Security News

Defense contractors hit by stealthy SockDetour Windows backdoor
2022-02-24 16:43

A newly discovered custom malware dubbed SockDetour has been found on systems belonging to US defense contractors and used as a backup backdoor to maintain access to compromised networks. SockDetour [.] serves as a backup backdoor in case the primary backdoor is detected and removed by defenders," Unit 42 explained.

How configuration assessments help improve cyber defenses
2022-02-23 06:00

These days, information technology and information security professionals know this all too well, especially when it comes to configuration assessments. To reduce opportunities for hackers, organizations should perform configuration assessments regularly.

Microsoft offers defense against 'ice phishing' crypto scammers
2022-02-18 11:17

Microsoft has some advice on how to defend against "Ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user's tokens to the attacker.

U.S. Says Russian Hackers Stealing Sensitive Data from Defense Contractors
2022-02-17 05:01

State-sponsored actors backed by the Russian government regularly targeted the networks of several U.S. cleared defense contractors to acquire proprietary documents and other confidential information pertaining to the country's defense and intelligence programs and capabilities. Compromised entities include contractors that dabble in command, control, communications, and combat systems; surveillance and reconnaissance; weapons and missile development; vehicle and aircraft design; and software development, data analytics, and logistics.

Russia 'stole US defense data' from IT systems
2022-02-17 01:50

A two-year campaign by state-sponsored Russian entities to siphon information from US defense contractors worked, it is claimed. CISA's announcement and an accompanying report [PDF] state that it, the FBI, and the NSA have all spotted "Regular targeting" of contractors that serve the US Department of Defense, intelligence agencies, and all branches of the US military other than the Coast Guard.

US says Russian state hackers breached defense contractors
2022-02-16 17:05

Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.

US says Russian state hackers breached cleared defense contractors
2022-02-16 17:05

Russian-backed hackers have been targeting and compromising U.S. cleared defense contractors since at least January 2020 to gain access to and steal sensitive info that gives insight into U.S. defense and intelligence programs and capabilities. Since January 2020, Russian hacking groups have breached multiple CDC networks and, in some cases, have maintained persistence for at least six months, regularly exfiltrating hundreds of documents, emails, and other data.

Researchers discover common threat actor behind aviation and defense malware campaigns
2022-02-15 13:40

Researchers discover common threat actor behind aviation and defense malware campaigns. Security researchers at Proofpoint have announced their discovery of a common threat actor behind attacks reported by Cisco Talos, Microsoft and others, and they say that the group has been active since at least 2017.

Experts Warn of Hacking Group Targeting Aviation and Defense Sectors
2022-02-15 05:41

Entities in the aviation, aerospace, transportation, manufacturing, and defense industries have been targeted by a persistent threat group since at least 2017 as part of a string of spear-phishing campaigns mounted to deliver a variety of remote access trojans on compromised systems. The use of commodity malware such as AsyncRAT and NetWire, among others, has led enterprise security firm Proofpoint to a "Cybercriminal threat actor" codenamed TA2541 that employs "Broad targeting with high volume messages." The ultimate objective of the intrusions is unknown as yet.

Highly Evasive Adaptive Threats (HEAT) bypassing traditional security defenses
2022-02-08 05:30

Menlo Security announced it has identified a surge in cyberthreats, termed Highly Evasive Adaptive Threats, that bypass traditional security defenses. HEAT attacks are a class of cyber threats targeting web browsers as the attack vector and employs techniques to evade detection by multiple layers in current security stacks including firewalls, Secure Web Gateways, sandbox analysis, URL Reputation, and phishing detection.