Security News
An email marketing company claiming to hold details on a million UK teachers and school admin personnel was potentially exposing those to the public internet thanks to a misconfigured error page on its website. Not only that, but the Schools Marketing Company seemingly dismissed the findings of the infosec company which spotted the flaw when the infoseccers tried to draw its attention to the problem.
An emerging threat actor likely supporting Iranian national interests has been behind a password spraying campaign targeting U.S., E.U., and Israeli defense technology companies, with additional activity observed against regional ports of entry in the Persian Gulf as well as maritime and cargo transportation companies focused in the Middle East. Microsoft is tracking the hacking crew under the moniker DEV-0343.
Iran-linked threat actors are targeting the Office 365 tenants of US and Israeli defense technology companies in extensive password spraying attacks. The activity cluster was temporarily dubbed DEV-0343 by researchers at Microsoft Threat Intelligence Center and Microsoft Digital Security Unit, who have tracked it since late July.
A court filing and announcement allege that a chap named Jonathan Toebbe, an employee of the Department of the Navy who served as a nuclear engineer, contacted entities that he believed represented a foreign power and offered to sell "Restricted Data concerning the design of a nuclear-powered warship". An FBI legal attaché obtained a letter sent by Toebbe in April 2020 that included some US Navy documents and instructions on how to establish a secure channel between a foreign nation and Toebbe.
Microsoft says that Russian-sponsored hacking groups are increasingly targeting US government agencies, with roughly 58% of all nation-state attacks observed by Microsoft between July 2020 and June 2021 coming from Russia. "Russian nation-state actors are increasingly targeting government agencies for intelligence gathering, which jumped from 3% of their targets a year ago to 53% - largely agencies involved in foreign policy, national security or defense," said Tom Burt, Microsoft's Corporate Vice President for Customer Security & Trust.
Russia's SVR spy agency made off with information about US counterintelligence investigations in the wake of the SolarWinds hack, according to people familiar with the American government cleanup operation. The SVR was named and shamed in April by Britain and the US as the organisation that compromised the build systems of SolarWinds' network monitoring software Orion, used by 18,000 customers across the world.
Today, U.S. President Joe Biden said that the U.S. will bring together 30 countries to jointly crack down on ransomware gangs behind a barrage of attacks impacting organizations worldwide. "I am committed to strengthening our cybersecurity by hardening our critical infrastructure against cyberattacks, disrupting ransomware networks, working to establish and promote clear rules of the road for all nations in cyberspace, and making clear we will hold accountable those that threaten our security."
The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks. "To understand the FBI's decision, the lawmakers are requesting a briefing from the FBI on its legal and policy rationale for withholding the ransomware key, as well as the FBI's overall strategy for addressing, investigating, preventing, and defeating ransomware attacks," the Committee said in a press release on Wednesday.
FBI accused of withholding ransomware key as part of REvil probe. The FBI had obtained a key to undo a flood of ransomware infections but sat on it for a while in an attempt to strike at the malware operators, it's claimed.
An "Insidious" new SMS smishing malware has been found targeting Android mobile users in the U.S. and Canada as part of a new campaign that uses SMS text message lures related to COVID-19 regulations and vaccine information in an attempt to steal personal and financial data. Proofpoint's messaging security subsidiary Cloudmark coined the emerging malware "TangleBot."