Security News

A British judge on Monday rejected the United States' request to extradite WikiLeaks founder Julian Assange to face espionage charges, saying he was likely to kill himself if held under harsh U.S. prison conditions. In a mixed ruling for Assange and his supporters, District Judge Vanessa Baraitser rejected defense arguments that the 49-year-old Australian faces a politically motivated American prosecution that rides roughshod over free-speech protections.

Accused hacker and WikiLeaks founder Julian Assange should not be extradited to the US to stand trial, Westminster Magistrates' Court has ruled. District Judge Vanessa Baraitser told Assange this morning that there was no legal obstacle to his being sent to the US, where he faces multiple criminal charges under America's Espionage Act and Computer Fraud and Abuse Act over his WikiLeaks website.

The US Treasury Department's Financial Crimes Enforcement Network warned financial institutions of ransomware actively targeting vaccine research organizations. "FinCEN is aware of ransomware directly targeting vaccine research, and FinCEN asks financial institutions to stay alert to ransomware targeting vaccine delivery operations as well as the supply chains required to manufacture the vaccines," the US Treasury Department bureau warned [PDF].

Threat actors have been discovered distributing a new credential stealer written in AutoHotkey scripting language as part of an ongoing campaign that started early 2020. Customers of financial institutions in the US and Canada are among the primary targets for credential exfiltration, with a specific focus on banks such as Scotiabank, Royal Bank of Canada, HSBC, Alterna Bank, Capital One, Manulife, and EQ Bank.

China's spies "Were actively using that for counterintelligence and offensive intelligence. The capability was there and was being utilized." China had also stepped up its hacking efforts targeting biometric and passenger data from transit hubs. To be sure, China had stolen plenty of data before discovering how deeply infiltrated it was by U.S. intelligence agencies.

The United States Department of Homeland Security has published a guide to the terrifying risks that businesses will expose themselves to if they use tech created in the Peoples' Republic of China or engage in any business activity with the Middle Kingdom. The fifteen-page "Data Security Business Advisory" [PDF] opens by warning "Businesses expose themselves and their customers to heightened risk when they share sensitive data with firms located in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC.".

US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack. The senator also added that the SolarWinds hackers also breached the systems in the Departmental Offices division of the US Treasury, a department that is the "Home to the department's highest-ranking officials."

Hackers broke into systems used by top US Treasury officials during a massive cyberattack on government agencies and may have stolen essential encryption keys, a senior lawmaker said Monday. Senator Ron Wyden, who sits on both the Senate Intelligence and Finance Committees, said after a closed-door briefing that the hack at the US Treasury Department "Appears to be significant."

The US Department of Justice has seized two domain names used to impersonate the official websites of biotechnology companies Moderna and Regeneron involved in the development of COVID-19 vaccines. While almost perfectly cloning the contents of the real sites, the website seized by the federal government were instead used for various malicious purposes including running scams, infecting visitors with malware, and collecting sensitive info in phishing attacks.

NATO said Saturday it was checking its computer systems after a massive cyberattack on US government agencies and others that Washington blamed on Moscow. "At this time, no evidence of compromise has been found on any NATO networks. Our experts continue to assess the situation, with a view to identifying and mitigating any potential risks to our networks," a NATO official told AFP. Microsoft said Thursday its anti-virus software detected intrusions in dozens of networked systems, most of them in the United States, via software supplied by US tech company SolarWinds.