CyberScoop
Shadowy hacking group targeting Israel shows outsized capabilities
A sophisticated campaign that has targeted Israel for at least 8 years shows evidence of improving its capabilities.
CyberScoop
Detailed data on employees of U.S. national security lab leak online
The hacking group SiegedSed released personal data on thousands of employees at the Idaho National Laboratory, the nuclear research lab.
CyberScoop
Microsoft upgrades security for signing key in wake of Chinese breach
Policymakers and researchers have sharply criticized Microsoft’s security practices after an illicitly obtained key enabled a wide-ranging espionage operation.
CyberScoop
Kaspersky reveals 'elegant' malware resembling NSA code
The Russian cybersecurity firm discovered sophisticated malware that combined cryptocurrency mining and espionage capabilities.
CyberScoop
Hamas-linked app offers window into cyber infrastructure, possible links to Iran
The administrators of a news site linked to Hamas have struggled to keep it online amid fighting with Israel.
CyberScoop
Unidentified attackers breach tens of thousands of Cisco devices
Attackers are actively exploiting vulnerable Cisco software to primarily target telecommunications companies, researchers say.
CyberScoop
Hackers are increasingly hiding within services such as Slack and Trello to deploy malware
A new analysis unpacks a wide array of malware abusing legitimate internet services and what defenders should do to stop it.
CyberScoop
Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack
The decision comes in the wake of a high-profile Chinese breach of U.S. officials' Microsoft email accounts.
CyberScoop
Hackers with links to Pro-Russian groups compromised foreign embassies in Belarus, researchers say
The work has been carried out by a newly identified group dubbed "MustachedBouncer," according to researchers with ESET.
CyberScoop
U.K. election admin agency breach exposed personal information of tens of millions voters
The voter registries were accessed over a period of more than a year, the agency said.
CyberScoop
Tenable CEO accuses Microsoft of negligence in addressing security flaw
Cybersecurity veteran Amit Yoran says Microsoft has a culture of toxic obfuscation when it comes to addressing security threats.
CyberScoop
Deputy National Security Advisor Anne Neuberger on addressing the security threats of AI
The deputy national security adviser for cyber and emerging technologies discusses how to mitigate AI's disinformation threat.
CyberScoop
Pro-Russian hacktivists increase focus on Western targets. The latest is OnlyFans.
Anonymous Sudan appears to be affiliated with Killnet, a pro-Russian hacktivist persona that emerged in late 2021 or early 2022.
CyberScoop
Cloudflare reports 'alarming surge' in DDoS sophistication, escalation in recent months
Attacks used to make websites and web services inaccessible are evolving and becoming more concerning, the company said Tuesday.
CyberScoop
Chinese hacking operation puts Microsoft in the crosshairs over security failures
Security deficiencies and business practices have researchers and officials furious at Microsoft for enabling an espionage operation.
Ars Technica
Casualties keep growing in this month’s mass exploitation of MOVEit 0-day
The dramatic fallout continues, with as many as 122 organizations now breached.
CyberScoop
Apple issues emergency patch to address alleged spyware vulnerability
The fix follows allegations from a Russian intelligence service that an intentional flaw in iPhones provided a gateway for American espionage.
CyberScoop
Two Energy Department entities breached as part of massive MOVEit compromise
The Cybersecurity and Infrastructure Security Agency said it's working with "several federal agencies" affected by a flaw in the file transfer software.
CyberScoop
US cyber officials offer technical details associated with CL0P ransomware attacks
CISA and the FBI offered details to help organizations protect themselves against the group that has claimed hundreds of victims.
CyberScoop
The 2024 race promises to be 'very, very active' in terms of foreign and domestic meddling, says former CISA chief
Chris Krebs said he expects to see Russia, China and Iran — and even domestic groups — attempt to influence and disrupt the presidential election.
Security Affairs
Hackers disclose Atlassian data after the theft of an employee’s credentials
Atlassian discloses a data leak that was caused by the theft of employee credentials which was used to steal data from a third-party vendor. A group of hackers called SiegedSec recently published on its Telegram channel a JSON file containing data belonging to thousands of Atlassian employees and floor plans for two of the company’s […]
Bleeping Computer
Atlassian says recent data leak stems from third-party vendor hack
Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure.
Bleeping Computer
Atlassian data leak caused by stolen employee credentials
Atlassian has confirmed that a breach at a third-party vendor caused a recent leak of company data and that their network and customer information is secure.
CyberScoop
GitHub disables pro-Russian hacktivist DDoS pages
NoName057 used the software development platform to carry out DDoS attacks on targets in a variety of NATO nations.
CyberScoop
Notorious Russian hacking group appears to resurface with fresh cyberattacks on Ukraine
The group's first known activity in Ukraine after Russia's invasion registered dormant domains in order to obscure their attacks.
CyberScoop
Global counter-ransomware task force to become active in January
The task force led by Australia is the latest step in a global effort that began in Washington to fight cyberattacks.
CyberScoop
FCC proposes record $300 million fine against auto warranty robocall campaign
The campaign reached more than half a billion U.S. phone numbers with more than 6 billion calls between January and March 2021.
Ars Technica
Kremlin-backed hackers targeted a “large” petroleum refinery in a NATO nation
As Russia's invasion of Ukraine grinds on, the country's hackers expand their targets.
CyberScoop
Russian hackers attempted to breach petroleum refining company in NATO country, researchers say
The Russian hacking group Trident Ursa is mostly known for phishing campaigns targeting organizations in NATO states.
