Nation-state hackers breached US think tank thrice in a row
An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations. In one attack, Dark Halo leveraged a newly disclosed vulnerability. READ MORE...
Ethical power supplier People's Energy hacked, 250,000 customers' personal info accessed
Renewable electricity and gas supplier People's Energy has told its 250,000-plus customers that a "gap" in the security of its IT system was exploited by digital burglars. The British company's co-founders Karin Sode and David Pike wrote to customers on Thursday morning to confirm that "yesterday People's Energy was affected by a cyber security data breach." "No financial information, bank account details, or People's Energy online account passwords have been compromised for any domestic customers." READ MORE...
Iranian nation-state hackers linked to Pay2Key ransomware
According to the report published today, "this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks causing significant damage to some of the affected companies." The Iranian-backed Fox Kitten hacking group (also tracked as Parisite by ICS cybersecurity company Dragos) has been active since at least 2017 and is known for orchestrating and being involved in cyber-espionage and data theft campaigns. READ MORE...
A 'coordinated police' action against the Joker's Stash took a small domain offline
An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site's administrators and multiple sources with visibility into the site. A message posted Thursday on a forum at the Joker's Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that "these bastards busted" an "external proxy server". READ MORE...
'SocGholish' Attack Framework Powers Surge in Drive-By Attacks
Drive-by download attacks have been on the uptick over the past two months, thanks to a highly active attack framework that security researchers have dubbed "SocGholish" for its ample use of social engineering tools and techniques. SocGholish impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files that are automatically placed on their machines when a visit to an infected compromise triggers a drive-by download. READ MORE...
Biden says he will 'elevate' cybersecurity as US hack investigation goes on
President-elect Joe Biden said on Thursday he has instructed his advisers to learn as much as possible about a hacking campaign that's roiled the U.S. government, as the investigators warned that the suspected Russian effort represented a "grave risk." In a statement, Biden pledged to "elevate cybersecurity as an imperative across the government," following revelations about how hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks. READ MORE...
Google Extends Support Period for Android Devices
Google this week announced an extended support period for Android 11 and later devices launching with Qualcomm System-on-Chip (SoC) models. Currently, devices receive support for a period of three years, which includes security patches, but moving forth users will enjoy one additional year of operating system and security updates. The move, the Internet search giant says, is meant to help vendors and users alike, and to ensure better continuity. It is also accompanied by a no-retroactivity. READ MORE...
Ransomware masquerades as mobile version of Cyberpunk 2077
A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. To trick users into installing malware, threat actors commonly distribute them as gamer installers, cheats, and cracks for copyrighted software. This week, Kaspersky malware analyst Tatyana Shishkova discovered an Android ransomware masquerading as a mobile version of the Cyberpunk 2077 game. The game was being distributed from a fake website. READ MORE...
Malicious Browser Extensions for Social Media Infect Millions of Systems
At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data. More than two dozen malicious programs posing as third-party extensions for top social media sites have been downloaded some 3 million times, surreptitiously redirecting users to phishing sites, displaying advertisements, and stealing data, antivirus firm Avast reports. READ MORE...
How the US military used a creepy island to test cyberattacks on the grid - in the middle of a pandemic
The U.S. government officials trying to test the country's ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn't in the script. READ MORE...
Ransomware attackers are making threatening phone calls to their victims, warns FBI
It's scary to receive a ransom demand from a cybercriminal, but I would argue it's even more frightening to receive a threatening phone call from your attackers if you refuse to pay. As ZDNet reports, the FBI has sent out a PIN (Private Industry Notification) alert to private sector companies warning them that not only are hackers using the DoppelPaymer ransomware in an attempt to extort money from affected organisations. READ MORE...
Ransomware Gangs Use 'SystemBC' Tor Backdoor in Attacks
Researchers at Sophos noticed recently that the operators of multiple ransomware families have been using a backdoor named SystemBC, which provides attackers a connection to compromised devices and which uses the Tor anonymity network to hide command and control (C&C) communications. Initially observed in 2019, SystemBC enables persistent access to the system, providing attackers with means to conceal communications and remotely control the infected devices. READ MORE...
- ...in 1913, science fiction author Alfred Bester ("The Demolished Man," "The Stars My Destination") is born in New York City.
- ...in 1943, musician/songwriter Keith Richards, co-founder of the Rolling Stones ("(I Can't Get No) Satisfaction", "As Tears Go By"), is born in Kent, England.
- ...in 1958, Project SCORE is launched from Cape Canaveral. It was the first purpose-built communications satellite, and a response to Russia's Sputnik launches the previous year.
- ...in 2001, singer-songwriter Billie Eilish ("Bad Guy", "No Time to Die"), the youngest person to win the four main Grammy categories in the same year, is born in Los Angeles.
