Month: December 2020

Russian hackers who stole red team tools from FireEye may have been in action on a much broader scale, operating a sophisticated supply chain campaign targeting multiple global organizations and governments. FireEye revealed in an update on Sunday that nation state attackers inserted malicious code into legitimate software for SolarWinds’ popular Orion product to gain
While much attention has been given to the potential for remote learning environments being exploited by cybercriminals, a new CISA joint cybersecurity advisory warns that such attacks are already happening.  Threat actors are targeting K-12 schools and remote learning classrooms, according to a joint cybersecurity advisory by CISA, the FBI, and the Multi-State Information Sharing
Norwegian police have blamed Russian advanced persistent threat (APT) group Fancy Bear for the summer cyber-attack on Norway’s single-chamber parliament, the Storting. In what was described as “a significant attack” by the parliament’s director, Marianne Andreassen, unauthorized individuals managed to gain access to the email accounts of several elected members of parliament and to some accounts belonging
by Paul Ducklin Subway customers in the UK and Ireland were swamped with scam emails yesterday in a phishing campaign that aimed to trick recipients into downloading malware. We received a sample that looked like this (note spelling mistake anather): Subject: YYYY, WE'VE_RECEIVED_YOUR_ORDER! Thanks for shopping with us! You'll find a summary of your recent
A Kosovan hacker, imprisoned in the United States for stealing personal data belonging to US military and government personnel and sending it to the Islamic State of Iraq and the Levant (ISIL), has been granted compassionate release. Ardit Ferizi was sentenced to 20 years in prison in September 2016 after he confessed to providing material support to
LuckyMouse, TA428, HyperBro, Tmanger and ShadowPad linked in Mongolian supply-chain attack ESET researchers discovered that chat software called Able Desktop, part of a business management suite popular in Mongolia and used by 430 government agencies in Mongolia (according to Able), was used to deliver the HyperBro backdoor (commonly used by LuckyMouse), the Korplug RAT (also known as PlugX), and a RAT called Tmanger (which was first documented by NTT Security and was used during Operation Lagtime IT campaigns attributed to TA428 by Proofpoint). A connection with
Microsoft on Thursday took the wraps off an ongoing campaign impacting popular web browsers that stealthily injects malware-infested ads into search results to earn money via affiliate advertising. “Adrozek,” as it’s called by the Microsoft 365 Defender Research Team, employs an “expansive, dynamic attacker infrastructure” consisting of 159 unique domains, each of which hosts an
A man from Texas, charged in January with cyber-stalking realtors across the United States, has been indicted for capital murder in the deaths of two women. Andy Castillo was arrested on January 6 for allegedly cyber-stalking as many as 100 realtors in up to 22 different states.  The 57-year-old Lubbock resident was accused of sending sexually explicit
U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users starting mid-January. U.S. tax-payers will be able to enroll in the Identity Protection PIN program that was previously available only to certain users starting mid-January   In an effort to battle various flavors of tax fraud and tax-related
Cybersecurity researchers disclosed a dozen new flaws in multiple widely-used embedded TCP/IP stacks impacting millions of devices ranging from networking equipment and medical devices to industrial control systems that could be exploited by an attacker to take control of a vulnerable system. Collectively called “AMNESIA:33” by Forescout researchers, it is a set of 33 vulnerabilities
A British judge has ruled against extraditing to the United States a man accused of hacking into hundreds of webcams all over the world to spy on victims without their consent. Christopher Taylor allegedly duped 772 victims in 39 countries into downloading computer software called Cammy between August 2012 and July 2015.  By installing the software, victims
A new report on the cybersecurity of the education sector has found that nearly half of the schools in the United States did not implement new training or tools to protect staff and students during the pandemic. The CTNT report “Lessons learned: How education coped in the shift to distance learning” from Malwarebytes details data from 500 students and
Russian state hackers have been exploiting a vulnerability found in VMware products including virtual workspaces, according to a cybersecurity advisory issued today by the National Security Agency. The VMware vulnerability, which was dubbed CVE-2020-4006 and rated 7.2 on the Common Vulnerability Scoring System (CVSS), was disclosed and patched last week. According to the NSA advisory,
21st-century technology has allowed Cybercriminals to use sophisticated and undetectable methods for malicious activities. In 2020 alone, a survey revealed that 65% of US-based companies were vulnerable to email phishing and impersonation attacks. This calls for upgrading your organization’s security with DMARC, which if not implemented, will enable cyber-attackers to: Instigate money transfers from vulnerable
The former chief executive officer of a technology startup based in Virginia has admitted conning investors out of millions of dollars.  Danny Boice pleaded guilty yesterday to one count of securities fraud and one count of wire fraud before senior United States district judge T.S. Ellis III of the Eastern District of Virginia.     Alexandria resident Boice held