerability in recently released OpenSSL version 3.0.4. The library was released on June 21, 2022 and affects x64 systems with the AVX-512 set of instructions.

AMD targeted by RansomHouse, claims to have stolen 450 GB of data (The register)

If the claims are true, AMD has been targeted by extortion group RansomHouse, which says it’s sitting on a trove of data stolen from the processor’s designer following an alleged security breach earlier this year.

LockBit 3.0 introduces important new features, including a bug bounty program (Security Affairs)

The Lockbit ransomware operation has released LockBit 3.0, which contains significant new features such as a bug bounty program, Zcash payment and new extortion tactics. The gang has been active for at least 2019 and is now one of the most active ransomware gangs.

In case you missed it

Here are the articles published this week on the ReversingLabs blog and

Smash-and-grab: AstraLocker 2.0 pushes ransomware straight from Office documents

ReversingLabs recently discovered instances of the AstraLocker 2.0 malware distributed directly from Microsoft Word files used in phishing attacks.

SBOM Facts: Know What’s in Your Software to Repel Supply Chain Attacks

Not knowing what’s in your food can have consequences. The same is true for software. That’s why you need a software bill of materials (SBOM) to minimize software security risks.

Difficult co-pilot takeoff: GitHub “steals the code”

Should you use GitHub Copilot? “No,” say open source fans. “Hell no,” the lawyers say. “Yeah,” says the kind of developers who copypasta Stack Exchange without a second thought.

*** This is a syndicated blog from the Security Bloggers Network of ReversingLabs Blog written by Paul Roberts. Read the original post at:

Source link