Security News

US regulators on Friday listed Huawei among Chinese telecom gear firms deemed a threat to national security, signaling that a hoped for softening of relations is not in the cards. A roster of communications companies thought to pose "An unacceptable risk" to national security included Huawei Technologies; ZTE; Hytera Communications; Hangzhou Hikvision Digital Technology, and Dahua Technology.

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks. The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.

The US Department of Justice has seized a fifth domain name used to impersonate the official site of a biotechnology company involved in COVID-19 vaccine development. Since December 2020, the US Department of Justice seized four other domains used by fraudsters for various nefarious purposes, including fraud, phishing attacks, and/or infecting targets' computers with malware.

The US government might have subtly signalled that it likely won't hack Russia this month - by telling credulous journalists it has a "Clandestine" plan to, er, launch an attack against its rival before April. Set against the backdrop of the SolarWinds and FireEye hack, and the most recent Hafnium attacks against Microsoft Exchange servers, it isn't hard to imagine presidential PR advisors wanting to give the impression that cyber warfare is their boss's top priority.

Last week, we argued over whether or not the media, including El Reg, should stop using the word hacker as a pejorative. The original meaning of hacker and hacking, in the context of computing, didn't denote criminality nor ill-intent, and referred to an avoidance of a standard solution.

It is Microsoft Exchange and its drooling minion, Outlook. It's easy to get things wrong in Exchange admin.

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China. Microsoft revealed the attack last week and released Exchange security updates.

U.S. federal prosecutors have charged John McAfee, founder of cybersecurity firm McAfee, and his executive advisor Jimmy Gale Watson Jr for cryptocurrency fraud and money laundering. In total, McAfee, Watson, and other members of the McAfee Team were able to collect over $13 million from two cryptocurrency pump-and-dump schemes, according to court documents.

The US Financial Industry Regulatory Authority has issued a regulatory notice warning US brokerage firms and brokers of an ongoing phishing campaign using fake compliance audit alerts to harvest information. The domain used in these ongoing phishing attacks was registered just two days ago, on March 3rd, using the NameCheap domain name registrar.

Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration warns. According to reports received by the Office of the Inspector General, the scammers' tactics arsenal has been updated to include the use of fake IDs designed to look like those used by Federal employees.