Security News

As the US mulls legislation that would see the Cyber Safety Review Board become a permanent fixture in the government's cyber defense armory, experts are calling for substantial changes in the way it's organized. All three senior industry figures in attendance agreed that a greater degree of independence was required to ensure the reports produced by the board were as richly detailed as possible, answering the questions that those in the private sector typically haven't in the past.

ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users' credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions.

Federal prosecutors have expanded their criminal case against a famous Floridian and his loyal minions for allegedly mishandling national security secrets and not being forthright about the storage and handling of hundreds of classified documents. The charges include: attempting to destroy evidence; attempting to induce others to destroy evidence; and a further Espionage Act violation related to the unlawful retention of a top secret document about Iran.

Microsoft is investigating an ongoing issue preventing some customers from accessing their Exchange Online mailbox through Outlook on the web. While Microsoft says this outage only impacts the North American region, user reports show that the issue might also affect users in South America.

MOVEit is managed file transfer software from Progress, an application development and digital experience technologies provider. Aspx is the native file used by MOVEit Transfer for its web interface.

Spanish-speaking users in Latin America have been at the receiving end of a new botnet malware dubbed Horabot since at least November 2020. "Horabot enables the threat actor to control the victim's Outlook mailbox, exfiltrate contacts' email addresses, and send phishing emails with malicious HTML attachments to all addresses in the victim's mailbox," Cisco Talos researcher Chetan Raghuprasad said.

The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance. In a joint advisory issued Tuesday, the UK National Cyber Security Centre, the NSA, America's Cybersecurity and Infrastructure Security Agency and the FBI provided details about how Russia's APT28 - aka FancyBear and Stronium - exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.

AT&T is "Concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden, who said the network had been dubbed unsafe by CISA. In a letter [PDF] sent to the US government's Cybersecurity and Infrastructure Security Agency and NSA, the senator called for an annual cybersecurity audit of FirstNet, citing a nearly half-decade old phone signalling protocol that miscreants and spies can exploit to track mobile devices and intercept their calls and texts. It's a nationwide network intended to allow police, firefighters, and paramedics to transmit data and communications across multiple regions and jurisdictions without worrying about the transmissions being lost to overcrowded networks, particularly during disasters.

A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. "One of their main strategies is to compromise legitimate websites, searching for vulnerable versions of WordPress, to turn them into their command-and-control server to spread malware from there, filtering out countries they do not wish to infect, dropping different type of malware based on the country being infected," researchers Fernando García and Dan Regalado said.

Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control to deliver a secondary payload," Menlo Security researcher Abhay Yadav said.