Security News

A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. The discovery comes from researchers at Cisco Talos who observed two different phishing lures, both targeting job seekers and leading to the deployment of Cobalt Strike.

Security researchers have warned a zero-day flaw in Microsoft's Exchange server is being actively exploited. A second flaw, ZDI-CAN-18802, is rated 6.3/10. "Details of the flaws are scanty, with GTSC's post detailing its observations of webshells with Chinese characteristics being dropped onto Exchange servers. Those webshells then"injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through the Windows Management Instrumentation Command line.

Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. According to its report of the takedowns, the Chinese operation targeting US audiences attempted to reach both sides of the aisle, but was largely unsuccessful.

Account takeover attacks on the rise, impacting almost 25% of people in the US. Account takeover attacks can devastate individuals and organizations alike. In a report released Thursday, fraud management company SEON looks at the rise in account takeovers and offers advice to businesses and consumers on how to protect their accounts.

Sophos Security SOS Week is back by popular demand, from 26-29 September 2022! Four top security experts are once again stepping up to share their expertise in a series of daily 30-minute interviews.

The US government will award $1 billion in grants to help state, local, and territorial governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats. SLT governments face many challenges when it comes to defending against cyber threats, but one of the main ones is the lack of resources.

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine. CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an "Ongoing hack" affecting its decentralized finance operations, while its centralized finance and over-the-counter trading operations were unaffected.

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from "As many as" 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because "Courts have long granted an exception to border authorities, allowing them to search people's devices without a warrant or suspicion of a crime."

The Biden-nominated chief of space operations for the USA's Space Force rates China his greatest challenge, as the Middle Kingdom has developed technologies to destroy space assets. "The most immediate threat, in my opinion, is the pace with which our strategic challengers - first and foremost the Chinese - are aggressively pursuing capabilities that can disrupt, degrade and ultimately even destroy our satellite capabilities and disrupt our ground infrastructure," Space Force Lieutenant General B. Chance Saltzman said during a nomination hearing before the Senate Armed Services Committee earlier this week.

The Office of Management and Budget has issued a memo requiring US federal government agencies to use software that has been built according to secure software development practices and whose developers follow practices for software supply chain security, as specified by the National Institute of Standards and Technology. "Agencies are required to obtain a self-attestation from the software producer before using the software," the memo says, and "If the software producer cannot attest to one or more practices from the NIST Guidance identified in the standard self-attestation form, the requesting agency shall require the software producer to identify those practices to which they cannot attest, document practices they have in place to mitigate those risks, and require a Plan of Action & Milestones to be developed."