Security News

A newly released Federal strategy wants the US government to adopt a "Zero trust" security model within the next two years to defend against current threats and boost cybersecurity defenses across federal agencies. The executive order initiated a government-wide effort to migrate toward zero trust and modernize the nation's defenses against cyberattacks.

In South Africa, you get an IRP5 at the end of the tax year - an archaic term that we are guessing is short for Inland Revenue/Personal, Form #5, even though the South African tax office hasn't been called the Inland Revenue for nearly 25 years. Here at Naked Security, we know the names of these forms, amongst numerous others, because they often show up in tax scam emails, presumably to give those messages an air of realism.

The U.S. Treasury Department announced today sanctions against Volodymyr Oliynyk, a former Ukrainian official, for collecting and sharing info on critical Ukrainian infrastructure with Russia's Federal Security Service."As in previous Russian incursions into Ukraine, repeated cyber operations against Ukraine's critical infrastructure are part of Russia's hybrid tactics to threaten Ukraine."

President Joe Biden signed a national security memorandum on Wednesday to increase the security of national security systems part of critical US government networks used in military and intelligence activities when storing or transferring classified info. "Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems," the White House said.

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.

The US Federal Trade Commission and Department of Justice Antitrust Division are launching a joint public inquiry as a first step to modernising merger guidelines and preventing anticompetitive deals. FTC chair Lina Khan said it was time for a merger review because the number of global deals reached in 2021 was the highest ever recorded - at a whopping $5.8 trillion - with the DoJ receiving twice the number of merger filings as in 2020.

A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency.

More than a dozen members of the REvil ransomware group have been arrested courtesy of the Russian government. The Biden administration has been pressuring Russia to take ransomware and its perpetrators seriously, especially amid allegations that groups like REvil have operated with at least the tacit permission of the former Soviet Union.

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit. On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.