Security News

Two Belarusian nationals were arrested earlier this month in Poland on the suspicion they engaged in multiple ATM jackpotting attacks. The two are believed to have committed dozens of ATM jackpotting attacks in several European countries, stealing an estimated €230,000 in cash.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a "Naming-and-shaming" approach - but researchers aren't convinced the efforts will come to much in terms of deterring future activity. The U.S. Cybersecurity and Infrastructure Agency, the Federal Bureau of Investigation and the National Security Administration released multiple advisories providing details about cybersecurity threats from the Chinese government, and announced the indictments of four Chinese nationals alleged to have been operating on behalf of the Chinese Hanian State Security Department.

Security researchers investigating a bug that crashed the Wifi service on iPhones found that it could be exploited for remote code execution without user interaction. When initially disclosed, the bug could disable an iPhone's WiFi connection after trying to connect to a network with a name that included a special character.

Today, the US Department of Justice indicted four members of the Chinese state-sponsored hacking group known as APT40 for hacking various companies, universities, and government entities in the US and worldwide between 2011 and 2018. Wu Shurong, the fourth Chinese national indicted today by the DOJ, was hired through Hainan Xiandun to create malware, hack into foreign governments' computer systems, companies, and universities to steal trade secrets, intellectual property, and other high-value information, as well as to supervise other Hainan Xiandun hackers.

Masquerading as UK scholars with the University of London's School of Oriental and African Studies, the threat actor TA453 has been covertly approaching individuals since at least January 2021 to solicit sensitive information. The threat actor, an APT who we assess with high confidence supports Islamic Revolutionary Guard Corps intelligence collection efforts, established backstopping for their credential phishing infrastructure by compromising a legitimate site of a highly regarded academic institution to deliver personalized credential harvesting pages disguised as registration links.

In part, MFA was intended to thwart a range of compromises that include phishing, spear phishing, credential stealing, and man-in-the-middle attacks. Protecting remote workers from sophisticated phishing attacks requires a toolbox that extends beyond MFA and covers several attack vectors.

In this week's Oh! No! story, a server room fills with toxic fumes. Download the IBM 3270 retrofont that Duck admired in the podcast.

Top US officials met at the White House on stopping ransomware Wednesday, as pressure mounted on President Joe Biden to take action against Russia over cyberattacks. Biden told reporters he would "Deliver" his own message to Russian President Vladimir Putin on the issue, without offering any details.

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S. The National Security Agency, Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and the U.K.'s National Cyber Security Centre formally attributed the incursions to the Russian General Staff Main Intelligence Directorate 85th Main Special Service Center. "The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said.