Code-Sabotage Incident in Protest of Ukraine War Exposed Open Source Risks
The maintainer of a widely used npm module served up an unwelcome surprise for developers.
Coverage of cybersecurity incidents, policy, public services, privacy, advisories, and regional developments connected to Ukraine.
Search across headline titles and summaries.
Background for this topic.
Ukraine covers cybersecurity and information-security developments connected to Ukraine, including incidents, policy, privacy, advisories, research, and news affecting organizations, public services, and digital systems in the area.
For practitioners, the tag provides geographic context for developments involving Ukraine's organizations, services, partners, and users. Individual articles provide the specific technologies, threats, sectors, and operational implications relevant to each development.
The maintainer of a widely used npm module served up an unwelcome surprise for developers.
The Russian invasion of Ukraine has coincided with the jamming of airplane navigation systems and hacks on the SATCOM networks that empower critical infrastructure.
The Russian-speaking APT behind the NotPetya attacks and the Ukrainian power grid takedown could be setting up for additional sinister attacks, researchers said.
The 'Z' symbol was displayed on multiple Ukrainian news sites, allegedly perpetrated by Russian hackers
Google's Threat Analysis Group (TAG) says the Chinese People's Liberation Army (PLA) and other Chinese intelligence agencies are trying to get more info on the ongoing Russian war in Ukraine. [...]
Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in Ukraine. The group also is tracking several code packages that were recently modified to erase files on computers that appear to be coming from Russian or Belarusian Internet addresses.
Russia's ambassador to Estonia today compared Ukraine's participation in NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) intel-sharing cyberdefense hub to an attempt at blackmail. [...]
Cyber-criminals impersonate aid organizations to steal crypto intended for Ukraine
The European Union Aviation Safety Agency (EASA), EU's air transport safety and environmental protection regulator, warned today of intermittent outages affecting Global Navigation Satellite Systems (GNSS) linked to the Russian invasion of Ukraine. [...]
Meta acts fast to remove fake clip of Ukrainian President
This week, the developer of the popular npm package 'node-ipc' released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. The 'node-ipc' package, which gets downloaded over a million times weekly, began deleting files on developer's machines, in addition to creating new text files with "peace" messages. [...]
Facebook has removed a deepfake video of Ukrainian President Volodymyr Zelenskyy spreading across the social network and the Internet, asking Ukrainian troops lay down their arms and surrender. [...]
Bipartisan cybersecurity legislation comes amid increased worries over ransomware, and fears of cyberattacks from Russia in the wake of its invasion of Ukraine.
As the invasion of Ukraine continues, Russian citizens have turned to virtual private networks — boosting demand for the software by 27x — to circumvent the government's blocks on social media and news sites critical of the war.
In what's yet another act of sabotage, the developer behind the popular "node-ipc" NPM package shipped a new version to protest Russia's invasion of Ukraine, raising concerns about security in the open-source and the software supply chain
CaddyWiper is one in a barrage of data-wiping cyber-attacks to hit the country since January as the war on the ground with Russia marches on.
The Security Service of Ukraine (SBU) said it has detained a "hacker" who offered technical assistance to the invading Russian troops by providing mobile communication services inside the Ukrainian territory
Government agencies impersonated, fake antivirus, another wiper, backdoors As Ukraine fights for survival against invading Russian forces, here's a taste of some of the malware the nation's Computer Emergency Response Team (CERT) is battling.…
Today, Chris Evans, the CISO of bug bounty platform HackerOne, apologized to Ukrainian hackers after erroneously blocking their bug bounty payouts following sanctions imposed on Russia and Belarus after Ukraine's invasion. [...]
Virtual iron curtains are a lot harder to keep free of holes Research by Top10VPN, which regularly publishes data on virtual private newtork (VPN) usage around the world, has highlighted unprecedented demand in Russia and Ukraine.…