Security News

Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets' voltages. A handy feature of Bruschetta-Board is the fact it mounts level shifters.

Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army.The leak comes after the Chilean Army confirmed on May 29 that its systems were impacted in a security incident detected over the weekend on May 27, according to a statement shared by Chilean cybersecurity firm CronUp.

The Treasury Department's Office of Foreign Assets Control announced sanctions today against four entities and one individual for their involvement in illicit IT worker schemes and cyberattacks generating revenue to finance North Korea's weapons development programs. North Korea's illicit revenue generation strategy relies heavily on a massive "Army" of thousands of IT workers who hide their identities to get hired by companies overseas, the OFAC said in a press release published on Tuesday.

"In the two schemes, the defendants created and used fake social media accounts to harass and intimidate PRC dissidents residing abroad," states the Department's announcement of the charges. The DoJ alleges the Group ran a troll farm that "Created thousands of fake online personas on social media sites, including Twitter, to target Chinese dissidents through online harassment and threats."

A supposedly secure messaging app preferred by the Swiss government and army was infested with bugs - possibly for a long time - before an audit by ETH Zurich researchers. Threema downplayed the bugs in a blog post about the research.

Locheed Martin has bagged a government contract to train 17,000 remote US Army civilian employees on security readiness, and wants to also extend the offer to private entities. MR2 is also able to synchronize data between the military's segmented classified and non-classified communication networks and "Allows cyber operators to get a full view of capability and skill levels across the entire workforce, removing the need to consult multiple systems and networks," Lockheed Martin said.

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.

Want to build your own army? Engineers at CloudSEK have published a report on how to do just that in terms of bots and Twitter, thanks to API keys leaking from applications. Researchers at the company say they've uncovered 3,207 apps leaking Twitter API keys, which can be used to gain access to or even entirely take over Twitter accounts.

British Army's Twitter and YouTube accounts were hacked and altered to promote online crypto scams sometime yesterday. Notably, the army's verified Twitter account began displaying fake NFTs and bogus crypto giveaway schemes.

The YouTube takeover replaced the legit account with regalia that faked that used by an investment management firm and filled with more crypto boosterism, namely a video that cut an old chat between Elon Musk and Twitter founder Jack Dorsey into a new and misleading narrative. We are aware of a breach of the Army's Twitter and YouTube accounts and an investigation is underway.