Intrusions with spear-phishing emails and geofenced payloads have been deployed by suspected Indian state-sponsored advanced persistent threat operation Sidewinder to compromise various government entities in Bangladesh, Pakistan, and Sri Lanka with the StealerBot malware, reports The Hacker News.
Microsoft Defender could be disabled using the new "Defendnot" tool, which exploits an undocumented Windows Security Center API to register a bogus antivirus product that circumvents Windows' verification process, BleepingComputer reports.
BleepingComputer reports that attacks leveraging vulnerabilities impacting webmail servers have been deployed by Russian state-sponsored threat operation APT28 against government organizations, defense firms, military units, and critical infrastructure entities across several countries, including Ukraine, Bulgaria, and Ecuador, as part of the RoundPress cyberespionage campaign.
Indiana officials are urging residents to delete phishing emails impersonating state agencies and falsely claiming unpaid toll violations, StateScoop reports.
Major government software service provider Granicus was noted by Indiana and New Mexico's Doa Ana County to have had its GovDelivery email alert system exploited in phishing attacks, TechCrunch reports.