CyberScoop
Meta takes down surveillance-for-hire firms, calls for government action against the industry
The surveillance-for-hire industry is growing quickly as new firms crop up around the globe to meet market demand.
CyberScoop
LockBit ransomware crew claims attack on California Department of Finance
The ransomware crew claims to have stolen nearly 76 gigabytes of files, and has given the agency until Christmas Eve to respond.
CyberScoop
Google reveals Spanish IT firm's links to spyware targeting Chrome, Firefox and Microsoft Defender
Google says it has deployed patches for zero-day vulnerabilities that a Spanish tech company may have used to develop spyware.
CyberScoop
White House expected to issue executive order reining in spyware
The prospect of an executive order limiting use of spyware within U.S. intelligence unleashes potentially even more debate in Washington.
CyberScoop
Biden set to approve expansive authorities for Pentagon to carry out cyber operations
The State Department fought hard to win back the cyber authorities that it lost under the Trump administration but did not prevail.
CyberScoop
Will #infosecTwitter survive Elon Musk?
Twitter is one of the key platforms for the information security community to share information. What happens if researchers flee?
CyberScoop
Iranian hackers use Log4Shell to mine crypto on federal computer system
Iranian hackers utilized a flaw in the ubiquitous open-source software library Log4j to breach a U.S. federal agency.
CyberScoop
'No guns, no guards, no gates.' NSA opens up to outsiders in fight for cybersecurity
The National Security Agency's Cybersecurity Collaboration Center is trying to improve threat-sharing with private sector partners.
CyberScoop
Andy Greenberg on how 'Tracers in the Dark' found the dark web's worst criminals
The Wired journalist's new book reveals how investigators deployed cryptocurrency tracing technology to solve some of the internet's biggest crimes.
CyberScoop
LockBit ransomware suspect arrested in Canada, faces charges in US
Authorities arrested the suspect wanted for his alleged role in one of the most prolific ransomware crews in the world.
CyberScoop
Four-year cybercrime campaign targeting African banks netted $30 million
Cybercriminals targeting banks in 15 countries used spearphishing and off-the-shelf tools in attacks targeting banks.
CyberScoop
Ransomware costs top $1 billion as White House inks new threat-sharing initiative
The Treasury Department released its finding as the White House wraps up an international summit on fighting the ransomware problem.
CyberScoop
Spy agency embraces meme culture and the internet is here for it
The NSA cybersecurity director's memes suggest the Pentagon may have finally figured out how to use internet culture to its advantage.
CyberScoop
From 'Generation Kill' to driving digital diplomacy: Nate Fick digs into role as first U.S. cyber ambassador
Fick says the State Department 'has a rightful place to assert leadership' when it comes to setting American cyber policy.
CyberScoop
Researchers uncover more than 167,000 stolen credit card numbers, primarily from the U.S.
Using two malware variants, unknown operators managed to compile stolen card data potentially worth more than $3 million, researchers said.
CyberScoop
Is a more collaborative approach the answer to fighting global disinformation?
The firm Graphika is pitching a software-based multistakeholder threat center to track, share and analyze disinformation at scale.
CyberScoop
Chinese-linked hackers targeted U.S. state legislature, researchers say
Researchers with Symantec said the group that it has tracked for years has recently targeted government networks in the U.S. and Middle East.
CyberSecurity Dive
White House to roll out Energy Star-like ratings for IoT
The labeling plan is part of a long-sought effort to boost security and transparency in commonly used technology products.
CyberScoop
Facebook warns 1 million users about apps trying to compromise accounts
Facebook identified 400 apps across the Google Play and Apple App store that posed as harmless lifestyle and business services to dupe users.
CyberScoop
'IT security issue' impacts multiple hospitals across several states
In a statement CommonSpirit Health says it has taken certain systems offline as a precaution.
CyberScoop
'Poisoned' Tor Browser tracks Chinese users' online history, location
Attackers modified the popular anonymity-enabling Tor browser to track users in China and record browsing history, researchers said.
CyberScoop
'Disgruntled insider' shared REvil information with researchers, helped law enforcement
REvil was among the most notorious ransomware crews until international attention and arrests hobbled the group.
CyberScoop
What's with the UFO on a U.S. intelligence agency seal?
The image of a UFO and Russian fighter jet on the seal led some to wonder if the intelligence agency had been hacked.
CyberScoop
Researchers unearth hacking group that's been active, yet undetected for years
The group has targeted telecoms, internet service providers and universities in the Middle East and Africa, researchers said.
CyberScoop
Senate reports details inefficiencies, confusion at key U.S. counterintelligence center
Sen. Mark Warner said "new threats and new technology mean that we have to make substantial adjustments to our counterintelligence posture."
CyberScoop
Cyberspace Solarium Commission members push to advance remaining recommendations
Solarium members hopie to advance ideas such as a National Cybersecurity Certification and Labeling Authority and a Bureau of Cyber Statistics.
CyberScoop
Commerce lacks intelligence resources to keep U.S. tech from fueling Chinese cyberthreat, experts warn
The Bureau of Industry and Security has come under fire for approving the vast majority of technology export licenses to China.
CyberScoop
Blame game follows Uber hack. Experts say don't fault employee.
The Uber hack may be a lesson in poor security design and points to problems with vulnerable multi-factor authentication.
CyberScoop
Anonymous hacker, who bragged about exploits on TikTok, says he was raided by Canadian police
Aubrey Cottle, known for his ties to the hacktivist collective Anonymous, took responsibility for multiple hacks on his TikTok channel.
CyberScoop
Senators slam social media companies for failure to keep disinformation from going viral
Tech executives say they are working hard to fight disinformation, but lawmakers and critics say they simply aren't doing enough.
