Security News

Companies with poor privacy practices are 80% more apt to suffer data breach
2020-07-21 10:00

There's a direct correlation between a company's poor privacy practices and the likelihood of a data breach, according to a report from the data privacy platform Osano, The Osano Data Privacy and Data Breach Link. Businesses with poor privacy practices are 80% more apt to experience a data breach.

StrongPity APT Back with Kurdish-Aimed Watering Hole Attacks
2020-06-30 17:45

The APT group known as StrongPity is back with a new watering-hole campaign, targeting mainly Kurdish victims in Turkey and Syria. The sheer variety of the trojanized applications on offer in the latest campaign is a method aimed at casting a wide net in terms of victims' interests, according to researchers at Bitdefender in a report released Tuesday.

US Cyber Command: Foreign APTs Likely to Exploit New Palo Alto Networks Flaw
2020-06-30 10:50

Palo Alto Networks revealed on Monday that it has patched a critical authentication bypass vulnerability in its PAN-OS firewall operating system, and U.S. Cyber Command believes foreign APTs will likely attempt to exploit it soon. "When Security Assertion Markup Language authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled, improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability," Palo Alto Networks explained in an advisory.

Trump, Biden Campaign Staffers Targeted By APT Phishing Emails
2020-06-04 20:10

With the U.S. presidential election months away, advanced persistent threat groups are targeting the campaign staffers of both Donald Trump and Joe Biden in recent phishing attacks. A China-linked APT group targeted Biden's campaign staff, while an Iran-linked APT targeted Trump's.

NSA warns about Sandworm APT exploiting Exim flaw
2020-05-29 10:36

The Russian APT group Sandworm has been exploiting a critical Exim flaw to compromise mail servers since August 2019, the NSA has warned in a security advisory published on Thursday. Attackers started exploiting it to compromise Linux servers and instal cryptocoin miners on them, and Microsoft warned about a Linux worm leveraging the flaw to target Azure virtual machines running affected versions of Exim.

Turla APT Revamps One of Its Go-To Spy Tools
2020-05-26 15:28

The Turla APT group has been spotted using an updated version of the ComRAT remote-access trojan to attack governmental targets. According to ESET researchers, ComRAT is one of Turla's oldest weapons, released in 2007 - but the firm found that Turla used an updated version in attacks against at least three targets earlier this year: Two Ministries of Foreign Affairs and a national parliament.

Chafer APT Hits Middle East Govs With Latest Cyber-Espionage Attacks
2020-05-22 13:30

The Chafer APT has been active since 2014 and has previously launched cyber espionage campaigns targeting critical infrastructure in the Middle East. "Researchers have found attacks conducted by this actor in the Middle East region, dating back to 2018," according to a Thursday Bitdefender analysis.

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia
2020-05-21 01:11

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. "Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals," the company said.

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia
2020-05-21 01:11

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. "Telecommunications firms are attractive targets given that they store large amounts of personal and customer information, provide access to critical infrastructure used for communications, and enable access to a wide range of potential targets across multiple verticals," the company said.

Mysterious Chinese APT Linked to Multiple Central Asian Campaigns
2020-05-15 14:30

Coding similarities suggest a possible link with multiple campaigns over several years. What isn't clear is whether all these campaigns have been waged by the same group, or whether multiple groups have access to the same Mikroceen malware family.