Security News

The White House has ordered all federal government employees to delete TikTok from work devices, over fears the video-sharing app could be used to spy on Americans. TikTok has been downloaded by billions of people around the world, and is particularly popular among young people - but the US government believes that data could be shared with the Chinese government.

What's more dangerous than Chinese spy balloons? Unsafe software and other technology products, according to America's Cybersecurity and Infrastructure Agency Director Jen Easterly. "Government can work to advance legislation to prevent technology manufacturers from disclaiming liability by contract, establishing higher standards of care for software in specific critical infrastructure entities, and driving the development of a safe harbor framework to shield from liability companies that securely develop and maintain their software products and services," Easterly said.

The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a "Major" breach of its information security defenses allowed a ransomware infection and exfiltration of "Law-enforcement sensitive information". NBC broke news of the incident, which Marshals Service spokesperson Drew Wade described as having impacted a system that "Contains law enforcement sensitive information, including returns from legal process, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees."

Cyber attack risks faced by businesses across states and reported data breaches are relative to the respective state governments' cybersecurity investment, according to Network Assured. While expectedly, California, with its high concentration of businesses in technology and healthcare recorded the highest number of data breaches at 1,338, the relatively small state of Maryland ranked 5th worst in the nation with 343 breaches.

In brief A Russian national has been hit with a five-count indictment alleging he smuggled hardware and software used for counterintelligence operations out of the US to the Russian Federal Security Service and North Korea. He's being charged with conspiracy to defraud the US, conspiracy to violate the International Emergency Economic Powers Act, two counts of conspiracy to violate the Export Control Reform Act and smuggling.

A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire. Dariy Pankov, also known as "Dpxaker," created the NLBrute malware that cracked the Windows credentials of improperly secured Remote Desktop Protocol systems through the brute-force technique of throwing massive numbers of password guesses at them, according to the US Department of Justice.

A Russian malware developer accused of creating and selling the NLBrute password-cracking tool was extradited to the United States after being arrested in the Republic of Georgia last year on October 4. "The powerful malware was capable of compromising protected computers by decrypting login credentials, such as passwords," the Justice Department said in a press release on Wednesday.

The malware intermittently redirected random customer websites to malicious sites. Redirects are so common that if you hang around web developers at all, you'll hear them referring to them by their numeric HTTP codes, in much the same way that the rest of us talk about "Getting a 404" when we try to visit a page that no longer exists, simply because 404 is HTTP's Not Found error code.

Lawmakers in the European Parliament have urged the European Commission not to issue the "Adequacy decision" needed for the EU-US Data Privacy Framework to officially become the pipeline for data to freely flow from the EU to the States. European rules around privacy, data collection, and data subjects' rights are considerably stronger than those in America, hence the need for rules of engagement that make US companies' treatment of EU data as good as what they'd get at home.

A new attack campaign launched by an unknown threat actor targets the U.S. with two malware families: MortalKombat ransomware and Laplas Clipper. Figure A. Once executed, the loader downloads another ZIP file from a server belonging to the attackers' infrastructure, whose content might be MortalKombat ransomware or Laplas Clipper malware.