Security News

A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency to issue a warning that state and local governments need to fortify their systems against the trojan. "This increase has rendered Emotet one of the most prevalent ongoing threats," the CISA alert, issued Tuesday, read. The alarm comes at a time when municipalities are already strained, juggling the concurrent crises of the COVID-19 pandemic, widespread social unrest and a caustic election season.

Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks.

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. "The cyber-threat actor had valid access credentials for multiple users' Microsoft Office 365 accounts and domain administrator accounts," according to CISA. "First, the threat actor logged into a user's O365 account from Internet Protocol address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file. The cyber-threat actor connected multiple times by Transmission Control Protocol from IP address 185.86.151[.]223 to the victim organization's virtual private network server."

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

The operation converted its sales into crypto-coins that were sent to ISIS. Uncle Sam said the seized coins will be sent to a fund established for the victims of terrorist attacks. The team at Trend Micro has spotted something you don't see every day: malware for macOS exploiting zero-days.

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.

US federal authorities said they had arrested Justin Sean Johnson in Detroit, Michigan, on charges associated with the 2014 hacking of a human resources database at the University of Pittsburgh Medical Center and thrown the book at him. In a 43-count indictment returned last month and just unsealed [PDF], Johnson is charged with multiple counts of conspiracy, wire fraud, and aggravated identity theft for his alleged role in the theft of personal information associated with 65,000 employees from the medical center's PeopleSoft system.

The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The tools included in the documentation allow Hidden Cobra to perform nefarious tasks such as remotely take over systems and steal information as well as install spyware on targeted systems to perform espionage activities.

On Sunday, the US Department of Justice announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion and widespread fear surrounding COVID-19 - by promising to ship coronavirus vaccine kits that don't actually exist. There are currently no legitimate COVID-19 vaccines and the WHO is not distributing any such vaccine.