Security News

Deviating from their typical activity, an Iranian threat actor known as TA453 has mounted a phishing campaign targeting senior medical professionals in the United States and Israel, cybersecurity firm Proofpoint reports. Also referred to as Charming Kitten, Phosphorus, APT35, Ajax Security Team, ITG18, NewsBeef, and Newscaster, the group has been active since at least 2011, mainly targeting activists, journalists, and other entities in the Middle East, the U.K., and the U.S. The new campaign, which Proofpoint named BadBlood due to its focus on medical personnel, targeted individuals specialized in genetic, neurology, and oncology research, in line with a broader trend in which threat actors are targeting medical research.

Security expert says because we can't inspect the inner workings of the software we buy, we're at the mercy of software companies' security practices. TechRepublic's Karen Roby spoke with Manish Gupta, founder and CEO of ShiftLeft, a code analysis software company, about the SolarWinds attack and its effect on cybersecurity.

US federal agencies have warned today against making or selling fake COVID-19 vaccination record cards as this is breaking the law. Using fake vaccination record cards could also put others at risk, increasing the chance of contracting COVID-19 or infecting others.

Some jokingly said the cryptic tweet, ";l;;gmlxzssaw," was a US nuclear launch code. Now the US Strategic Command, which runs the country's powerful nuclear weapons force, says the enigmatic posting on its Twitter account in fact came from the hands of a precocious kid.

A proposed executive order would set new rules on the disclosure of data breaches that also affect United States government agencies, according to a Reuters news report. The report said the executive order, which could be released as soon as the next week, would require software vendors to notify U.S. government customers of cyber-security breaches that also affect them.

Europe and the United States will use a thaw in ties to strike a pact that would allow for the exchange of private data across the Atlantic, replacing previous agreements struck down by an EU court. Facebook, Google, Microsoft and thousands of other companies want such a deal to keep the internet traffic flowing without facing significant legal jeopardy over European privacy laws.

The U.S. Cyber Command conducted more than two dozen operations aimed at preventing interference in last November's presidential election, the general who leads the Pentagon's cyber force said Thursday. He said his command's operations were designed "To get ahead of foreign threats before they interfered with or influenced our elections in 2020.".

A lawyer for a Cypriot hacker who has served almost four years behind bars said he will not appeal against a one-year jail sentence in the US for cyber-crimes he committed as a minor. A Georgia court handed down the jail term on Thursday in the trial of Joshua Pelloso Epifaniou, now 22, who was arrested in Cyprus in May 2017 and last year became the first Cypriot national ever extradited to the United States.

The United States sentenced a Russian and a North Macedonian on Friday to prison for their roles in a vast cyber crime operation. Sergey Medvedev, 33, of Russia and Marko Leopard, 31, of North Macedonia, were sentenced to ten and five years respectively, according to a Justice Department statement.

China's government on Thursday called on Washington to drop efforts to expel three state-owned Chinese phone companies from the United States in a new clash over technology and security. The United States should "Stop the wrong practice of generalizing the concept of national security and politicizing economic issues" and "Stop abusing state power to unreasonably suppress Chinese enterprises," said a ministry spokesman, Zhao Lijian.