CyberScoop
U.S. government takes sweeping action against Iranian hackers accused of ransomware spree
The action from multiple U.S. departments is against 10 Iranians and two Iranian companies related to a spree of breaches and cyberattacks.
CyberScoop
Albania says Iranian hackers hit the country with another cyberattack
The alleged Iranian cyberattack attack follows U.S. sanctions on Iran after Albania blamed it for hacking government systems.
The Record
Inglis: Hundreds of gov’t, business orgs consulted for national cyber strategy
More than 300 different organizations within the U.S. government and private sector have been consulted on the new national cybersecurity strategy, according to National Cyber Director Chris Inglis.
CyberScoop
Another European nation hit by hackers, Montenegro grapples with ongoing ransomware attack
The wave of digital assaults on Montenegro includes a ransomware attack that's crippled multiple government services.
CyberScoop
State Department debars ex-NSA cyber mercenaries who aided vast UAE surveillance operation
The former intelligence operatives worked in a hacking unit of the cybersecurity firm DarkMatter, which is known for developing spyware.
CyberScoop
Belarusian hacktivists try NFTs to support antigovernment campaign
Belarusian Cyber Partisans released NFTs based on stolen passports, but the marketplace OpenSea said the sale violated its terms of service.
CyberScoop
White House to give aviation executives classified cyberthreat briefing, latest in series of industry meetings
The meeting will follow an Aug. 4 briefing with railroad executives to discuss industry responses to critical infrastructure cybersecurity.
CyberScoop
Operational technology asset visibility fuels a capable cybersecurity program
New report offers insights into the vital role of asset visibility in protecting the entire operational technology environment.
CyberScoop
Researchers unveil details of sprawling pro-Western influence campaigns
The operations likely emanated from the U.S. and the United Kingdom, but conclusive attribution is not yet available.
CyberScoop
The Pentagon may require vendors certify their software is free of known flaws. Experts are split.
The debate is over whether the provision is unrealistic or if it's a game changing move to cut down on software vulnerabilities.
CyberScoop
Cyber Command's rotation 'problem' exacerbates talent shortage amid growing digital threat
Many former Cyber Command and NSA officials say the military's rotation system and approach to retirement robs the military of cyber talent.
CyberScoop
DEF CON Voting Village takes on election conspiracies, disinformation
In the era of the "Big Lie," the Voting Village has another — and possibly more challenging — mission to fight conspiracy theories.
CyberScoop
Ex-CISA chief Krebs advocates for standalone cyber agency. Experts say that's impractical.
Former cybersecurity officials said CISA would be less effective if it lost the clout that it gets from being housed inside DHS.
CyberScoop
State Department offers $10 million for details on Conti ransomware gang members
As of January 2022, there were more than 1,000 victims of attacks associated with Conti ransomware and payouts exceeding $150 million.
CyberScoop
Why robotexts are scammers' favorite new tool
Technology meant to limit robocalls has pushed scammers toward SMS-based attacks, which experts say can be even more dangerous.
CyberScoop
Collective of anti-disinformation 'Elves' offer a bulwark against Russian propaganda
A group known as the Elves formed after three Lithuanian friends decided to work together to take on Russian trolls.
CyberScoop
Treasury Department sanctions cryptocurrency 'mixer' Tornado Cash
Treasury accused the mixer of failing to stop laundering from malicious cyber actors including North Korea's Lazarus Group.
CyberScoop
Twilio, a texting platform popular with political campaigns, reports breach
The company says it became aware of the hack on Aug. 4 but it declined to say how many customers were affected by the incident.
CyberScoop
Twitter breach exposes anonymous accounts to nation state hackers
Twitter confirmed Friday that a bad actor used a vulnerability to match private information with potentially anonymous Twitter accounts.
CyberScoop
Giving water sanitation inspectors cybersecurity oversight is a mistake, say industry groups, experts
The water sector is seen as among the nation's most vulnerable critical infrastructure to cyberattack after attacks in Florida and California.
CyberScoop
DOJ now relies on paper for its most sensitive court documents, official says
A top DOJ official said potential vulnerabilities in the online case management system means that "going online is not always the best thing."
CyberScoop
Hackers deploy new ransomware tool in attacks on Albanian government websites
The hackers linked to the Iranian government claimed to have attacked Albania for hosting an opposition group conference.
The Record
U.S. Cyberspace Ambassador nominee lays out ambitious agenda
Nominee to be first U.S. “Ambassador at Large for Cyberspace and Digital Policy” Nathaniel Fick faced questions at Senate Committee hearing.
CyberScoop
Solana hack wipes more than 7,000 wallets, totaling nearly $5 million in losses
The apparent software-based attack stands out among other major cryptocurrency hacks that have totaled nearly $2 billion so far in 2022.
CyberScoop
Taiwanese government sites hit with DDoS attacks ahead of Pelosi's visit
One attack appears to have shut down the president of Taiwan's website Tuesday before Nancy Pelosi's historic visit.
CyberScoop
Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador
Supporters called Nate Fick a seasoned cybersecurity leader who is not afraid to take controversial positions.
CyberScoop
CISA, Ukrainian cyber agency deepen partnership to combat Russian threat
Ukrainian and American cyber officials met this week at the State Department, FBI and CISA to strengthen cybersecurity collaboration.
CyberScoop
DOJ national security division chief backs tech antitrust bill
The Justice Department said it believes the antitrust legislation will address the threat posed by the "rise of dominant platforms."
