Security News

Two Iranian hackers were indicted in the United States for allegedly engaging in numerous cyberattacks, some of them conducted on behalf of the government of Iran, the U.S. Department of Justice announced on Wednesday. The two, Hooman Heidarian, 30, and Mehdi Farhadi, 34, both of Hamedan, Iran, were charged with conspiracy to commit fraud and wire fraud, unauthorized access to protected computers, unauthorized damage to protected computers, access device fraud, and aggravated identity theft.

CrowdStrike has released an annual report that reviews intrusion trends during the first half of 2020 and provides insights into the current landscape of adversary tactics, which has been heavily impacted this year by the remote workforce environment of COVID-19. First half of 2020 hands-on-keyboard intrusion activity surpasses all of 2019.

Since January, the two longtime cybersecurity experts have looked at how cybercriminals, ransomware groups, and several nation state actors quickly became involved in coronavirus-themed attacks, leveraging fears about the virus to steal money and information from thousands of people. Cybercriminals have also expanded attacks to take advantage of the fact that most countries are under quarantine, forcing millions to now work from home.

The Russian hacking crew known variously as APT28, Fancy Bear and Pawn Storm has been targeting defence companies with Middle Eastern outposts, according to Trend Micro. A new report from the threat intel firm says that the Russian state-backed hacking outfit went on a spree of targeting defence firms in the Middle East back in May last year.

A threat actor - likely a state-sponsored cyberespionage group - has used a sophisticated technique to allow a piece of malware hosted on a server to communicate with command and control servers through a firewall. It's unclear exactly how the attackers planted the malware, but researchers believe they may have accessed the server through a dictionary attack on an exposed SSH port.

A Twitter API that's intended to help new account holders find people they may already know on Twitter has been abused by known and unknown actors to tie usernames to phone numbers and potentially de-anonymize certain users. "On December 24, 2019 we became aware that someone was using a large network of fake accounts to exploit our API and match usernames to phone numbers. We immediately suspended these accounts and are disclosing the details of our investigation to you today because we believe it's important that you are aware of what happened, and how we fixed it," Twitter shared on Monday.

Google’s Threat Analysis Group (TAG) this week shared some data on government-backed hacking and disinformation attempts targteting its customers. read more

State-sponsored groups take advantage of the lack of effective mobile malware solutions to target mobile users, according to a new report from BlackBerry.

After the UK’s National Cyber Security Centre (NCSC) issued an alert, the National Security Agency (NSA) in the United States has also warned organizations that multiple state-sponsored threat...

With growing concern over DNS manipulation attacks, details on a new elite state-sponsored DNS hijacking campaign have been released. Called operation Sea Turtle, researchers believe that at least...