Security News

The Russia-linked cyber-espionage group known as Turla was recently observed targeting a European government organization with a combination of backdoors, security researchers at Accenture reveal. In a recent attack on such an organization in Europe, Turla was observed employing a combination of remote procedure call-based backdoors, including the HyperStack backdoor, and Kazuar and Carbon remote administration Trojans.

It's said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden's efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

Encryption is vital to protecting people's use of data, it says, alongside human rights activists in repressive regimes, journalists researching corruption, and all those good things. You cannot make an encryption system insecure without making it insecure.

A cyberespionage group known as BAHAMUT has been linked to a "Staggering" number of ongoing attacks against government officials and private-sector VIPs in the Middle East and South Asia, while also engaging in wide-ranging disinformation campaigns. "The group took over the domain of what was originally an information security news website and began pushing out content focused on geopolitics, research, industry news about other hack-for-hire groups," according to the report - along with news about exploit brokers like the NSO Group.

The miscreants also managed to access the Twitter Direct Messages in 36 accounts, and to download Twitter account data for seven accounts. "Increasingly we rely on platforms like Twitter to receive news and other information that is important to our lives," said US Attorney for the Northern District of California David Anderson in the video statement below.

The Kremlin-backed APT29 crew, also known by a variety of other names such as Cozy Bear, Iron Hemlock, or The Dukes, depending on which threat intel company you're talking to that week, is believed by most reputable analysts to be a wholly owned subsidiary of the FSB, modern-day successor to the infamous Soviet KGB. NCSC ops director Paul Chichester said in a statement: "We condemn these despicable attacks against those doing vital work to combat the coronavirus pandemic." Foreign Secretary Dominic Raab added: "It is completely unacceptable that the Russian Intelligence Services are targeting those working to combat the coronavirus pandemic. While others pursue their selfish interests with reckless behaviour, the UK and its allies are getting on with the hard work of finding a vaccine and protecting global health."

You might not believe it, but it's possible to spy on secret conversations happening in a room from a nearby remote location just by observing a light bulb hanging in there-visible from a window-and measuring the amount of light it emits. A team of cybersecurity researchers has developed and demonstrated a novel side-channel attacking technique that can be applied by eavesdroppers to recover full sound from a victim's room that contains an overhead hanging bulb.

A beer and pub-rating app built off the back of Foursquare's location-tracking API poses a risk to the security of military and intelligence personnel, according to legendary OSINT website Bellingcat. Untappd 'has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world,' wrote Bellingcat's Foeke Postma in a fascinating guide to using the app for tracking down people of interest.

A beer and pub-rating app built off the back of Foursquare's location-tracking API poses a risk to the security of military and intelligence personnel, according to legendary OSINT website Bellingcat. Untappd 'has over eight million mostly European and North American users, and its features allow researchers to uncover sensitive information about said users at military and intelligence locations around the world,' wrote Bellingcat's Foeke Postma in a fascinating guide to using the app for tracking down people of interest.

Germany's foreign intelligence service violated the constitution by spying on internet data from foreigners abroad, the nation's top court ruled Tuesday in a victory for overseas journalists who brought the case. The BND agency's surveillance violates "The fundamental right to privacy of telecommunications" and freedom of the press, judges at the Constitutional Court in Karlsruhe said in their verdict.