Security News

Russian spies from APT29 responded to Western agencies outing their tactics by adopting a red-teaming tool to blend into targets' networks as a legitimate pentesting exercise. A couple of weeks ago, Britain and the US joined forces to out the SVR's Tactics, Techniques and Procedures, giving the world's infosec defenders a chance to look out for the state-backed hackers' fingerprints on their networked infrastructure.

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The FBI, NSA, CISA and the UK's NCSC say the Russian threat actor tracked as APT29 was behind the SolarWinds attack, which resulted in hundreds of organizations having their systems breached through malicious updates served from compromised SolarWinds systems.

Russian Foreign Intelligence Service operators have switched their attacks to target new vulnerabilities in reaction to US govt advisories published last month with info on SVR tactics, tools, techniques, and capabilities used in ongoing attacks. In a third advisory issued on April 26, the FBI, DHS, and CIA warned of continued attacks coordinated by the Russian SVR against the US and foreign organizations.

A task force attached to the Institute for Security and Technology has released set of recommendations to combat the ransomware scourge currently hitting organizations around the world. A total of 48 recommendations are included in the document, focused on four major goals: to deter ransomware attacks and disrupt this business model, and to help organizations better prepare for attacks and efficiently respond to them.

An FBI operation that gave law enforcement remote access to hundreds of computers to counter a massive hack of Microsoft Exchange email server software is a tool that is likely to be deployed "Judiciously" in the future as the Justice Department, aware of privacy concerns, develops a framework for its use, a top national security official said Wednesday. Many victims took steps on their own to safeguard their systems, but for those that who did not, the Justice Department stepped in to do it for them with a judge's approval.

Following attribution of the SolarWinds supply chain attack to Russia's APT29, the US CISA infosec agency has published a list of the spies' known tactics - including a penchant for using a naughtily named email provider. APT29* is the Western infosec world's codename for what we now know is the Russian Foreign Intelligence Service, known by its Russian acronym SVR. As well as publishing a list of things US counterintelligence know about their Russian offensive counterparts, CISA has also added some advice on how to avoid these common Russian intelligence compromise tactics.

As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used. Now the U.S. Air Force has adopted zero trust to improve and protect its flightline.

The FBI, the US Department of Homeland Security, and the Cybersecurity and Infrastructure Security Agency warned today of continued attacks coordinated by the Russian Foreign Intelligence Service against US and foreign organizations. With access to the administrative account, the actors modified permissions of specific e-mail accounts on the network, allowing any authenticated network user to read those accounts.

American aviation regulators have ordered private jet operators to install software updates for Garmin collision avoidance units after multiple reports of false alarms - raising the risk of a mid-air crash. The affected Garmin products, its GTS 8000 series, generated seven false Traffic Collision Avoidance System warnings, said the US Federal Aviation Administration in a formal Airworthiness Directive published [PDF] earlier this month.

The Justice Department is taking new aim at ransomware after a year that officials say was the most costly on record for the crippling cyberattacks. Formation of a task force of FBI agents and Justice Department prosecutors is an acknowledgment of the growing threat posed by ransomware attacks, in which hackers lock up computer data and demand ransom payments in order to give it back.