Security News

The U.S. Government today released an alert about state-backed hackers using a custom 'CovalentStealer' malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base sector. The hackers combined custom malware called CovalentStealer, the open-source Impacket collection of Python classes, the HyperBro remote access trojan, and well over a dozen ChinaChopper webshell samples.

The BlackCat ransomware gang, also known as ALPHV, has allegedly broken into IT firm NJVC, a provider of services to civilian US government agencies and the Department of Defense. DarkFeed, which monitors the dark web for ransomware intelligence, tweeted this week that BlackCat had added NJVC to its victims' list, along with sharing a screenshot allegedly of ALPHV's blog notifying NJVC that it had stolen data during its intrusion.

A new phishing campaign targets US and New Zealand job seekers with malicious documents installing Cobalt Strike beacons for remote access to victims' devices. The discovery comes from researchers at Cisco Talos who observed two different phishing lures, both targeting job seekers and leading to the deployment of Cobalt Strike.

Security researchers have warned a zero-day flaw in Microsoft's Exchange server is being actively exploited. A second flaw, ZDI-CAN-18802, is rated 6.3/10. "Details of the flaws are scanty, with GTSC's post detailing its observations of webshells with Chinese characteristics being dropped onto Exchange servers. Those webshells then"injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through the Windows Management Instrumentation Command line.

Meta says it has disrupted a misinformation network targeting US politics ahead of the 2022 midterm elections and one that sought to influence public opinion in Europe about the conflict in Ukraine. According to its report of the takedowns, the Chinese operation targeting US audiences attempted to reach both sides of the aisle, but was largely unsuccessful.

Account takeover attacks on the rise, impacting almost 25% of people in the US. Account takeover attacks can devastate individuals and organizations alike. In a report released Thursday, fraud management company SEON looks at the rise in account takeovers and offers advice to businesses and consumers on how to protect their accounts.

Sophos Security SOS Week is back by popular demand, from 26-29 September 2022! Four top security experts are once again stepping up to share their expertise in a series of daily 30-minute interviews.

The US government will award $1 billion in grants to help state, local, and territorial governments address cybersecurity risks, strengthen the cybersecurity of their critical infrastructure, and ensure cyber resilience against persistent cyber threats. SLT governments face many challenges when it comes to defending against cyber threats, but one of the main ones is the lack of resources.

Cryptocurrency market maker Wintermute says $160 million in digital assets have been stolen from it in a cyber-heist, though it assures customers that everything's fine. CEO Evgeny Gaevoy admitted on Twitter that Wintermute was suffering from an "Ongoing hack" affecting its decentralized finance operations, while its centralized finance and over-the-counter trading operations were unaffected.

The Washington Post is reporting that the US Customs and Border Protection agency is seizing and copying cell phone, tablet, and computer data from "As many as" 10,000 phones per year, including an unspecified number of American citizens. This is done without a warrant, because "Courts have long granted an exception to border authorities, allowing them to search people's devices without a warrant or suspicion of a crime."