Security News

A cyberattack campaign that goes after aviation targets has been uncovered, which is spreading remote access trojan malware bent on cyber-espionage. Once installed, the RATs connect to a command-and-control server that's hosted on a dynamic hosting site to register with the attackers.

Cyber operatives affiliated with the Russian Foreign Intelligence Service have switched up their tactics in response to previous public disclosures of their attack methods, according to a new advisory jointly published by intelligence agencies from the U.K. and U.S. Friday. "SVR cyber operators appear to have reacted by changing their TTPs in an attempt to avoid further detection and remediation efforts by network defenders," the National Cyber Security Centre said.

Cybersecurity researchers have disclosed a new security vulnerability in Qualcomm's mobile station modems that could potentially allow an attacker to leverage the underlying Android operating system to slip malicious code into mobile phones, undetected. Designed since the 1990s, Qualcomm MSM chips allows mobile phones to connect to cellular networks and allow Android to take to the chip's processor via the Qualcomm MSM Interface, a proprietary protocol that enables the communication between the software components in the MSM and other peripheral subsystems on the device such as cameras and fingerprint scanners.

In 2019, a Chinese security researcher working with the internet security and antivirus company Qihoo 360 unveiled an intricately woven exploit: One that would allegedly let a remote attacker easily jailbreak an iPhone X iOS 12.1. Allegedly shows, a successful exploit would allow a remote attacker to jailbreak an iPhoneX, with the targeted user none the wiser, allowing the intruder to gain access to a victim's data, processing power and more.

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

Facebook said Wednesday it had disabled accounts used by the Palestinian Authority's internal intelligence organisation to spy on journalists, human rights activists and political opponents. In a report, the US social media giant also said it had identified and disabled "Politically motivated" espionage operations by a group believed to be based in Gaza and affiliated with Hamas, the Islamist rulers of the Palestinian enclave.

Conservative MP Tom Tugendhat has publicly claimed GCHQ sources told him Gmail was more secure than Parliament's own Microsoft Office 365 deployment - but both Parliament and a GCHQ offshoot have told him to stop being silly. "I was told by friends at GCHQ that I was better off sticking to Gmail rather than using the parliamentary system because it was more secure," Tugendhat told the BBC's Today Programme.

Israeli spy agencies accused Iran on Monday of using fake social media accounts to lure citizens of the Jewish state abroad "To harm or abduct them". The Israeli claim came hours after Iran accused its arch-enemy of orchestrating an attack on a key nuclear site and vowed "Revenge".

An advanced cyberespionage campaign targeting government and military entities in Vietnam has been discovered that delivered a remote-access tool for carrying out espionage operations, researchers said. Further analysis suggested that this campaign was conducted by a group related to a Chinese-speaking advanced persistent threat known as Cycldek, according to Kaspersky researchers, who added that the group has been active since at least 2013.

Facebook has taken on a group of hackers in China that target the Uyghur ethnic group with cyberespionage activity. The hacking group, known as Earth Empusa or Evil Eye, was targeting activists, dissidents and journalists involved in the Uyghur community, primarily those living abroad in Australia, Canada, Kazakhstan, Syria, Turkey and the United States, among other countries, by using fake Facebook accounts for fictitious people sympathetic to the Uyghur community.