Security News

The Jenkins team issued a reminder over the weekend that one should keep one's systems patched as it found itself with a compromised Confluence service. Although the affected instance of Confluence integrated with the company's identity system, the group said: "At this time we have no reason to believe that any Jenkins releases, plugins, or source code have been affected."

The US Securities and Exchange Commission has warned investors to be "Extremely wary" of potential investment scams related to Hurricane Ida's aftermath. This alert comes from SEC's Office of Investor Education and Advocacy, which regularly issues investor alerts to warn investors about the latest investment frauds and scams.

The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.

The financially motivated FIN8 cybergang used a brand-new backdoor - dubbed Sardonic by the Bitdender researchers who first spotted it - in attempted breaches of networks belonging to two unidentified U.S. financial organizations. It's a nimble newcomer, researchers wrote: "The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," according to Bitdefender's report.

Executives and leaders from big tech, education, the finance sector, and infrastructure have committed to bolstering US interests' security during yesterday's White House cybersecurity summit. The Biden administration has added natural gas pipelines to the Industrial Control Systems Cybersecurity Initiative, aiming to strengthen critical infrastructure cybersecurity.

In a meeting with President Biden at the White House on Wednesday, Apple, Google, Microsoft and other companies announced their intentions to devote money and training toward strengthening U.S. cybersecurity. As one step, the White House said that the National Institute of Standards and Technology will work with businesses to improve the security of the technology supply chain.

The advanced persistent threat group is new, according to researchers who dubbed it SparklingGoblin. SparklingGoblin, according to ESET researchers who named and discovered the crime group and backdoor, is an offshoot of another APT Winnti Group, first identified in 2013 by Kaspersky.

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it. Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets' systems likely via social engineering or spear-phishing, two of the group's favorite attack methods.

The Federal Bureau of Investigation has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. "The FBI has learned of a cyber-criminal group who self identifies as the 'OnePercent Group' and who have used Cobalt Strike to perpetuate ransomware attacks against US companies since November 2020," the FBI said.

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability, as the US Office of Inspector General disclosed in a recent report. "The purpose of these servers was to provide the Bureau with remote-access capabilities for its enterprise staff to access the production, development, and lab networks. According to system personnel, these servers did not provide access to 2020 decennial census networks," the OIG said.