Security News

President Joe Biden's administration has asked a US federal court to pause proceedings aimed at banning TikTok to allow for a fresh review of the national security threat from the popular Chinese-owned video app. The Trump administration move to ban downloads of TikTok and its presence on online networks had been stalled amid legal challenges.

Image: USCG. The U.S. Coast Guard has ordered MTSA-regulated facilities and vessels using SolarWinds software for critical functions to report security breaches in case of suspicions of being affected by the SolarWinds supply-chain attack. "Reporting malicious cyber activity enhances maritime domain awareness and allows us all to be better postured to prevent and respond to cyber incidents that could disrupt commerce or jeopardize national security."

In Part 1 of this two-part series, we discussed the concept of "Cyber distancing" for employees asked to work from home during the COVID-19 pandemic. While working from home or even while at work for that matter, follow these steps to avoid behaviors that may let the bad guy in.

Brit cops have cuffed eight men in England and Scotland amid a probe into SIM-swapping attacks on high-profile US targets - including sports stars, musicians, and "Influencers" - that had money and personal data stolen. Last year unauthorised third parties took over the Twitter accounts of 130 celebrities including Elon Musk, Bill Gates, and former US president Barrack Obama.

Ten men part of a criminal gang involved in series of SIM swapping attacks targeting high-profile victims in the United States were arrested in the UK, Malta, and Belgium. SIM swap fraud allows scammers to take control of a target's phone number either via social engineering or by bribing mobile operator employees to port it to a SIM controlled by the fraudster.

A hacker's botched attempt to poison the water supply of a small Florida city is raising alarms about just how vulnerable the nation's water systems may be to attacks by more sophisticated intruders. The nation's 151,000 public water systems lack the financial fortification of the corporate owners of nuclear power plants and electrical utilities.

The FBI has discovered that the National Finance Center, a U.S. Department of Agriculture federal payroll agency, was compromised by exploiting a SolarWinds Orion software flaw, according to a Reuters report. NFC provides human resources and payroll services to roughly 170 federal agencies and over 650,000 federal employees since 1973.

The US court system has banned the electronic submission of legal documents in sensitive cases out of concern that Russian hackers have compromised the filing system. The decision follows concerns last month that as a result of the SolarWinds fiasco - in which suspected Kremlin spies gained access to the networks of multiple US government departments via backdoored IT tools - the court system itself may have been hacked, making Highly Sensitive Documents accessible.

The U.S. Federal Trade Commission said today that the number of identity theft reports has doubled during 2020 when compared to 2019, reaching a record 1.4 million reports within a single year. "2020's biggest surge in identity theft reports to the FTC related to the nationwide dip in employment," the FTC said.

Threat actors are sending phishing emails impersonating a Small Business Administration lender to prey on US business owners who want to apply for a Paycheck Protection Program loan to keep their business going during the COVID-19 crisis. The attackers behind this phishing campaign are taking advantage of the ongoing financial problems some businesses are experiencing due to the pandemic to lure them into handing over sensitive business and personal info.