Security News

UPDATE. Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 pandemic. The troubling trend prompted federal law enforcement and health officials, on Wednesday, to sound the alarm and issue a dire warning of more attacks to come.

The North Korean advanced persistent threat group known as Kimsuky is actively attacking commercial-sector businesses, often by posing as South Korean reporters, according to an alert from the U.S. Cybersecurity and Infrastructure Security Agency. Kimsuky has been operating as a cyberespionage group since 2012 under the auspices of the regime in Pyongyang.

Federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to "Vote for Trump or else." The campaigns claimed to be from violent extremist group Proud Boys. Two specific email campaigns - one on Tuesday Oct. 20 and one on Wednesday, Oct. 21 - threatened Democratic voters in Alaska, Arizona and Florida that attackers accessed "All of your information." They warned that there would be dire repercussions if voters didn't cast their ballot for President Trump in the upcoming election, according to a Wednesday Proofpoint report.

A dramatic uptick in Emotet phishing attacks since July has led the U.S. Cybersecurity and Infrastructure Security Agency to issue a warning that state and local governments need to fortify their systems against the trojan. "This increase has rendered Emotet one of the most prevalent ongoing threats," the CISA alert, issued Tuesday, read. The alarm comes at a time when municipalities are already strained, juggling the concurrent crises of the COVID-19 pandemic, widespread social unrest and a caustic election season.

Foreign-backed disinformation campaigns will spread fake news about the results of the upcoming US election in an effort to sow doubt and outrage among the American public. The two agencies believe that in the immediate aftermath of the presidential election on November 3, Americans will be bombarded with false stories about the vote tally, reports of voter fraud, and other issues that would stoke division as the country awaits official election results - a process that could take weeks.

A federal agency has suffered a successful espionage-related cyberattack that led to a backdoor and multistage malware being dropped on its network. "The cyber-threat actor had valid access credentials for multiple users' Microsoft Office 365 accounts and domain administrator accounts," according to CISA. "First, the threat actor logged into a user's O365 account from Internet Protocol address 91.219.236[.]166 and then browsed pages on a SharePoint site and downloaded a file. The cyber-threat actor connected multiple times by Transmission Control Protocol from IP address 185.86.151[.]223 to the victim organization's virtual private network server."

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses. In a joint statement, the FBI and Homeland Security's Cybersecurity and Infrastructure Security Agency on Monday claimed Beijing's miscreants have exploited or attempted to exploit bugs including those in Microsoft Exchange Server, the F5 Big-IP remote takeover vulnerability, Pulse Secure's VPN's remote code flaw and the Citrix VPN directory traversal hole.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

The operation converted its sales into crypto-coins that were sent to ISIS. Uncle Sam said the seized coins will be sent to a fund established for the victims of terrorist attacks. The team at Trend Micro has spotted something you don't see every day: malware for macOS exploiting zero-days.

Known as BlueLeaks, the info trove consists mostly of crime intelligence material uploaded to what are known as fusion centers. Created in the aftermath of the September 11 terror attacks, serve as a way for state and county cops to share information with one another and with the FBI and US Homeland security.