Security News

In Part 1 of this two-part series, we discussed the concept of "Cyber distancing" for employees asked to work from home during the COVID-19 pandemic. While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in.

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets - including sports stars, musicians, and "Influencers" - that had money and personal data stolen. Last year unauthorised third parties took over the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, and former US president Barrack Obama.

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. SIM swap fraud allows scammers to take control of a target's phone number either via social engineering or by bribing mobile operator employees to port it to a SIM controlled by the fraudster.

A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. The nation's 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.

The FBI has discovered that the National Finance Center, a U.S. Department of Agriculture federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system. The decision follows concerns last month that as a result of the SolarWinds fiasco - in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools - the court system itself may have been hacked, making Highly Sensitive Documents accessible.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.

Threat actors are sending phishing emails impersonating a Small Business Administration lender to prey on US business owners who want to apply for a Paycheck Protection Program loan to keep their business going during the COVID-19 crisis. The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.

How he'll handle the logistics of the case could feel old school: Under new court rules, he'll have to print out any highly sensitive documents and hand-deliver them to the courthouse. The new rules for filing sensitive documents are one of the clearest ways the hack has affected the court system.

The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks. Earlier today, BleepingComputer reported that law enforcement in the U.S. and Bulgaria seized Netwalker sites on the dark web used for leaking data from non-paying victims and for negotiating payments for data decryption.