CyberScoop
Federal court system suffered previously undisclosed breach, congressional committee says
The breach is separate from the SolarWinds fallout and had not been previously publicly disclosed.
CyberScoop
On security researcher's newsletter, exposing cybercriminals behind ransomware
An anonymous researcher shares detailed information on people allegedly involved with some of the most prominent cybercrime groups.
The Record
CISA signs agreement with Ukraine to expand cybersecurity cooperation
The Cybersecurity and Infrastructure Security Agency (CISA) signed an agreement with its Ukrainian counterpart to strengthen collaboration on cybersecurity.
CyberScoop
DHS plans to overhaul disinformation efforts to 'increase trust with the public'
Disinformation scholars worry that a formal government apparatus to label and quash disinformation could be manipulated by partisan politics.
CyberScoop
Hackers leak huge cache of data from evangelical organization that supported Dobbs decision
The hack is meant to expose donors to evangelical Christian groups opposed to LGBTQ and abortion rights, a message read.
CyberScoop
Researchers uncover potential ransomware network with U.S. connections
Researchers at Censys found what appears to be a command and control network capable of launching attacks, including one host in Ohio.
CyberScoop
Cyber criminals attack Ukrainian radio network, broadcast fake message about Zelensky's health
The company that operates nine radio stations across Ukraine said the message did "not correspond to reality."
CyberScoop
FBI flew cyber officials from Ukraine to U.S. for training, Ukrainian official says
The trip shines a light on growing cooperation between Ukraine and the U.S. to confront the cyberthreat from Moscow.
CyberScoop
U.S. Cyber Command exposes malware targeting Ukrainian entities
The details are part of an effort to help defend critical infrastructure "and our democratic values and institutions," a spokesperson said.
CyberScoop
Iranian steel facilities suffer apparent cyberattacks
The group behind the attacks have previously claimed attacks on Iranian targets, experts said.
CyberScoop
Google reveals sophisticated Italian spyware campaign targeting victims in Italy, Kazakhstan
The campaign is just the latest example of the increasingly sophisticated world of private zero-day exploit development, researchers said.
CyberScoop
Research questions potentially dangerous implications of Ukraine's IT Army
Volunteer hacking efforts could unwittingly pull countries or private companies into a murky geopolitical mess, a researcher says.
CyberScoop
Tech companies are selling domains suggesting illegal sales of guns, malware
COVID-19-related domains remain a concern.
CyberScoop
Mixed results for Russia's aggressive Ukraine information war, experts say
Russia want to control the internet in occupied Ukraine to feed the population disinformation — and to prevent Ukrainians from sharing video of Russian troops with Ukrainian soldiers, one expert said.
CyberScoop
Belarusian hacktivist group releases purported Belarusian wiretapped audio of Russian embassy
The release seems designed to drive a wedge between Russia and its close ally Russia.
CyberScoop
FBI cybercrime seizure takes down one-time Ukraine IT Army collaborator
It's not clear whether the seizure has anything to do with the IT Army's activities.
CyberScoop
Implementing effective OT security posture
New guide details key components of operational technology (OT) cybersecurity program.
CyberScoop
Experts, NSA cyber director say ransomware could threaten campaigns in 2022
Hackers are also widening their net to candidates' families and friends, experts say.
CyberScoop
Previously unreported Lebanon-based hacking group targeting Israel, Microsoft says
The new group is suspected of collaborating with "multiple" Iranian-linked hacking efforts.
CyberScoop
U.S. cybersecurity officials issue notice on Karakurt extortion group
The suspected Conti ransomware group spinoff employs a variety of attack methods, the notice warns.
CyberScoop
Former Marine, cyber exec Nate Fick selected as State's inaugural cyber ambassador
Also an author, Fick spoke at the 2008 Democratic National Convention.
CyberScoop
REvil prosecutions reach a 'dead end,' Russian media reports
The contention follows multiple claims from Russian officials that a lack of U.S. cooperation was hurting their case.
CyberScoop
Water companies are increasingly uninsurable due to ransomware, industry execs say
The scope of what insurers are covering is also narrowing as costs go up, said an association representative.
CyberScoop
New research identifies poor IAM policies as the greatest cloud vulnerability
New research unpacks the “who, what, and how” of how poorly managed IAM used by threat actors to exploit cloud vulnerabilities.
CyberScoop
Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts
The claim comes after Conti doubled its extortion demand to $20 million and called for the overthrow of the government.
CyberScoop
FBI charges Venezuelan doctor with using, selling 'Thanos' ransomware
Zagala's products were widely praised by customers.
CyberScoop
Ransomware group strikes second U.S. health care system in the last two months
The targeted systems are just two of dozens of the group's attacks in the last year.
CyberScoop
Ukrainian cybercriminal sentenced to 4 years in U.S. prison for credential theft scheme
The defendant earned roughly $80,000 from his crimes between 2017 and 2019, prosecutors said.
CyberScoop
Legislator slams Biden administration for dialing back DOD cyber operation authorities
Cyberspace Solarium Commission Co-Chair Rep. Mike Gallagher asserts that the Biden administration's decision poses a national security threat.
CyberScoop
State to gain more ability to monitor DOD cyber ops under White House agreement
The White House has reached consensus with the State and Defense Departments on how to pare back NSPM-13's precedent-setting delegation of authority to the DOD.
CyberScoop
UK, EU, US formally blame Russia for Viasat satellite hack before Ukraine invasion
The British statement cites joint UK/US intelligence, representing the most formal US attribution to date.
