Japanese sports equipment and sportswear maker Mizuno reportedly fell victim to a ransomware attack earlier this month that disrupted company’s operations. Although the attack took place on February 4, the incident came to light only this week, after a tech news site BleepingComputer revealed the intrusion, citing people familiar with the matter.

The attack reportedly impacted Mizuno’s corporate network in the US causing a widespread disruption of IT services, including phone outages, shipping delays, and problems with the company’s website.

At present, it’s not clear what ransomware group was responsible for the attack, or how long it will take for the company to fully recover from the incident. Mizuno has not yet released an official statement regarding the hack.

Google, Adobe release emergency updates to address zero-day bugs

Adobe released security updates for the Adobe Commerce and Magento Open Source platforms to fix an RCE vulnerability, which has already been exploited by hackers.

Tracked as CVE-2022-24086, the flaw in question affects Adobe Commerce and Magento Open Source versions 2.3.3-p1-2.3.7-p2 and 2.4.0-2.4.3-p1. Adobe did not provide any additional details on the vulnerability, but said it has been exploited in very limited attacks targeting Adobe Commerce users.

Google rolled out a security update for its Chrome browser to address a slew of vulnerabilities, including a zero-day flaw exploited by threat actors in attacks.

The zero-day vulnerability (CVE-2022-0609) is described as “Use after free in Animation.” In accordance with its policy, Google refrained from publishing additional info on the bug until a majority of users are updated with the fix.

DDoS attack hits Ukraine’s defense ministry website, major banks

The Ministry of Defense and the Armed Forces of Ukraine and two of the country's major state-owned banks, Privatbank and Oschadbank were targeted in what appears to be a large-scale distributed denial of service (DDoS) attack. According to officials, it was “the largest [cyberattack] in the history of Ukraine.”

The attack disrupted web services of Privatbank and Oschadbank. Although banks’ websites were working as intended, many customers reported that they couldn’t log in into their online banking accounts. Some customers said that they could not access their Privat24 internet banking accounts, while others reported about issues with balance and recent transactions.

In a statement Ukraine's Centre for Strategic Communications and Information Security said that, according to Privatbank, “there is no threat to depositors’ funds.”

As for the perpetrators behind the attack, Ukraine’s Minister of Digital Transformation Mykhailo Fedorov said that it is too early to tell who was responsible for the attack

The US says Russian hackers compromised defense contractors, stole sensitive data

For the last two years Russian state-sponsored threat actors have been targeting security-cleared US defense contractors (CDCs) seeking to obtain sensitive information about the US defense and intelligence capabilities, according to the US security agencies.

Victims include contractors supporting the US Army, Space Force, Air Force, Navy, the Department of Defence and intelligence programs.

The cyber-espionage campaign has been active since at least January 2020, through February 2022. During this two-year period the threat actors compromised numerous CDC networks, in some cases maintaining access to victim networks for at least six months, regularly exfiltrating documents, emails, and data.

To gain initial access to CDC networks threat actors used a variety of techniques, including brute-force, credential harvesting, and the exploitation of known vulnerabilities. According to CISA, hackers were able to obtain unclassified CDC-proprietary and export-controlled info that gives insight into US weapons platform development, plans for communications infrastructure, and technologies used by the government and military.

Red Cross believes the January hack was orchestrated by a nation-state actor

The International Committee of the Red Cross (ICRC) has concluded that the January cyberattack on its servers hosting personal data of over 515,000 people worldwide, was the work of a nation-state threat actor. The attribution was made based on the sophisticated and targeted nature of the intrusion.

The organization said that the attackers leveraged advanced hacking tools mainly used by advanced persistent threat groups (APTs), and sophisticated obfuscation techniques to hide malicious activities. The breach, according to the ICRC, took place on November 9, 2021.

To sneak into the network, the malicious actors took advantage of an unpatched critical vulnerability (CVE-2021-40539) in Zoho ManageEngine ADSelfService Plus enterprise password management solution. Posing as legitimate users or administrators the threat actors were able to gain access to protected data.

What’s next:

Follow ImmuniWeb on Twitter and LinkedIn
Subscribe to newsletter to get the next post automatically
Explore 18 use cases how ImmuniWeb can help
See the benefits of our partner program
Request a demo, quote or special price
Subscribe to our newsletter

Application Security Weekly

Application Security Weekly is a weekly review of the most important news and events in cybersecurity, privacy and compliance. We cover innovative cyber defense technologies, new hacking techniques, data breaches and evolving cyber law.

Recent Blog Posts:

Hackers Disrupt Port Operations in Europe

$400 Million in Crypto Currency Stolen This Week in Two Major Hacks

Canada's Global Affairs Department Targeted in a Cyberattack