Security News

Biden signs memo to boost US national security systems’ defenses
2022-01-20 13:57

President Joe Biden signed a national security memorandum on Wednesday to increase the security of national security systems part of critical US government networks used in military and intelligence activities when storing or transferring classified info. "Modernizing our cybersecurity defenses and protecting all federal networks is a priority for the Biden Administration, and this National Security Memorandum raises the bar for the cybersecurity of our most sensitive systems," the White House said.

CISA urges US orgs to prepare for data-wiping cyberattacks
2022-01-19 18:33

The Cybersecurity and Infrastructure Security Agency urges U.S. organizations to strengthen their cybersecurity defenses against data-wiping attacks recently seen targeting Ukrainian government agencies and businesses.CISA is now urging business leaders and U.S. organizations to take the following steps to prevent similar destructive attacks on their networks.

Phishing attack spoofs US Department of Labor to steal account credentials
2022-01-19 13:53

A phishing campaign seen by email security provider Inky tries to trick its victims by inviting them to submit bids for alleged government projects. A phishing email that appears to come from an official government entity is especially deceptive as it carries an air of authority.

US mergers doubled in 2021 so FTC and DoJ seek new guidelines to stop illegal ones
2022-01-19 12:31

The US Federal Trade Commission and Department of Justice Antitrust Division are launching a joint public inquiry as a first step to modernising merger guidelines and preventing anticompetitive deals. FTC chair Lina Khan said it was time for a merger review because the number of global deals reached in 2021 was the highest ever recorded - at a whopping $5.8 trillion - with the DoJ receiving twice the number of merger filings as in 2020.

Office 365 phishing attack impersonates the US Department of Labor
2022-01-19 11:00

A new phishing campaign impersonating the United States Department of Labor asks recipients to submit bids to steal Office 365 credentials. The phishing campaign has been ongoing for at least a couple of months and utilizes over ten different phishing sites impersonating the government agency.

Russia arrests REvil ransomware gang members at request of US officials
2022-01-14 18:54

More than a dozen members of the REvil ransomware group have been arrested courtesy of the Russian government. The Biden administration has been pressuring Russia to take ransomware and its perpetrators seriously, especially amid allegations that groups like REvil have operated with at least the tacit permission of the former Soviet Union.

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran
2022-01-13 17:35

U.S. Cyber Command has confirmed that MuddyWater - an advanced persistent threat cyberespionage actor aka Mercury, Static Kitten, TEMP.Zagros or Seedworm that's historically targeted government victims in the Middle East - is an Iranian intelligence outfit. On Wednesday, USCYBERCOM not only confirmed the tie; it also disclosed the plethora of open-source tools and strategies MuddyWater uses to break into target systems and released malware samples.

Using Foreign Nationals to Bypass US Surveillance Restrictions
2022-01-13 15:35

Remember when the US and Australian police surreptitiously owned and operated the encrypted cell phone app ANOM? They arrested 800 people in 2021 based on that operation. For legal reasons, the FBI did not monitor outgoing messages from Anom devices determined to be inside the U.S. Instead, the Australian Federal Police monitored them on behalf of the FBI, according to previously published court records.

Austrian watchdog rules German company's use of Google Analytics breached GDPR by sending data to US
2022-01-13 14:48

The Austrian data protection authority has ruled that use of Google Analytics by a German company is in breach of European law in light of the Schrems II EU-US data sharing ruling. Datenschutzbehörde, or DSB, has found that a German publisher, not named in the case, was in breach of Article 44 of the General Data Protection Regulation in the use and operation of Google Analytics - commonly used throughout web publishing and ecommerce - because of its movement of personal data to the United States.

US Cyber Command Links 'MuddyWater' Hacking Group to Iranian Intelligence
2022-01-13 00:16

The U.S. Cyber Command on Wednesday officially confirmed MuddyWater's ties to the Iranian intelligence apparatus, while simultaneously detailing the various tools and tactics adopted by the espionage actor to burrow into victim networks. "MuddyWater has been seen using a variety of techniques to maintain access to victim networks," USCYBERCOM's Cyber National Mission Force said in a statement.