Security News

A threat actor operating with interests aligned with North Korea has been deploying a malicious extension on Chromium-based web browsers that's capable of stealing email content from Gmail and AOL. Cybersecurity firm Volexity attributed the malware to an activity cluster it calls SharpTongue, which is said to share overlaps with an adversarial collective publicly referred to under the name Kimsuky. SharpTongue has a history of singling out individuals working for organizations in the U.S., Europe, and South Korea who "Work on topics involving North Korea, nuclear issues, weapons systems, and other matters of strategic interest to North Korea," researchers Paul Rascagneres and Thomas Lancaster said.

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners.

A never-before-seen remote access trojan dubbed ZuoRAT has been singling out small office/home office routers as part of a sophisticated campaign targeting North American and European networks. The malware "Grants the actor the ability to pivot into the local network and gain access to additional systems on the LAN by hijacking network communications to maintain an undetected foothold," researchers from Lumen Black Lotus Labs said in a report shared with The Hacker News.

The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices. Last month, we reported on a new data extortion marketplace called Industrial Spy that allowed threat actors, and possibly even business competitors, to purchase data stolen from companies.

Screencastify, a popular Chrome extension for capturing and sharing videos from websites, was recently found to be vulnerable to a cross-site scripting flaw that allowed arbitrary websites to dupe people into unknowingly activating their webcams. Palant contends the browser extension continues to pose a risk because the code trusts multiple partner subdomains, and an XSS flaw on any one of those sites could potentially be misused to attack Screencastify users.

Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, as well as offering free stolen data to its members. While stolen data marketplaces are not new, instead of extorting companies and scaring them with GDPR fines, Industrial Spy promotes itself as a marketplace where businesses can purchase their competitors' data to gain access to trade secrets, manufacturing diagrams, accounting reports, and client databases.

A privacy rights org this week lost an appeal [PDF] in a case about the sharing of Bulk Personal Datasets by MI5, MI6, and GCHQ with foreign intelligence agencies. The decision means a contested part of a 2018 ruling by the IPT will stand: that safeguards and rules around data collection between 2015 to 2017 by the state agencies meant that sharing that data was legal - "Compatible with article 8 of the European Convention of Human Rights."

The director of UK intelligence agency Government Communications Headquarters, Sir Jeremy Fleming, has warned that China is trying to introduce "Undemocratic values as the default for vast swathes of future tech and the standards that govern it." China believes Russia will support its digital markets and technology plans.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used by agriculture officials to track the health and density of the nation's livestock, as well as the Log4j flaw, to break into American local government systems.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used for tracking the health and density of the nation's livestock, as well as the Log4j flaw, to break into American public-sector systems.