Security News

The FBI and Cybersecurity and Infrastructure Security Agency claim any foreign interference in the 2022 US midterm elections is unlikely to disrupt or prevent voting, compromise ballot integrity or manipulate votes at scale. Despite popular narratives in some political circles that the 2020 election was insecure and fraudulent, there hasn't been any evidence to suggest that, the FBI and CISA said in the PSA. The agencies also took the time to explain how US election systems are secured using "a variety of technological, physical, and procedural controls to mitigate the likelihood of malicious cyber activity" that could affect "Election infrastructure systems or data that would alter votes or otherwise disrupt or prevent voting."

Spies for months hid inside a US military contractor's enterprise network and stole sensitive data, according to a joint alert from the US government's Cybersecurity and Infrastructure Security Agency, the FBI, and NSA. The intruders somehow broke into the defense org's Microsoft Exchange Server - the Feds still aren't sure how - and rummaged through mailboxes for hours and used a compromised admin account to query Exchange via its EWS API. The snoops also ran Windows commands to learn more about the IT setup and gathered up files into archives using WinRAR. Interestingly, the cyberattackers also used the open source network toolkit Impacket to remote-control machines on the network and move laterally. It seems someone eventually realized something was up because from November 2021 to January 2022, CISA and a "Trusted third-party" security company were called in to check over the contractor's enterprise network in an incident response.

One of the largest nonprofit health systems in the United States, says it took down some of its IT systems because of a security incident that has impacted multiple facilities. The US health system operates 140 hospitals and more than 1,000 care sites in 21 states, and its team of roughly 150,000 employees and 20,000 physicians provides health services to more than 21 million patients.

The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The U.S. Government today released an alert about state-backed hackers using a custom 'CovalentStealer' malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense. DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims' list, along with sharing a screenshot allegedly of ALPHV's blog notifying NJVC that it had stolen data during its intrusion.

A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. The discovery comes from researchers at Cisco Talos who observed two different phishing lures, both targeting job seekers and leading to the deployment of Cobalt Strike.

Security researchers have warned a zero-day flaw in Microsoft's Exchange server is being actively exploited. A second flaw, ZDI-CAN-18802, is rated 6.3/10. "Details of the flaws are scanty, with GTSC's post detailing its observations of webshells with Chinese characteristics being dropped onto Exchange servers. Those webshells then"injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through the Windows Management Instrumentation Command line.

Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. According to its report of the takedowns, the Chinese operation targeting US audiences attempted to reach both sides of the aisle, but was largely unsuccessful.

Account takeover attacks on the rise, impacting almost 25% of people in the US. Account takeover attacks can devastate individuals and organizations alike. In a report released Thursday, fraud management company SEON looks at the rise in account takeovers and offers advice to businesses and consumers on how to protect their accounts.