CyberScoop
Costa Rican president begins tenure with ransomware national emergency declaration
A Conti affiliate claimed responsibility and has posted more than 672GB of data so far.
CyberScoop
Treasury sanctions virtual currency mixer Blender for money laundering
Blender was used to launder $20.5 million of the $620 million which the Department of Treasury alleges North Korean hackers stole in March.
CyberScoop
Australian police unsuccessfully seek to have hosting company pull down leaked data website
The request came as police there investigate the hack of the Nauru Police Force.
CyberScoop
Nakasone says Cyber Command did nine 'hunt forward' ops last year, including in Ukraine
U.S. Cyber Command's Gen. Paul Nakasone says Russian cyber attacks against Ukraine have been destructive and he is still bracing for potentially serious cyberattacks against the U.S.
CyberScoop
Russian ransomware group claims attack on Bulgarian refugee agency
The impact of the alleged attack is so far unclear. The country has taken in hundreds of thousands of Ukrainian refugees.
CyberScoop
SolarWinds hackers set up phony media outlets to trick targets
New infrastructure, old tricks.
CyberScoop
Twitter may have given user's private data to a ransomware hacker, who then ran a researcher offline
If true, it's just the latest example of phony data requests used for illicit purposes.
CyberScoop
Combatting emerging-malware aimed at industrial control systems
New report offers insights on CHERNOVITE and the PIPEDREAM malware that threatens industrial control systems.
CyberScoop
Brokers' sales of U.S. military personnel data overseas stir national security fears
Data brokers sell information about U.S military personnel which experts say could pose a national security risk.
CyberScoop
Information-stealing malware is spreading widely on Telegram, Cisco Talos says
The ZingoStealer information stealer identified by Cisco Talos threat analysts can exfiltrate credentials and steal cryptocurrency wallet information.
CyberScoop
Global advertising giant Omnicom suffers 'suspicious' IT incident
The company said it is in the process of bringing systems back online.
CyberScoop
Google files suit against Cameroonian cybercriminal who used puppies as lures
The scams are just the latest example in booming cybercrime using cute puppies to steal money.
CyberScoop
Federal prosecutors going after alleged Russian hacker mistakenly turn over unrelated case documents, lawyer says
The material includes information on non-related people and phone records, and Russian businessmen possibly associated with the Trump administration, according to a court document.
CyberScoop
FIN7 hacker sentenced to five years
Denys Iarmak, a Ukrainian national, was involved with the Russia-linked FIN7 hacking group between November 2016 and November 2018.
CyberScoop
Legislators rail against potential rollback of flexible DOD cyber powers
U.S. Cyber Command General Paul Nakasone told the Senate Armed Services Committee that scaling back his organization's cyber ops authorities would be damaging to its mission.
CyberScoop
Debate erupts at news the White House may scale back DOD cyber-ops authorities
Cybersecurity and homeland security experts are split on the wisdom of scaling back broad authorities the Department of Defense now has to launch cyber operations.
CyberScoop
Attack on Viasat modems possibly came from wiper malware deployed through supply chain
Researchers from SentinelOne say there are reasons to disagree with Viasat's most recent statement about the Feb. 24 attack.
CyberScoop
Russian, Chinese, Belarusian hackers increasingly using Ukraine-themed lures in attacks, Google observes
The Threat Analysis Group report sheds light on international efforts to leverage the war in hacking campaigns.
CyberScoop
Coordinated phishing campaign targeted election officials in nine states, according to FBI
This kind of activity is likely to continue or increase as the 2022 midterms approach, the FBI said.
CyberScoop
Ukrainian telecom, government blame cyberattack for most severe disruption since Russian invasion
The disruption targeted a large service provider in what might be the latest in a string of ongoing intentional internet disruptions.
CyberScoop
DOJ unseals charges against Russians in attempted hacks of infrastructure, including Trisis case
One indictment alleges hacking attempts on industrial control systems, and the other involves a separate spree from 2012-17.
CyberScoop
Strengthening industrial cybersecurity
ICS/OT cybersecurity trends provides asset owners and operators recommendations on strengthening their cyber readiness.
CyberScoop
The international surge to help keep Ukraine's frontlines connected
Donations of modems, routers and other equipment are flooding in from around the world.
CyberScoop
Senate ransomware investigation says FBI leaving victims in the lurch
The report includes three case studies of ransomware attacks against U.S. companies within the past five years.
CyberScoop
Venezuelan leftists took to Twitter in attempt to swing Colombian presidential election
An account had more than 144,000 followers before Twitter suspended it.
CyberScoop
For Magecart groups and other credit-card skimmers, old and new opportunities abound
The entry points for Magecart and other e-commerce skimmers are changing, but the attackers are getting more clever, too.
CyberScoop
New security threats target industrial control and OT environments
Recent threats targeting industrial control systems and operational technology environments, strategies to address them
CyberScoop
New security threats target industrial control and OT environments
Recent threats targeting industrial control systems and operational technology environments, strategies to address them
CyberScoop
Cybercriminals are posing as Ukraine fundraisers to steal cryptocurrency
The scams have picked up on Telegram.
ZDNet
Alleged hacker behind Kaseya ransomware attack extradited, arraigned in Texas | ZDNet
22-year-old Yaroslav Vasinskyi is accused of using Sodinokibi/REvil ransomware to encrypt several companies.
