Security News

The United States' Federal Communications Commission has barred itself from authorizing the import or sale of Chinese telecoms and video surveillance products from Huawei, ZTE, Hytera Communications, Hikvision, and Dahua, on national security grounds. As it is not legal to offer such products in the US without FCC approval, the move is effectively a ban on the five vendors' products.

In its latest quarterly threat report, Meta said it had detected and disrupted influence operations originating in the US, and it calls out those it believes are responsible: the American military. Meta said it picked up on three major covert influence operations on its platforms in the third quarter of the year, the first of which originated in the United States.

Over the past year, we've had the unfortunate need to warn our readers not once, but twice, about a scam we've dubbed CryptoRom, a portmanteau word formed from the terms "Cryptocurrency" and "Romance scam". The "Romance" in a CryptoRom scam isn't tugging at your heart strings, but at your wallet strings.

Last month, the US Government Accountability Office released a nearly 100-page report about working dogs and the need for federal agencies to better safeguard their health and wellness. The GOA says that as of February the US federal government had approximately 5,100 working dogs, including detection dogs, across three federal agencies.

The US Government Accountability Office has warned that the time to act on securing the US's offshore oil and natural gas installations is now because they are under "Increasing" and "Significant risk" of cyberattack. A report to Congress looked at a network of "More than 1,600 offshore oil and gas facilities," which the federal watchdog pointed out produce a "Significant" amount of America's domestic oil and gas - and the operational technology tech that looks after and controls the physical equipment.

The U.S. Department of Justice has charged ten defendants for their alleged involvement in business email compromise schemes targeting numerous victims across the country, including U.S. federal funding programs like Medicare and Medicaid. "Unwittingly, five state Medicaid programs, two Medicare Administrative Contractors, and two private health insurers allegedly were deceived into making payments to the defendants and their co-conspirators instead of depositing the reimbursement payments into bank accounts belonging to the hospitals," DOJ said in a press release on Friday.

A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween. The kit uses multiple evasion detection techniques and incorporates several mechanisms to keep non-victims away from its phishing pages.

Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an alert posted Wednesday, the US cybersecurity agency said it detected the advanced persistent threat activity on an unnamed federal civilian executive branch organization's network in April. "CISA and the Federal Bureau of Investigation assess that the FCEB network was compromised by Iranian government-sponsored APT actors," according to the alert.

The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell remote code execution vulnerability. After deploying the cryptocurrency miner, the Iranian threat actors also set up reverse proxies on compromised servers to maintain persistence within the FCEB agency's network.

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.