Security News
The UK and US governments have sounded the alarm on Russian intelligence targeting unpatched Cisco routers to deploy malware and carry out surveillance. In a joint advisory issued Tuesday, the UK National Cyber Security Centre, the NSA, America's Cybersecurity and Infrastructure Security Agency and the FBI provided details about how Russia's APT28 - aka FancyBear and Stronium - exploited an old vulnerability in unpatched Cisco routers in 2021 to collect network information belonging to European and US government organizations, and about 250 Ukrainian victims.
AT&T is "Concealing vital cybersecurity reporting" about its FirstNet phone network for first responders and the US military, according to US Senator Ron Wyden, who said the network had been dubbed unsafe by CISA. In a letter [PDF] sent to the US government's Cybersecurity and Infrastructure Security Agency and NSA, the senator called for an annual cybersecurity audit of FirstNet, citing a nearly half-decade old phone signalling protocol that miscreants and spies can exploit to track mobile devices and intercept their calls and texts. It's a nationwide network intended to allow police, firefighters, and paramedics to transmit data and communications across multiple regions and jurisdictions without worrying about the transmissions being lost to overcrowded networks, particularly during disasters.
A banking trojan dubbed Mispadu has been linked to multiple spam campaigns targeting countries like Bolivia, Chile, Mexico, Peru, and Portugal with the goal of stealing credentials and delivering other payloads. "One of their main strategies is to compromise legitimate websites, searching for vulnerable versions of WordPress, to turn them into their command-and-control server to spread malware from there, filtering out countries they do not wish to infect, dropping different type of malware based on the country being infected," researchers Fernando García and Dan Regalado said.
Government entities in Asia-Pacific and North America are being targeted by an unknown threat actor with an off-the-shelf malware downloader known as PureCrypter to deliver an array of information stealers and ransomware. "The PureCrypter campaign uses the domain of a compromised non-profit organization as a command-and-control to deliver a secondary payload," Menlo Security researcher Abhay Yadav said.
A week after the US Cybersecurity and Infrastructure Security Agency and FBI released a recovery script to help victims of the widespread ESXiArgs ransomware attacks recover infected systems, an updated variant of the malware aimed at vulnerable VMware ESXi virtual machines can't be remediated with the government agencies' code, according to Malwarebytes. "This makes recovery next to impossible," Arntz wrote in a post this week, noting reports from victims of recent ESXiArgs attacks about the ransomware's new encryptor.
Bank of America has started to restore missing Zelle transactions that suddenly disappeared from customers' bank accounts this morning, causing some to dip into negative balances. This led to reports on DownDetector, Reddit, and Twitter from hundreds of customers missing their Zelle transactions.
Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. In the notification sample, Nissan claims it received notice of a data breach from one of its software development vendors on June 21, 2022.
The US government's crackdown on TikTok continues, with the latest salvo being a bipartisan bill that would outright ban the popular social media app from doing business in the country. Several US states have already banned the app on government-owned devices, while Indiana has sued TikTok for inflicting harm on residents.
America's Transport Security Administration, better known as the TSA, has been testing facial recognition software to automatically screen passengers flying across the country in 16 airports. The equipment will snap a live photo of their face and check whether it matches with the one captured on their ID. The pilot program, testing the Credential Authentication Technology 2 system, aims to reduce security screening wait times by automating the process so TSA agents do not need to manually check IDs.
Hackers tied to the North Korean government have been observed using an updated version of a backdoor known as Dtrack targeting a wide range of industries in Germany, Brazil, India, Italy, Mexico, Switzerland, Saudi Arabia, Turkey and the U.S. "Dtrack allows criminals to upload, download, start or delete files on the victim host," Kaspersky researchers Konstantin Zykov and Jornt van der Wiel said in a report. Discovered in September 2019, the malware has been previously deployed in a cyber attack aimed at a nuclear power plant in India, with more recent intrusions using Dtrack as part of Maui ransomware attacks.