Security News

US and allies, including the European Union, the United Kingdom, and NATO, are officially blaming China for this year's widespread Microsoft Exchange hacking campaign. The Biden administration attributes "With a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.".

Facebook on Thursday disclosed it dismantled a "Sophisticated" online cyber espionage campaign conducted by Iranian hackers targeting about 200 military personnel and companies in the defense and aerospace sectors in the U.S., U.K., and Europe using fake online personas on its platform. The social media giant pinned the attacks to a threat actor known as Tortoiseshell based on the fact that the adversary used similar techniques in past campaigns attributed to the threat group, which was previously known to focus on the information technology industry in Saudi Arabia, suggesting an apparent expansion of malicious activity.

Thousands of small- and medium-sized businesses were affected, just because they trusted their suppliers. How can companies protect against this sort of breach?

The other is offering a reward of up to $10 million for information on operations conducted by actors working for a foreign government. On Thursday, the U.S. Department of State announced that its Rewards for Justice program now incentivize reports of foreign malicious activity against U.S. critical infrastructure.

The US is offering a $10m reward to anyone who dobs in digital outlaws responsible for foreign government-backed cyberattacks on critical national infrastructure such as pipelines, power grids, and communication networks. The cash incentive is part of the US State Department's Rewards for Justice programme and the ongoing war on cybercrime that has in recent months crippled fuel pipelines and meat production.

Recent activity that Facebook associated with the group focused on military personnel, defense organizations, and aerospace entities primarily in the United States and, to a lesser extent, the U.K. and Europe, showing an escalation of the group's cyberespionage activities. Today, Facebook revealed that it took action against similar attacks from the Iranian hacking group, which leveraged its online platform to lure victims into downloading malware.

The role of facial-recognition technology was put under the microscope earlier this week after the US House Committee on the Judiciary heard evidence about how it's used by law enforcement agencies. Dr Cedric Alexander, a former member of President Barack Obama's Task Force on 21st Century Policing, underlined the minefield facing lawmakers by laying out how, on the one hand, FRT can promote justice and "Even save lives" but not if it means sacrificing constitutional rights.

The United States will seek global rules on how to prevent misuse of artificial intelligence, Secretary of State Antony Blinken said Tuesday, as he renewed warnings against Russia over hacking. Speaking at a conference on emerging technologies, the top US diplomat voiced alarm that a growing number of authoritarian states led by China are using the internet as well as new technologies to curb dissent and exert greater control.

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.

China-based hackers actively target US defense and software companies using a vulnerability in the SolarWinds Serv-U FTP server. Today, SolarWinds released a security update for a zero-day vulnerability in Serv-U FTP servers that allow remote code execution when SSH is enabled.