Security News

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used by agriculture officials to track the health and density of the nation's livestock, as well as the Log4j flaw, to break into American local government systems.

Beijing's spies compromised government computer networks in six US states by exploiting, among other flaws, a vulnerability in a cattle-counting system, according to Mandiant. Mandiant said APT41 aka Double Dragon, one of China's more aggressive intrusion crews, exploited a zero-day vulnerability in a web app called USAHerds, used for tracking the health and density of the nation's livestock, as well as the Log4j flaw, to break into American public-sector systems.

Google's Threat Analysis Group has warned multiple Gmail users that they were targeted in phishing attacks conducted by a Chinese-backed hacking group tracked as APT31. "In February, we detected an APT31 phishing campaign targeting high profile Gmail users affiliated with the U.S. government," Google Threat Analysis Group's Director Shane Huntley revealed today.

Security vendors pledge free protection for US hospitals and utilities amid fear of Russian cyberattacks. With that in mind, three security companies are offering their products for free to US hospitals and utilities.

The US Federal Bureau of Investigation says the Ragnar Locker ransomware gang has breached the networks of at least 52 organizations from multiple US critical infrastructure sectors. "As of January 2022, the FBI has identified at least 52 entities across 10 critical infrastructure sectors affected by RagnarLocker ransomware, including entities in the critical manufacturing, energy, financial services, government, and information technology sectors," the federal law enforcement agency said [PDF].

Reports that ByteDance-owned social media platform TikTok is harmful to children are under investigation by a number of US attorneys general. "Our children are growing up in the age of social media - and many feel like they need to measure up to the filtered versions of reality that they see on their screens," said California attorney general Rob Bonta.

What is Schrems II? Schrems, a former law student, brought the latest edition of the long-running case in 2015, complaining that Ireland's data protection agency still wasn't preventing Facebook Ireland Ltd from beaming his data to the US under Privacy Shield. In July 2020, the EU Court of Justice struck down the so-called Privacy Shield data protection arrangements between the political bloc and the US, triggering a fresh wave of legal confusion over the transfer of EU subjects' data to America.

As big tech companies from the West swiftly and happily comply with new rules that prohibit interactions with Russia, Chinese companies will soon feel pressure to do likewise - and counter-pressure to resist such calls. In early February, Russia and China re-affirmed their relationship as having "No limits" and essentially declared they are best friends forever.

The TeaBot banking trojan was spotted once again in Google Play Store where it posed as a QR code app and spread to more than 10,000 devices. The trojanized apps include the promised functionality, so user reviews on the Play Store are positive.

US and UK cybersecurity and law enforcement agencies today shared information on new malware deployed by the Iranian-backed MuddyWatter hacking group in attacks targeting critical infrastructure worldwide. MuddyWater is "Targeting a range of government and private-sector organizations across sectors-including telecommunications, defense, local government, and oil and natural gas-in Asia, Africa, Europe, and North America," the two governments said.