Security News

A recently discovered cryptomining botnet is actively scanning for vulnerable Windows and Linux enterprise servers and infecting them with Monero miner and self-spreader malware payloads. While, at first, it was using a multi-component architecture with the miner and worm modules, the botnet has been upgraded to use a single binary capable of mining and auto-spreading the malware to other devices.

Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots. Once I even "Caught" a leak with the help of the firewall logs: I noticed an atypically large data upload and found out that the user was uploading confidential information as virtual-machine images.

Microsoft won a nearly $22 billion contract to supply U.S. Army combat troops with its augmented reality headsets. Microsoft and the Army separately announced the deal Wednesday.

The 25+ year gap between IT and Operational Technology security means that OT networks have few, if any, modern security controls in place, as many of these Industrial Control Systems are legacy assets that were not designed with security in mind and were previously isolated, until digital transformation came along. With asset visibility to identify vulnerabilities and suspicious behavior, continuous threat monitoring to detect and track threats that cross the IT/OT boundary, and secure remote access solutions with strict controls over sessions, we can jumpstart the process of closing the IT/OT security gap.

The U.S. government on Wednesday announced the launch of another bug bounty program conducted in collaboration with hacker-powered cybersecurity platform HackerOne. Hack the Army 3.0, whose goal is to help the U.S. Army secure its digital assets and protect its systems against cyberattacks, takes place between January 6 and February 17, and it's open to both millitary and civilian white hat hackers.

The campaign's starting point is an email with an embedded malicious attachment - either in the form of a ZIP file containing an LNK file or a Microsoft Word document - that triggers an infection chain via a series of steps to download the final-stage payload. Aside from identifying three different infection chains, what's notable is the fact that one of them exploited template injection and Microsoft Equation Editor flaw, a 20-year old memory corruption issue in Microsoft Office, which, when exploited successfully, let attackers execute remote code on a vulnerable machine even without user interaction. What's more, the LNK files have a double extension and come with document icons, thereby tricking an unsuspecting victim into opening the file.

The Army command dedicated to defending against hackers and other online threats celebrated its move into a new $366 million headquarters in Georgia on Thursday. Created a decade ago, the Army Cyber Command had been spread across Army installations in three states before consolidating at Fortitude Hall, its new home at Fort Gordon in Augusta.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

A report published recently by the U.S. Army describes North Korea's cyber warfare capabilities and provides information on various units and their missions. In terms of computer warfare, the Army says North Korea primarily conducts these types of attacks because they represent a low-cost and low-risk method for targeting the enemy's computers, they can be used to counter the enemy's superior conventional military capabilities, and they can "Upset the status quo with little fear of retaliation."

Army researchers have been awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate. The researchers, including Drs. Paul Yu and Brian Sadler from the U.S. Army CCDC's Army Research Laboratory and Prof. Rick Blum and Dr. Jake Perazzone from Lehigh University, have invented a method to perform two tasks simultaneously: verifying the authenticity of wireless communications and communicating secret information.