Security News

A sophisticated phishing kit has been targeting North Americans since mid-September, using lures focused on holidays like Labor Day and Halloween. The kit uses multiple evasion detection techniques and incorporates several mechanisms to keep non-victims away from its phishing pages.

Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an alert posted Wednesday, the US cybersecurity agency said it detected the advanced persistent threat activity on an unnamed federal civilian executive branch organization's network in April. "CISA and the Federal Bureau of Investigation assess that the FCEB network was compromised by Iranian government-sponsored APT actors," according to the alert.

The attackers compromised the federal network after hacking into an unpatched VMware Horizon server using an exploit targeting the Log4Shell remote code execution vulnerability. After deploying the cryptocurrency miner, the Iranian threat actors also set up reverse proxies on compromised servers to maintain persistence within the FCEB agency's network.

US government agencies including the Army and Centers for Disease Control and Prevention pulled apps running Pushwoosh code after learning the software company - which presents itself as American - is actually Russian, according to Reuters. Pushwoosh is a software company that provides code and data analysis for developers so they can automate custom push notifications based on smartphone users' online activity.

The U.S. Department of Health and Human Services warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center, HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.

Titania launched an independent research report that uncovers the impact of exploitable misconfigurations on the security of networks in the US federal government. The study, "The impact of exploitable misconfigurations on the security of agencies' networks and current approaches to mitigating risks in the US Federal Government", finds that network professionals report that they are meeting their security and compliance practices, but data suggest that risk remains elevated.

Experian and T-Mobile have reached separate settlements with 40 US states following a pair of data breaches in 2012 and 2015. Experian will be bearing the largest brunt of the fine, with $14 million coming from the credit reporting company.

Misinformation related to tomorrow's US midterm elections hasn't slowed, according to security researchers. This includes more misleading election ads on Google, as well "Alternate facts" about voting systems manufacturers, all of which aims to cast doubt on election results, according to two reports published today.

The US Treasury Department has thwarted a distributed denial of service attack that officials attributed to Russian hacktivist group Killnet. According to Reuters, which first reported on the US Treasury incident, the Killnet DDoS flood didn't have any operational impact on the agency and it happened a couple days before the Russians turned their attention to JPMorgan Chase.

Banks in the US paid out nearly $1.2 billion in 2021 as a result of ransomware attacks, a marked rise over the year before though it may simply be due to more financial institutions being asked to report incidents. The figures come from the most recent Financial Trend Analysis report [PDF] on ransomware from the US Treasury's Financial Crimes Enforcement Network covering Bank Secrecy Act filings for 2021.