Security News

A cyber attack in Iran left petrol stations across the country crippled, disrupting fuel sales and defacing electronic billboards to display messages challenging the regime's ability to distribute gasoline. Other signs read, "Free gas in Jamaran gas station," with gas pumps showing the words "Cyberattack 64411" when attempting to purchase fuel, semi-official Iranian Students' News Agency news agency reported.

Lazarus Group, the advanced persistent threat group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities. The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN and COPPERHEDGE to attack the defense industry, an IT asset monitoring solution vendor based in Latvia, and a think tank located in South Korea, according to a new Q3 2021 APT Trends report published by Kaspersky.

Nobelium, the threat actor behind the SolarWinds compromise in December 2020, has been behind a new wave of attacks that compromised 14 downstream customers of multiple cloud service providers, managed service providers, and other IT services organizations, illustrating the adversary's continuing interest in targeting the supply chain via the "Compromise-one-to-compromise-many" approach. Microsoft, which disclosed details of the campaign on Monday, said it notified more than 140 resellers and technology service providers since May. Between July 1 and October 19, 2021, Nobelium is said to have singled out 609 customers, who were collectively attacked a grand total of 22,868 times.

That's true of a new phishing campaign that uses both Craigslist and OneDrive to trick people into installing malware. Clicking on a button in the email was supposed to take people to a form document that had been uploaded to an actual Microsoft OneDrive site.

DNS attacks are nothing new, and they tend to fall further down the list of threat concerns. DNS attacks appear to be on a gradual upward trajectory.

A "Potentially devastating and hard-to-detect threat" could be abused by attackers to collect users' browser fingerprinting information with the goal of spoofing the victims without their knowledge, thus effectively compromising their privacy. Academics from Texas A&M University dubbed the attack system "Gummy Browsers," likening it to a nearly 20-year-old "Gummy Fingers" technique that can impersonate a user's fingerprint biometrics.

Historically, it's a big national security concern, as it should be, whether other governments might be poison-pilling some of our software and supply chains. CW. Well, certainly one place to start with as a software provider is understanding that the security of your software is only as good as the security of your entire environment that's used to build and maintain that software.

Russia's Nobelium group - fingered as being a Russian state actor by both the United States and Britain - has massively ramped up phishing and password spraying attempts against managed service providers and cloud resellers, Microsoft's security arm has warned. The Windows maker said the group's targeted attacks against "Resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers" had trebled over the past three months.

The UK's largest retailer, supermarket titan Tesco, has restored its online operations after an attack hack left its customers unable to order, amend, or cancel deliveries for two days. A Tesco statement acknowledges disruption to the giant's grocery website and app, claiming "An attempt was made to interfere with our systems, which has caused problems with the search function on the site."

The state of bot mitigation 64% of organizations lost more than 6% of their revenue due to bot attacks, and 32% lost 10% or more within the last year. 64% of organizations lost 6% or more of their revenue due to bot attacks, and 32% report that their organizations lost 10% or more of revenue within the last 12 months.