Lmst

Sapienza University of Rome has confirmed a cyberattack impacting central servers, leading to precautionary isolation of public and internal systems.

With no confirmed data exfiltration so far, the response prioritizes containment and forensic analysis, supported by Italy’s National Cybersecurity Agency. The incident underscores long-standing challenges around legacy systems, service continuity, and response coordination in higher education environments.

How can universities strengthen preparedness without compromising accessibility?

Source: https://x.com/H4ckmanac/status/2018325899670696421?s=20

Follow TechNadu for security-focused incident coverage.

#IncidentResponse #HigherEdSecurity #CyberOperations #RiskManagement #TechNadu

Sapienza University of Rome reported a cyberattack on February 2, 2026, which forced the shutdown of its public website and multiple internal IT systems, disrupting core services for staff and students.

This multi-stage Windows attack chain highlights how modern campaigns increasingly avoid exploits in favor of social engineering, cloud-hosted payloads, OS trust assumptions, and layered persistence.

The abuse of Defender configuration, Security Center trust models, and legitimate services underscores the importance of behavioral monitoring over signature-based detection.

Early-stage visibility appears critical - once recovery and security controls are disabled, response options narrow quickly.

Source: https://www.fortinet.com/blog/threat-research/inside-a-multi-stage-windows-malware-campaign?lctg=330010614

Thoughts welcome. Follow @technadu for neutral, practitioner-focused cybersecurity reporting.

#ThreatHunting #EDR #WindowsDefense #MalwareResearch #CyberOperations #SecurityEngineering

Inside a Multi-Stage Windows Malware Campaign
A deep dive into a new Windows attack chain leveraging social engineering, Defender bypass, surveillance, and ransomware

Recent threat research outlines a spear-phishing campaign delivering a Rust-based RAT, targeting organizations across multiple Middle East sectors.

Notable observations:
• Continued effectiveness of macro-enabled documents
• Shift toward custom, modular implants
• Emphasis on low-noise persistence and C2

This activity reinforces the need for strong email controls, user awareness, and behavioral detection.

Share insights and follow @technadu for factual threat intelligence reporting.

#InfoSec #ThreatIntel #MalwareAnalysis #RustSecurity #PhishingDefense #CyberOperations

MuddyWater Launches RustyWater RAT via Spear-Phishing Across Middle East Sectors

Threat actors continue to operationalize current-events lures as part of malware delivery chains.

Recent research shows a backdoor deployed via attachments themed around breaking geopolitical news, using legitimate binaries and DLL sideloading techniques for persistence.

No attribution assumptions - just a reminder that contextual relevance remains one of the most effective social engineering tools.

What controls have you found most effective against news-driven phishing?

Engage with us in the comments and follow @technadu for practical threat intelligence coverage.

Source: https://www.darktrace.com/blog/maduro-arrest-used-as-a-lure-to-deliver-backdoor

#InfoSec #ThreatResearch #MalwareTTPs #PhishingDefense #CyberOperations #ThreatDetection #TechNadu

Ubisoft’s Rainbow Six Siege disruption underscores the security complexity of large live-service platforms.

User reports suggest unauthorized backend activity impacting bans, in-game currency, and marketplace functions. Ubisoft has paused services and initiated rollbacks while investigating.

For InfoSec teams, this incident highlights the importance of access governance, monitoring of privileged systems, and clear incident communication - especially where digital economies are involved.

Thoughts from practitioners are welcome.
Follow @technadu for neutral, practitioner-focused cybersecurity coverage.

Source: https://cyberinsider.com/rainbox-six-siege-disrupted-by-breach-forcing-marketplace-shut-down/

#InfoSec #IncidentResponse #GameSecurity #PlatformRisk #AccessControl #CyberOperations

CISA’s Pre-Ransomware Notification Initiative remains operational, but its long-term structure is under discussion following leadership changes.

The program has demonstrated how early intelligence sharing - before encryption or extortion - can materially reduce ransomware impact across critical sectors.

This development raises broader InfoSec questions around operational resilience, continuity of trust relationships, and how early-warning models can be scaled beyond key individuals.

Thoughts from practitioners and researchers are welcome.

Follow @technadu for neutral, practitioner-focused cybersecurity coverage.

Source : https://www.cybersecuritydive.com/news/cisa-ransomware-warning-program-key-employee-left/808589/

#InfoSec #RansomwareDefense #ThreatIntelligence #CISA #CyberOperations #SecurityStrategy #RiskReduction

CISA loses key employee behind early ransomware warnings

Danish authorities have publicly attributed cyber incidents affecting a water utility and election-related systems to groups assessed as state-aligned actors.

The activity has been described as part of broader hybrid operations observed across Europe, combining cyber techniques with influence and disruption efforts. Similar patterns have been reported by multiple national security agencies in recent years.

For practitioners, this reinforces the need for:
- Strong OT/ICS security controls
- Continuous monitoring of critical systems
- Clear incident response and communication strategies

What controls or frameworks have proven most effective in protecting critical infrastructure environments?

Source: https://www.bleepingcomputer.com/news/security/denmark-blames-russia-for-destructive-cyberattack-on-water-utility/

Engage in the discussion and follow TechNadu for practitioner-focused cybersecurity reporting.
#InfoSec #ICSsecurity #CriticalInfrastructure #ThreatIntelligence #CyberOperations #Resilience #TechNadu

UK authorities have acknowledged a cyber incident involving a Foreign Office system, describing the risk to individuals as low and confirming that access was contained quickly.

