Security News

The U.S. government and its allies are pleading with defenders to pay attention to gaping holes in perimeter-type devices, warning that advanced threat actors are feasting on known security defects in VPN appliances, network product gateways and enterprise cloud applications. In a joint advisory published Wednesday, cybersecurity response agencies from the U.S., the U.K., and Australia called special attention to flaws in network perimeter tech from Citrix, Fortinet, Pulse, F5 Networks and MobileIron.

The British government wants to make Amazon, Google, and other digital service providers report cybersecurity breaches to the Information Commissioner, according to newly published plans. Due to Brexit, the government can amend the UK's Network and Information Security Regulations to let the Information Commissioner's Office, the local data watchdog, dictate what kind of cybersecurity breaches must be reported to it.

In contrast, the Twitter hack we're referring to ultimately led to the takeover of just 45 accounts. The suspects were alleged to have previous form in hacking and trading in so-called OG accounts, where OG is short for original gangster.

A British man has been charged in the United States in connection with a Twitter hack last summer that compromised the accounts of prominent politicians, celebrities and technology moguls, the Justice Department said Wednesday. Joseph O'Connor, 22, was arrested in the coastal resort town of Estepona, Spain, on an arrest warrant accusing him of involvement in a July 2020 hack of more than 130 accounts, and of hacks that prosecutors said took over TikTok and Snapchat accounts, including "One of the most viewed and followed" TikTok stars.

Three US senators have written to their nation's Olympic Committee with a request that it "Forbid American athletes from receiving or using Digital Yuan during the Beijing Olympics" - a reference to the Winter Games scheduled to commence on February 4th, 2022. "While the Chinese Communist Party insists their efforts are aimed at digitizing bank notes and coins, Olympic athletes should be aware that the Digital Yuan may be used to surveil Chinese citizens and those visiting China on an unprecedented scale," wrote [PDF] Senators Marsha Blackburn, Roger Wicker and Cynthia Lummis.

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security. "In a statement issued by the White House on Monday, the administration said,"with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.

Chinese state-sponsored attackers have breached 13 US oil and natural gas pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees. The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.

Former journalist Matthew Keys, who served two years in prison for posting his Tribune Company content management system credentials online a decade ago in violation of America's Computer Fraud and Abuse Act, has been ordered back to prison for violating the terms of his supervised release. On Monday, Keys, 34, a resident of Vacaville, California, received an additional six-month sentence and 18 months of supervision with computer monitoring requirements, according to the US Attorney's Office of the Eastern District of California.

The Department of Homeland Security on Tuesday announced new requirements for U.S. pipeline operators to bolster cybersecurity following a May ransomware attack that disrupted gas delivery across the East Coast. In a statement, DHS said it would require operators of federally designated critical pipelines to implement "Specific mitigation measures" to prevent ransomware attacks and other cyber intrusions.

China on Tuesday said the US had "Fabricated" allegations it carried out a massive Microsoft hack, countering that Washington was the "World champion" of cyber attacks while raging at American allies for signing up to a rare joint statement of condemnation. The United States on Monday accused Beijing of carrying out the March cyber attack on Microsoft Exchange, a top email server for corporations around the world, and charged four Chinese nationals over the "Malicious" hack.