Month: September 2020

Threat actors may spread false claims about compromised voting systems in order to undermine confidence in the electoral process The United States’  Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint announcement aimed at raising awareness about threats posed by disinformation campaigns that may target voters during the
I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol
The owner of a Bitcoin exchange has become the seventeenth person to be convicted in the United States in connection with a transnational multi-million-dollar online auction fraud scheme that victimized over 900 Americans. Rossen Iossifov was found guilty yesterday by a federal jury in Frankfort, Kentucky, of one count of conspiracy to commit racketeering and one count
Cybersecurity researchers uncovered fresh evidence of an ongoing cyberespionage campaign against Indian defense units and armed forces personnel at least since 2019 with an aim to steal sensitive information. Dubbed “Operation SideCopy” by Indian cybersecurity firm Quick Heal, the attacks have been attributed to an advanced persistent threat (APT) group that has successfully managed to stay
A health insurance company in Washington state has been slapped with the second-largest ever HIPAA violation penalty. The Department of Health and Human Services’ Office for Civil Rights (OCR) has imposed a $6.85m penalty on Premera Blue Cross to resolve potential violations of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Premera Blue Cross is a
As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution to enable
A 13-year-old boy has been arrested in the United States after allegedly hacking into an Indiana school district’s computer system.  The unnamed teen was arrested after repeated cyber-attacks were launched against Valparaiso Community Schools.  School officials reported regular assaults on the district’s e-learning systems that disrupted instruction by causing students to become disconnected from their
Microsoft’s long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft’s 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and
A warning has been issued by America’s Cybersecurity and Infrastructure Security Agency (CISA) after a malicious cyber-actor compromised a United States federal agency.  The attacker used valid log-in credentials for multiple users’ Microsoft Office 365 accounts and domain administrator accounts to gain access to the agency’s enterprise network. Once inside, the bad actor infected the network with
Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems. Developed by a German company, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the
A cyber-attack has struck a Texas company that provides software services to schools and state and local governments across the United States. Tyler Technologies notified customers on September 23 that its phone and computer systems had been compromised by a bad actor.  Since the incident, the website of the company has carried the message: “Our
Ever wonder how hackers can hack your smartphone remotely? In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram’s Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image. What’s more worrisome is that
New research published today by Kaspersky examines a rise in the number of cyber-attacks on industrial control system (ICS) computers used by the oil and gas industry. Over the first six months of 2020, the percentage of systems attacked in the oil and gas industry increased when compared to the same time period last year. The same trend was
The sting is said to be the US Government’s largest operation targeting crime in the internet’s seedy underbelly Law enforcement agencies from around the globe have swooped down on dozens of purveyors of illegal goods on the dark web. No fewer than 179 vendors of illicit goods have been handcuffed in an operation dubbed DisrupTor,
If you’re administrating Windows Server, make sure it’s up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed ‘Zerologon’ (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the
Cyber-criminals hoping to profit from the theft of Bruce Springsteen’s legal documents were left disappointed when an online auction of the data attracted no buyers. The singer’s documents were among a 756GB cache of data swiped from New York City law firm Grubman Shire Meiselas & Sacks in a cyber-attack carried out in May this year.  Other high-profile entertainers
NIST’s tool can help organizations improve the testing of their employees’ phish-spotting prowess Researchers at the US National Institute of Standards and Technology (NIST) have devised a new method that could be used to accurately assess why employees click on certain phishing emails. The tool, dubbed Phish Scale, uses real data to evaluate the complexity
A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn’t include any personal details such as names or addresses. The data leak, discovered by Ata Hakcil of WizCase on September 12, is a massive 6.5TB
A global sting operation targeting drug trafficking on the darknet has led to 179 arrests and the seizure of weapons, drugs, and millions of dollars in cash and virtual currencies. Operation DisrupTor was conducted across the United States and Europe and was a collaborative effort between the law enforcement and judicial authorities of Austria, Cyprus,
Attackers could have exploited the flaw to steal victims’ login credentials or install malware on their devices Mozilla has patched a security flaw that could allow cybercriminals to hijack all vulnerable Firefox for Android browsers running on devices connected to the same Wi-Fi network. The vulnerability could be abused by black hats to force users
The parent company of Dunkin’ Donuts has agreed to pay hundreds of thousands of dollars in costs and fines to settle a lawsuit that accused the company of glazing over multiple cyber-attacks.  The suit was filed against Dunkin’ Brands Group Inc. in state Supreme Court in Manhattan in September last year by the state of New York’s attorney general Letitia James. 
Capping off a busy week of charges and sanctions against Iranian hackers, a new research offers insight into what’s a six-year-long ongoing surveillance campaign targeting Iranian expats and dissidents with an intention to pilfer sensitive information. The threat actor, suspected to be of Iranian origin, is said to have orchestrated the campaign with at least two