CyberScoop
Against backdrop of Russian-Ukraine war, researchers witness flurry of nation-aligned hacking - CyberScoop
Hackers believed to be associated with the governments of Russia, Belarus and China are targeting Ukraine, Poland and European governments, researchers say, ranging from espionage attempts to phishing campaigns and coinciding with the intensification of the Russian assault on Ukraine. Shane Huntley, the director of Google’s Threat Analysis Group (TAG), said in a blog post Monday that the group has observed well-known Russian military hacking group Fancy Bear (also known as APT28) conducting several large credential phishing campaigns targeting UkrNet, a Ukrainian media company. Two recent campaigns, he said, involved newly created Blogspot domains as initial landing pages, which then redirected targets to credential phishing pages. TAG also observed a hacking operation known as Ghostwriter, or UNC1151, running credential phishing campaigns over the past week against Polish and Ukrainian government and military organizations. Ghostwriter refers to activity believed to be operating out of Belarus, researchers with cybersecurity firm Mandiant reported […]
CyberScoop
Ransomware gang Conti has already bounced back from damage caused by chat leaks, experts say - CyberScoop
A Twitter account known as ContiLeaks debuted to much fanfare in late February, with people around the globe watching as tens of thousands of leaked chats between members of the Russia-based ransomware gang Conti hit the web. In the days after the leaks, many celebrated what they thought would be a devastating blow to Conti, which a Ukrainian security researcher had apparently punished by leaking the internal chats because the gang threatened to “strike back” at any entities that organized “any war activities against Russia.” But ten days after the leaks began, Conti appears to be thriving. Experts say the notorious ransomware gang has pivoted all too easily, replacing much of the infrastructure that was exposed in the leaks while moving quickly to hit new targets with ransom demands. According to Vitali Kremez, CEO of the cybersecurity firm AdvIntel, by Monday morning Conti had successfully completed two new data breaches at […]
CyberScoop
Global news app PressReader says it's back up after cyberattack - CyberScoop
Digital media company PressReader was hit with a cyberattack late last week, the company confirmed Monday on Twitter, but its operations are now fully up and running — though some content published during the delay in operations is still being uploaded. The company said it did not see any evidence that customer data was compromised in the Thursday attack. The attack came just days after the site pulled Russian publications. There is no evidence the two events are related. PressReader is a subscription app that works with hotels, airlines and public institutions like libraries to automatically grant guests access to a library of more than 7,000 publications as soon as they connect to the company’s network. The platform has more than 12 million monthly active users, according to its website. It bills itself as “the world’s largest digital newsstand.” The outage affected at least a half-dozen U.S.-based publications that use […]
CyberScoop
Ukraine, looking to fortify itself against Russian attacks, admitted to NATO cyber center - CyberScoop
NATO nations voted unanimously on Friday to admit Ukraine to their Cooperative Cyber Defence Centre of Excellence (CCDCOE), a development which experts said will help Ukraine fight off mounting cyberthreats from Russia. The CCDCOE is a NATO-accredited cyber knowledge hub, research institution and training and exercise facility. “They’re one of the leading if not the leading institution for thinking about cyber warfare,” said James Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, a Washington think tank. Lewis said the decision to include Ukraine in the CCDCOE will have an immediate impact on its ability to fend off Russian cyberattacks. The center is based in Tallinn, Estonia and is a legacy of the Estonian government’s experience as the target of devastating cyberattacks in 2007. Russia denied being the culprit in those attacks — which disabled everything from cash machines to media outlets — but […]
CyberScoop
Treasury Department sanctions alleged Russian cyber-espionage, disinformation sources - CyberScoop
The Biden administration on Thursday sanctioned Russian oligarchs and organizations for their role in spreading disinformation and supporting Russian President Vladimir Putin’s war in Ukraine, among them a news agency the Treasury Department says has ties to a Russian cyber-espionage and offensive unit. The sanctions targeted nine employees of InfoRos, a nominal news agency primarily run by the GRU, which controls the Russian military intelligence service and operates its own special forces units. According to the Treasury Department, the GRU’s 72nd Main Intelligence Information Center, a unit within Russia’s Information Operations Troops, functions as Russia’s “military force for conducting cyber espionage, influence, and offensive cyber operations” and is InfoRos’ operator. In a news release, the Treasury Department said InfoRos is a network of more than 1,000 websites which “spread false conspiracy narratives and disinformation promoted by GRU officials.” For example, in early December, 2021, Treasury officials said one Ukraine-based InfoRos […]
CyberScoop
Personal data from T-Mobile breach still spreading on dark web, state governments warn - CyberScoop
Attorneys general from New York, California and multiple other states issued alerts to consumers about the August 2021 T-Mobile incident.
Ars Technica
Ukraine asks ICANN to revoke Russian domains and shut down DNS root servers
Expert: Cutting DNS links would harm Russian people but have little impact on gov't.
CyberScoop
NATO countries' refugee management may have been targeted by Belarus-linked hackers - CyberScoop
A phishing campaign aimed at countries taking refugees is potentially linked to a group known to researchers as TA445, UNC1151 or Ghostwriter.
CyberScoop
US chip maker Nvidia says hackers breached company, stole data - CyberScoop
Nvidia said user credentials and proprietary data have leaked online. The company has contacted cyber incident response experts.
CyberScoop
Facebook, Twitter, Google move to intercept Russian propaganda, disinformation about Ukraine - CyberScoop
U.S. lawmakers and others have been applying pressure to social media giants to hold back the tide of disinformation.
