Security News

The advanced persistent threat group is new, according to researchers who dubbed it SparklingGoblin. SparklingGoblin, according to ESET researchers who named and discovered the crime group and backdoor, is an offshoot of another APT Winnti Group, first identified in 2013 by Kaspersky.

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets' systems likely via social engineering or spear-phishing, two of the group's favorite attack methods.

The Federal Bureau of Investigation has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. "The FBI has learned of a cyber-criminal group who self identifies as the 'OnePercent Group' and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020," the FBI said.

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability, as the US Office of Inspector General disclosed in a recent report. "The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks," the OIG said.

The mysterious thief who stole $600m-plus in cryptocurrencies from Poly Network has been offered the role of Chief Security Advisor at the Chinese blockchain biz. After Poly Network urged netizens, cryptoexchanges, and miners to reject transactions involving the thief's wallet addresses, the crook started giving the digital money back - and at least $260m of tokens have been returned.

T-Mobile US has begun admitting to the theft of 100 million user accounts in stages, confessing overnight that 8 million people's personal details had been stolen from its servers. In a statement the American mobile operator said: "Yesterday, we were able to verify that a subset of T-Mobile data had been accessed by unauthorized individuals. We also began coordination with law enforcement as our forensic investigation continued."

British defence tech specialist Ultra Electronics has been bought for £2.6bn by a US private equity firm, through a wholly owned UK subsidiary that was itself once a proud standalone business. Ultra's acquisition by Cobham Group plc, owned by US fund Advent International, sees the defence firm's shareholders receive £35 per share - as well as ownership of the critical Royal Navy supplier passing to a foreign entity, albeit one headquartered in an allied country.

T-Mobile US is investigating claims that highly sensitive personal data of 100 million customers has been stolen and peddled via the dark web. The seller said it's likely T-Mobile US is up to speed on the security breach because a backdoor used to exfiltrate this data from the telco's servers had been closed.

The incentive for a business to implement a zero-trust architecture should be based on internal mandates, with consideration for how a security breach might impact others outside of the organization. A separate White House memorandum is already pushing critical infrastructure owners and operators to implement baseline security practices to protect national and economic security, as well as public health and safety.

The US Financial Industry Regulatory Authority warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. In a notice issued on Friday, the US financial industry regulator said that the phishing messages are being sent from multiple domains impersonating FINRA official sites.