Security News

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. StrelaStealer was first documented in November 2022 as a new information-stealing malware that steals email account credentials from Outlook and Thunderbird.

Crew may well be working under contract for Beijing Chinese spies exploited a couple of critical-severity bugs in F5 and ConnectWise equipment earlier this year to sell access to compromised US...

Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via "Nuanced" exploitation and by using an advanced detection evasion method. The phishing emails prompts recipients to download an attached Office Word file to view their "Monthly salary report".

While there are some 880 devices registered, "Only a few tens of distinct ELD models" have hit the road in commercial trucks. They used bench level testing systems for the demo, as well as additional testing on a moving 2014 Kenworth T270 Class 6 research truck equipped with a vulnerable ELD. "In our evaluation of ELD units procured from various resellers, we discovered that they are distributed with factory default firmware settings that present considerable security risks," the authors noted.

US government is urging state officials to band together to improve the cybersecurity of the country's water sector amid growing threats from foreign adversaries. The Environmental Protection Agency announced it is seeking to establish a Water Sector Cybersecurity Task Force to beef up current work to implement "Immediate" solutions to prevent one of the US's most critical services from disruption.

The Cyber Crime Center of the U.S. Department of Defense says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. The federal agency launched its Vulnerability Disclosure Program 7.5 years ago following a bug bounty event called 'Hack-the-Pentagon,' to engage crowd-sourced vulnerability reports that could help bolster its cyber defenses.

The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud. The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI's Internet Crime Complaint Center.

Fascinating analysis of the use of drones on a modern battlefield-that is, Ukraine-and the inability of the US Air Force to react to this change. The Air Force is planning to buy 1,763 of the aircraft, which will remain in service through the year 2070.

The U.S. Department of Justice is recovering $2.3 million worth of cryptocurrency linked to a "Pig butchering" fraud scheme that victimized at least 37 people across the United States. Pig butchering is a social engineering scam where fraudsters contact people on social media and messaging platforms to build trust.

Change Healthcare is being investigated over the alleged 6 TB data theft by the ALPHV ransomware group as it continues recovery efforts. The US Department of Health and Human Services Office for Civil Rights wrote to the healthcare IT company this week informing it that a formal inquiry into its data protection practices will soon begin.