Security News

Two competing bills to reauthorize America's FISA Section 702 spying powers advanced in the House of Representatives committees this week, setting up Congress for a battle over warrantless surveillance before the law lapses in the New Year. The bipartisan bill reauthorizes Section 702 of the Foreign Intelligence Surveillance Act for three years with reforms including requiring all US intelligence agencies to obtain a warrant before conducting a US person query.

As Cyber Solidarity Act edges closer to full adoption in Europe The US Cybersecurity and Infrastructure Security Agency (CISA) has signed a working arrangement with its EU counterparts to increase...

Australia is building a top-secret cloud to host intelligence data and share it with the US and UK, which have their own clouds built for the same purpose. The three clouds were discussed on Monday by Andrew Shearer, Australia's director-general of national intelligence, at an event hosted by the Center for Strategic & International Studies in Washington, DC. "We are working very hard on a top-secret cloud initiative," Shearer told the event, adding that it will interoperate with similar infrastructure already operated by the US and UK, and mean sensitive data can be shared "Near instantaneously."

A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers. Data collection through this method helps link devices to Apple or Google accounts and may also allow access to unencrypted notification content, including text displayed on the receiving smartphone.

Fancy Bear, the Kremlin's cyber-spy crew, has been exploiting two previously patched bugs for large-scale phishing campaigns against high-value targets - like government, defense, and aerospace agencies in the US and Europe - since March, according to Microsoft. The US and UK governments have linked this state-sponsored gang to Russia's military intelligence agency, the GRU. Its latest phishing expeditions look to exploit CVE-2023-23397, a Microsoft Outlook elevation of privilege flaw, and CVE-2023-38831, a WinRAR remote code execution flaw that allows arbitrary code execution.

The U.S. Cybersecurity and Infrastructure Security Agency is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers. The security issue allows executing arbitrary code on servers running Adobe ColdFusion 2018 Update 15 and older, and 2021 Update 5 and earlier.

Iran-linked cyber thugs have exploited Israeli-made programmable logic controllers used in "Multiple" water systems and other operational technology environments at facilities across the US, according to multiple law enforcement agencies. The gang did not need sophisticated tactics to run this attack: the joint advisory suggests Cyberav3ngers likely broke into US-based water facilities by using default passwords for internet-accessible PLCs. The alert was issued just days after CISA said it was investigating a cyberattack against a Pennsylvania water authority by the IRGC-backed crew, which forced operators to switch a pumping station to manual control.

Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers, US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs. CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series PLC at a water system facility in Pennsylvania, and urged other water authorities to promptly secure their Unitronics PLCs. The agency has advised them to change the default password and port used by the PLC, disconnect it from the open internet or secure remote access by using firewall, VPN and multi-factor authentication, create configuration backups, and update the PLC/HMI to the latest available version.

The U.S. Department of Health and Human Services warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks. "The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health sector. This alert contains information on attack detection and mitigation of the vulnerability," HC3 warned.

A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The Register it is fire-fighting the situation with the credit unions downed this week by the intrusion.