The response underscores familiar challenges for public-sector security teams: early detection, rapid containment, careful attribution, and responsible communication while investigations continue.

From an InfoSec perspective, what stands out most - detection timing, risk assessment language, or disclosure strategy?

Source: https://therecord.media/uk-foreign-office-hacked-china

Share your insights and follow TechNadu for steady, practitioner-focused cyber coverage.

#InfoSec #GovernmentCyber #IncidentResponse #ThreatAssessment #CyberOperations #RiskCommunication #TechNadu

UK confirms Foreign Office hacked, says ‘low risk’ of impact to individuals

Law enforcement in Nigeria has confirmed arrests linked to the RaccoonO365 phishing-as-a-service operation, following coordinated investigations with Microsoft and international agencies.

The toolkit reportedly enabled credential harvesting via spoofed Microsoft 365 authentication portals, contributing to BEC, data exposure, and financial fraud across sectors. The case reinforces the operational maturity of PhaaS ecosystems and the importance of identity-centric defenses.

Key takeaways for defenders:
- Phishing infrastructure is increasingly modular and commercialized
- Credential theft remains a primary initial access vector
- Cross-sector collaboration can materially disrupt threat operations

What defensive gaps does this case highlight in enterprise email security?

Source: https://thehackernews.com/2025/12/nigeria-arrests-raccoono365-phishing.html

Share insights and follow @technadu

#InfoSec #ThreatResearch #PhishingDefense #IdentitySecurity #BEC #CyberOperations #TechNadu

Nigeria Arrests RaccoonO365 Phishing Developer Linked to Microsoft 365 Attacks

Sneak peek into our upcoming paper on:

Assessing Irresponsibility in Cyber Operations
A Guide for Operators and Decision-Makers in Times of Strategic Competition
[working title]

#cybersecurity #PRC #cyberoperations #security #defense #infosec

Tuesday, August 19, 2025

Russia occupied less than 1% of Ukraine’s territory since November 2022, monitoring group says — Russian media shows US armored vehicle with Russian, American flags storming Ukrainian positions — Russian gasoline prices hit record highs after drone strikes shut refineries — Muscle beaches, drag racing, and drones falling into the sea. Summer in Odesa hasn’t stopped — In Ukraine, democracy finds its fiercest defenders … and more

https://activitypub.writeworks.uk/2025/08/tuesday-august-19-2025/

A U.S.-made M113 armored personnel carrier with Russian and American flags attacks Ukrainian positions in Zaporizhzhia Oblast in footage published on Aug. 18, 2025

In meiner neuesten Podcastfolge analysiere ich, wie sich der Charakter und Nutzen von Cyberoperationen im Ukrainekrieg seit 2022 verändert haben. Der Übergang vom blitzkriegartigen Manöverkrieg zu einem ressourcenintensiven Zermürbungskrieg hat auch die Logik digitaler Angriffe maßgeblich beeinflusst.
Während zu Beginn des Krieges russische Cyberangriffe vor allem auf öffentlichkeitswirksame Disruption und psychologische Beeinflussung abzielten, liegt der Schwerpunkt inzwischen auf strategischer Unterstützung konventioneller Kriegsführung. Besonders hervorzuheben ist die gezielte Informationsbeschaffung durch Angriffe auf militärische Systeme, etwa zur Artilleriezielerfassung oder Schadensbewertung nach kinetischen Operationen.
Die Folge zeigt, dass Cyberoperationen zwar relevant sind, aber oft anders wirken als erwartet. Statt großflächiger Zerstörung dienen sie vor allem der Aufklärung und Subversion – eine unterstützende Rolle, die sich zunehmend in konventionelle Kriegsführung integriert. Erfahren Sie, warum Cyberangriffe im Ukrainekrieg bisher nicht entscheidend waren und welche Lehren für zukünftige Konflikte gezogen werden können. 🎧 Jetzt reinhören!

#ukraine #cyberwar #cyberoperations #russia

https://percepticon.de/2025/47-cyberkrieg-und-militaerische-cyber-operationen-in-der-ukraine-2022-2024/

https://therecord.media/ukraine-russia-cyber-offensive-bolster

"If there are peace talks and #Russia temporarily halts direct combat operations, where do you think the budget freed up from supporting Russian military actions will go?” said Natalia Tkachuk, head of cyber and information security at Ukraine’s National Security and Defense Council.

“I can guarantee that this budget will be redirected toward hybrid capabilities, particularly #cyberoperations and #informationwarfare. #Europe needs to be ready for this."

Letter to a #Senator / Mar 2nd:: Mr Tillis- Reinforcing mine and others feelings about the #WhiteHouse being compromised by #Russian influence, The #NYTimes reports “ #Hegseth Orders #Pentagon to Stop Offensive #Cyberoperations Against #Russia”. 1/3

@Nonilex

"#PeteHegseth Orders #Pentagon to Stop Offensive #Cyberoperations Against #Russia "

Executive summary: surrender

#PutinsPuppet #geopolitics #USpol

#PeteHegseth Orders #Pentagon to Stop Offensive #Cyberoperations Against #Russia

#Trump’s #defense secretary’s instructions, which were given BEFORE Trump’s blowup with #Ukraine’s President #Zelensky, are supposedly part of an effort to draw Russia into talks on the war.

Obvious BS.

#PutinsPuppet #geopolitics #USpol
https://www.nytimes.com/2025/03/02/us/politics/hegseth-cyber-russia-trump-putin.html?smid=nytcore-ios-share&referringSource=articleShare&sgrp=p&pvid=B63DEFC5-600B-478F-8263-CF83C54F55C6