CyberScoop
Belarusian hackers launch another attack, adding to chaotic hacktivist activity around Ukraine - CyberScoop
A group of Belarusian hackers and IT specialists claimed Sunday that they’d attacked the Belarusian Railways in an attempt to “slow down the transfer of occupying forces and give the Ukrainians more time to repel the attack,” according to a Google translation of the message posted to the group’s Telegram channel. The hackers — who call themselves the Cyber Partisans and have targeted Belarus’ autocratic government and its leader, Alexander Lukashenko, dating back to September 2020 — said Sunday their hack “paralyzed” some railway operations in the Belarusian capital of Minsk and in Orsha, an eastern Belarusian city between Moscow and Misk. Some railway operations were switched to manual mode, the group said, “which will significantly slow down the movement of trains, but will NOT create accidents.” “The internal network will be disconnected until the Russian troops leave the territory of Belarus and the participation of the Belarusian military forces […]
CyberScoop
'Most advanced' China-linked backdoor ever, Daxin, raises alarms for cyber-espionage investigators - CyberScoop
The Daxin malware is "on another level," according to researchers at Symantec.
CyberScoop
Suspected cyberattack on parts supplier forces Toyota to shut down Japan plants - CyberScoop
Reports said the supplier was working to address an incident that blocked its network from communicating with Toyota's.
CyberScoop
TrickBot malware suddenly got quiet, researchers say, but it's hardly the end for its operators - CyberScoop
The operators of TrickBot have essentially shut down the notorious malware, multiple reports say, but evidence suggests the gang has begun using other platforms or folded operations into another cybercrime group altogether. Researchers at Intel471 and AdvIntel noted a sharp dip in recent TrickBot activity in separate reports Thursday, even though the command-and-control infrastructure for the malware remains operational. Intel471 said “it’s likely that the Trickbot operators have phased Trickbot malware out of their operations in favor of other platforms,” probably Emotet — a development researchers have been tracking for months. AdvIntel’s Yelisey Boguslavskiy, meanwhile, said in his report that TrickBot’s operators had been subsumed into Conti, a Russia-linked cybercrime group known for offering “ransomware as a service” packages to its affiliates. Researchers previously had noted TrickBot connections with Conti. “In name, at least, this means that TrickBot’s four-year saga is now coming to a close — the liaison that […]
CyberScoop
Conti ransomware group announces support of Russia, threatens retaliatory attacks - CyberScoop
An infamous ransomware group with potential ties to Russian intelligence and known for attacking health care providers and hundreds of other targets posted a warning Friday saying it was “officially announcing a full support of Russian government.” The gang said that it would use “all possible resources to strike back at the critical infrastructures” of any entity that organizes a cyberattack “or any war activities against Russia.” The message appeared Friday on the dark-web site used by ransomware group Conti to post threats and its victims’ data. Security researchers believe the gang to be Russia-based. Conti ransomware was part of more than 400 attacks against mostly U.S. targets between spring 2020 and spring 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the FBI reported in September. After the initial post got some attention, the message posted to the site was modified to exclude the threat […]
CyberScoop
Ukrainian cyber officials warn of new wave of phishing attacks - CyberScoop
Ukrainian officials warned Friday that Belarusian hackers are sending a wave of phishing emails targeting Ukrainian soldiers and civilians. “Mass phishing emails have recently been observed targeting private ‘i.ua’ and ‘meta.ua’ accounts of Ukrainian military personnel and related individuals,” Ukraine’s Computer Emergency Response Team wrote in a Facebook post Friday. Both URLs belong to Ukraine-based email services. Once an account is compromised, hackers gain access to the target’s messages and their contact details, allowing them to send additional phishing emails to their contacts, the CERT said. Ukraine’s State Service of Special Communications and Information Protection issued a separate warning Friday about a phishing attack against civilian emails containing potentially malicious attached files. Warning ⚠️ A phishing #attack has started against Ukrainians! Citizens' e-mail addresses receive letters with attached files of uncertain nature. The mass distribution of such messages to messengers may happen. #cyberattacks #Ukraine pic.twitter.com/YPvFH2oNk0 — SSSCIP Ukraine (@dsszzi) February 25, 2022 The […]
CyberScoop
In studying tech supply chain, feds cite open source products, device firmware - CyberScoop
Open-source software and device firmware are two of the biggest areas of vulnerability in the supply chains for information and communications technology, according to a federal report Thursday that called for better risk management practices and improved monitoring efforts by government and industry. Another area that potentially affects U.S. cybersecurity is a shrinking manufacturing base for hardware, including a “significant reduction” in the related workforce, the report said. The Biden administration asked the departments of Commerce and Homeland Security for the review under an executive order signed in February 2021 as the White House worked to address challenges in the supply chains for goods and services overall. At the time, the breach of SolarWinds’ software supply chain by Russia-linked hackers had riled Washington, and Thursday’s report comes as the government and cybersecurity industry are still responding to the Log4shell bug found in December 2021 in a widely used piece of […]
CyberScoop
How to improve threat detection in ICS environments - CyberScoop
A new report evaluates an end-to-end cyberattack on industrial control systems and offers solutions for threat detection capabilities.
