Security News

A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs - possibly for a long time - before an audit by ETH Zurich researchers. Threema downplayed the bugs in a blog post about the research.

Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities. MR2 is also able to synchronize data between the military's segmented classified and non-classified communication networks and "Allows cyber operators to get a full view of capability and skill levels across the entire workforce, removing the need to consult multiple systems and networks," Lockheed Martin said.

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications. Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

The YouTube takeover replaced the legit account with regalia that faked that used by an investment management firm and filled with more crypto boosterism, namely a video that cut an old chat between Elon Musk and Twitter founder Jack Dorsey into a new and misleading narrative. We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.

Roskomnadzor, Russia's telecommunications watchdog, has fined Google 68 million rubles for helping spread what it called "Unreliable" information on the war in Ukraine and the failure to remove it from its platforms. The Russian telecommunications regulator said Google's YouTube online video sharing platform "Purposefully contributes" to spreading inaccurate info on Russia's war in Ukraine, thus defaming Russia's army.

Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. DDoS attacks are collective efforts to overwhelm servers with large volumes of garbage traffic and bogus requests, rendering them unable to serve legitimate visitors.

A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. The particular threat group specializes in crypto-mining and DDoS; both supported by botnet malware that can nest in IoT devices and hijack their computational resources.

A new malware campaign is taking advantage of people's willingness to support Ukraine's cyber warfare against Russia to infect them with password-stealing Trojans. Last month, the Ukrainian government announced a new IT Army composed of volunteers worldwide who conduct cyberattacks and DDoS attacks against Russian entities.