TLDR:
- CISA and the Open Source Security Foundation have released a framework for securing software repositories.
- Romania’s healthcare system was hit by a ransomware attack, causing 21 hospitals to go offline.
- An Ivanti zero-day vulnerability is being exploited by attackers to install a backdoor.
- Russia is reportedly using SpaceX’s Starlink satellite internet in active combat areas.
- The US Department of State is offering up to $10 million for information on the leaders of the Hive ransomware group.
- Researchers have discovered a flaw in the ransomware encryption used by the Rhysida threat group.
- Microsoft plans to introduce the Unix command sudo to Windows 11.
The Cybersecurity and Infrastructure Security Agency (CISA) and the Open Source Security Foundation have partnered to release a framework aimed at strengthening the security of software repositories. The framework, called Principles for Package Repository Security, outlines four security maturity levels that package repositories should aim to achieve. The Romanian Ministry of Health has disclosed a ransomware attack that took its healthcare management system offline. The attack affected 21 hospitals and resulted in the encryption of many databases. Meanwhile, an active exploitation of a zero-day vulnerability has been observed in Ivanti Connect Secure, Policy Secure, and ZTA gateways. Attackers have used the vulnerability to deploy a backdoor called DSLog, allowing them to execute commands with root access. Russia has reportedly been using SpaceX’s Starlink satellite internet in active combat areas, according to intercepted radio communications obtained by Ukraine’s GUR military intelligence unit. However, SpaceX CEO Elon Musk denied selling Starlink terminals directly to Russia. The US Department of State has updated its Transnational Organized Crime Rewards Program to offer up to $10 million for information on the leaders of the Hive ransomware group. Lower-level members of the group are also being targeted, with rewards of up to $5 million being offered for information leading to their arrest. Researchers have discovered a flaw in the encryption scheme used by the Rhysida ransomware group, which allows them to create a valid key to unencrypt data. This has led to the release of an automated decryption tool for Windows. Finally, Microsoft has confirmed that the popular Unix elevated privilege command sudo will be introduced to Windows 11. The feature will be available in an early preview, and Microsoft plans to open source its work on sudo on GitHub.