Security News
A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. "The cyber-threat actor had valid access credentials for multiple users' Microsoft Office 365 accounts and domain administrator accounts," according to CISA. "First, the threat actor logged into a user's O365 account from Internet Protocol address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file. The cyber-threat actor connected multiple times by Transmission Control Protocol from IP address 185.86.151[.]223 to the victim organization's virtual private network server."
The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.
Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.
The operation converted its sales into crypto-coins that were sent to ISIS. Uncle Sam said the seized coins will be sent to a fund established for the victims of terrorist attacks. The team at Trend Micro has spotted something you don't see every day: malware for macOS exploiting zero-days.
Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.
US federal authorities said they had arrested Justin Sean Johnson in Detroit, Michigan, on charges associated with the 2014 hacking of a human resources database at the University of Pittsburgh Medical Center and thrown the book at him. In a 43-count indictment returned last month and just unsealed [PDF], Johnson is charged with multiple counts of conspiracy, wire fraud, and aggravated identity theft for his alleged role in the theft of personal information associated with 65,000 employees from the medical center's PeopleSoft system.
The U.S. Department of Homeland Security and Federal Bureau of Investigation have exposed what they say are hacking tools used by the North Korean-sponsored APT group Hidden Cobra. The tools included in the documentation allow Hidden Cobra to perform nefarious tasks such as remotely take over systems and steal information as well as install spyware on targeted systems to perform espionage activities.
On Sunday, the US Department of Justice announced that it shut down what it called a wire fraud scheme being carried out by the operators of a site in order to squeeze profit from the confusion and widespread fear surrounding COVID-19 - by promising to ship coronavirus vaccine kits that don't actually exist. There are currently no legitimate COVID-19 vaccines and the WHO is not distributing any such vaccine.
More than a quarter century after its introduction, the failed rollout of hardware deliberately backdoored by the NSA is still having an impact on the modern encryption debate. Known as Clipper, the encryption chipset developed and championed by the US government only lasted a few years, from 1993 to 1996.
The feds and international law enforcement have taken down a website that was selling access to billions of stolen personal records. The records contained the usual cybercrime goodies: Names, email addresses, usernames, phone numbers and passwords for online accounts, according to the DoJ. However, it's self-description on Twitter gives a more altruistic spin on its wares, framing itself as a HaveIBeenPwnd-like service: "Have your passwords been compromised? Find out by searching through over 12 billion records and 10,000 data breaches."