Security News

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.

The U.S. Department of Health and Human Services warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center, HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.

Titania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government. The study, "The impact of exploitable misconfigurations on the security of agencies' networks and current approaches to mitigating risks in the US Federal Government", finds that network professionals report that they are meeting their security and compliance practices, but data suggest that risk remains elevated.

Experian and T-Mobile have reached separate settlements with 40 US states following a pair of data breaches in 2012 and 2015. Experian will be bearing the largest brunt of the fine, with $14 million coming from the credit reporting company.

Misinformation related to tomorrow's US midterm elections hasn't slowed, according to security researchers. This includes more misleading election ads on Google, as well "Alternate facts" about voting systems manufacturers, all of which aims to cast doubt on election results, according to two reports published today.

The US Treasury Department has thwarted a distributed denial of service attack that officials attributed to Russian hacktivist group Killnet. According to Reuters, which first reported on the US Treasury incident, the Killnet DDoS flood didn't have any operational impact on the agency and it happened a couple days before the Russians turned their attention to JPMorgan Chase.

Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents. The figures come from the most recent Financial Trend Analysis report [PDF] on ransomware from the US Treasury's Financial Crimes Enforcement Network covering Bank Secrecy Act filings for 2021.

Attempts to reorganize supply chains to cut out China and foil its attempts to build a high-tech chip industry will be costly and may simply cause the Middle Kingdom to redouble its efforts, says memory maker Kioxia. Flores said China would likely retaliate against the recently announced US export controls by ramping up domestic investment in NAND as a long-term solution to its chip supply issues.

As cyberattacks have grown increasingly destructive, nations are entertaining the idea of responding to them with conventional military forces. The seriousness of a cyberattack classified as an "Armed attack" against a NATO member cannot be overstated.

Only a "Handful" of US states have stopped buying Chinese technologies deemed by the government to pose security threats, according to a report from a Washington policy research group. The Georgetown University think tank paper, published this week, says that "Thousands" of public officials are still purchasing prohibited tech from "Huawei, ZTE, and other Chinese companies" and that most state and local governments simply haven't bought into existing federal actions by making any changes to their procurement policies.