CyberScoop
FBI, CISA, Cyber Command take aim at cyber-espionage by Iran's MuddyWater group - CyberScoop
U.S. and U.K. government agencies called out Iranian government-affiliated hackers Thursday, accusing them of being behind cyber-espionage targeting the defense, local government, oil and natural gas and telecommunications sectors across the globe. The joint alert points a finger at MuddyWater, which the U.S. government for the first time last month attributed directly to Tehran. In the latest warning, the government agencies said that they have observed MuddyWater on the move in Africa, Asia, Europe and North America since 2018. “MuddyWater actors are positioned both to provide stolen data and accesses to the Iranian government and to share these with other malicious cyber actors,” reads the alert. The bulletin is the joint work of the the FBI, Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the U.S. Cyber Command Cyber National Mission Force and the U.K.’s National Cyber Security Centre. MuddyWater has a long history of allegedly spying on primarily […]
CyberScoop
Putin's government warns Russian critical infrastructure of potential cyberattacks - CyberScoop
The Russian government warned its domestic critical infrastructure operators Thursday of the “threat of an increase in the intensity of computer attacks,” and said that any failure in the operation of critical infrastructure that doesn’t have a “reliably established” cause should be considered “the result of a computer attack.” The warning, issued through Russia’s National Computer Incident Response & Coordination Center, comes as the Russian military carries out a widespread attack on Ukraine, and after the Ukrainian government accused the Russians of launching a series of distributed denial-of-service attacks and the deployment of wiper malware on Ukrainian government systems ahead of the invasion. “Attacks can be aimed at disrupting the functioning of information resources and services, causing reputational damage, including for political purposes,” the warning read, according to a Google translation. “In addition, in the future, it is possible to carry out harmful influences from the Russian information space to […]
CyberScoop
DOJ drops Trump-era 'China Initiative' but remains focused on nation-state threats - CyberScoop
The U.S. Department of Justice is closing down its controversial “China Initiative,” instead launching a broader strategy toward countering multiple threats from several countries, a senior department official said Wednesday. The new “Strategy for Countering Nation-State Threats” will focus the department’s resources on multiple concurrent threats from China, Russia, Iran and North Korea, such as transnational repression, foreign malign influence and cyberthreats, said Assistant Attorney General Matthew Olsen in remarks at George Mason University. “We see nations such as China, Russia, Iran and North Korea becoming more aggressive and more capable in their activity than ever before,” Olsen said, adding that the new strategy “is threat driven,” and an attempt to counter malign activity from multiple countries, not just China. The China Initiative — launched during the Trump administration to group espionage, intellectual property theft and cybecrime cases involving Chinese suspects under one effort — was criticized for alleged racial […]
CyberScoop
Another round of 'wiper' malware appears in Ukrainian networks - CyberScoop
Security researchers detected new destructive malware spreading in Ukraine on Wednesday, following evidence of distributed denial-of-service disruptions for government agencies — both of which overlapped with the beginnings of a Russian invasion. ESET said the data-wiping malware it has dubbed “HermeticWiper” was “installed on hundreds of machines in the country,” and there were signs that the attackers had been preparing for almost two months. Silas Cutler, principle reverse engineer and resident hacker at Stairwell, said that the wiper damages a system’s master boot record, which tells a machine how to start up. That’s similar to malware known as WhisperGate that was used in an attack in January in Ukraine. Broadcom Software’s Symantec, too, observed the wiper in action, and Vikram Thakur, technical director at Symantec Threat Intelligence, confirmed to CyberScoop that it has seen it in Latvia and Lithuania as well. Thakur said Symantec had seen targets among the finance […]
CyberScoop
Chinese researchers accuse NSA of being behind a powerful exploit - CyberScoop
A Chinese cybersecurity firm released a report Wednesday that revealed a decade-old exploit allegedly created by a covert hacking group associated with the U.S. National Security Agency. The report is the first time that a Chinese cybersecurity firm has both attributed a cyberattack to a U.S. hacking group and included technical indicators of compromise. “It’s a completely different type of report here that that seems to mimic Western name-and-shame,” said Winnona DeSombre, fellow at the Atlantic Council and Harvard’s Belfer Center. Pangu Lab researchers said they first discovered the backdoor in 2013 during an “in-depth forensic investigation of a host in a key domestic department.” The researchers were later able to tie it to the “The Equation Group,” a group of hackers said to be affiliated with the NSA, after NSA documents leaked by a group known as the “The Shadow Brokers” published hacking files that allegedly belonged to the […]
CyberScoop
Russia-linked Sandworm reportedly has retooled with 'Cyclops Blink' - CyberScoop
A long-running hacking group associated with Russian intelligence has developed a new set of tools to replace malware that was disrupted in 2018, according to an alert Wednesday from the U.S. and U.K. cybersecurity and law enforcement agencies. The advanced persistent threat group, known primarily as Sandworm, is now using a “large-scale modular malware framework” that the agencies call Cyclops Blink. Western governments have blamed Sandworm for major incidents such as the disruption of Ukraine’s electricity grid in 2015, the the NotPetya attacks in 2017 and breaches of the Winter Olympics in 2018. Cyclops Blink has largely replaced the VPNFilter malware in Sandworm’s activities since at least June 2019, said the joint alert from the U.K.’s National Cyber Security Centre (NCSC), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, National Security Agency and FBI in the U.S. The NCSC also issued a separate analysis paper on Cyclops Blink. […]
ZDNet
Congress pressures more agencies to end use of facial recognition after ID.me debacle | ZDNet
Even though the IRS has ended its deal with ID.me, the Veterans Affairs Administration, the Social Security Administration and the US Patent and Trademark Office still use it.
ZDNet
IRS to end ID.me facial recognition effort after widespread backlash | ZDNet
The IRS confirmed on Monday that it would not be moving forward with efforts to require the use of ID.me for certain tax processes.
ZDNet
House Democrats join senators in urging IRS to end plan for ID.me facial recognition | ZDNet
More Democrats have announced opposition to the IRS plan after Senate Republicans sent a letter demanding more information from the government agency.
The Record
Democrats accuse GOP of scuttling incident reporting in massive defense bill
Congressional Democrats on Tuesday blamed Republicans for axing language in the annual defense policy bill that would have mandated reporting of cyberattacks and ransomware payments.