Security News
The Biden administration is preparing to announce sanctions in response to a massive Russian hacking campaign that breached vital federal agencies, as well as for election interference, a senior administration official said. U.S. officials last month alleged that Russian President Vladimir Putin authorized influence operations to help Donald Trump in his unsuccessful bid for reelection as president, though there's no evidence Russia or anyone else changed votes or manipulated the outcome.
A Nigerian email scammer based in New York was on Tuesday sentenced to 40 months in prison, and ordered to pay back $2.7m in stolen money. As opposed to the infamous Nigerian email scams where people pretended to be heirs to fortunes and devised various ways to get victims to send them money to access their funds, the scam run by Eke and three other Nigerian conspirators was significantly more sophisticated, the indictment states [PDF].
As we explained in a recent Serious Security article on Naked Security, a crook who can upload a file into a Windows server directory where web data is stored doesn't merely get a chance to pollute your web server with fake content, as bad as that would be on its own. Despite several weeks of urgent warnings, not least from Naked Security, there are still plenty of unpatched servers out there just waiting to get pwned.
Federal Reserve chairman Jerome Powell said he was more worried about the risk of a large-scale cyberattack than another financial crisis like that of 2008. The risks of a 2008-like crisis with a need for government bailouts of banks were "Very, very low," the head of the US central bank said during an interview aired Sunday on CBS's "60 minutes."
The United States Department of Defense this week announced the launch of a new vulnerability disclosure program on HackerOne to identify vulnerabilities in Defense Industrial Base contractor networks. Running as a pilot, the Defense Industrial Base Vulnerability Disclosure Program covers participating DoD contractor partner's information systems and web properties, as well as other assets within scope, and is separate from the DoD vulnerability disclosure program that already runs on HackerOne.
A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. On Tuesday, March 30th, vehicle emissions testing platform Applus Technologies suffered a "Malware" attack that caused them to disconnect their IT systems.
A bipartisan group of US senators on Friday sent letters to major digital ad exchanges, including Google and Twitter, asking whether user data was sold to foreign entities who could use it for blackmail or other malicious ends. In the real-time bidding process to decide which personalized ads a user sees when a web page loads, hundreds of businesses receive a user's personal information, including search history, IP address, age and gender.
A top Biden administration official says the government is undertaking a new effort to help electric utilities, water districts and other critical industries protect against potentially damaging cyberattacks. The public-private partnership reflects the administration's concerns about the vulnerability of vital systems, including the electric grid and water treatment plants, to hacks that could cause catastrophic consequences to American life.
The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information. "Consumers receive the surveys via email and text message and are told that, as a gift for filling out the survey, they can choose from various free prizes, such as an iPad Pro," the DOJ said.
Microsoft won a nearly $22 billion contract to supply U.S. Army combat troops with its augmented reality headsets. Microsoft and the Army separately announced the deal Wednesday.