Security News
There's a direct correlation between a company's poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link. Businesses with poor privacy practices are 80% more apt to experience a data breach.
The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The sheer variety of the trojanized applications on offer in the latest campaign is a method aimed at casting a wide net in terms of victims' interests, according to researchers at Bitdefender in a report released Tuesday.
Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon. "When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.
With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.
The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.
The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan to attack governmental targets. According to ESET researchers, ComRAT is one of Turla's oldest weapons, released in 2007 - but the firm found that Turla used an updated version in attacks against at least three targets earlier this year: Two Ministries of Foreign Affairs and a national parliament.
The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. "Researchers have found attacks conducted by this actor in the Middle East region, dating back to 2018," according to a Thursday Bitdefender analysis.
Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. "Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals," the company said.
Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. "Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals," the company said.
Coding similarities suggest a possible link with multiple campaigns over several years. What isn't clear is whether all these campaigns have been waged by the same group, or whether multiple groups have access to the same Mikroceen malware family.