An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations. In one attack, Dark Halo leveraged a newly disclosed vulnerability. READ MORE...
Renewable electricity and gas supplier People's Energy has told its 250,000-plus customers that a "gap" in the security of its IT system was exploited by digital burglars. The British company's co-founders Karin Sode and David Pike wrote to customers on Thursday morning to confirm that "yesterday People's Energy was affected by a cyber security data breach." "No financial information, bank account details, or People's Energy online account passwords have been compromised for any domestic customers." READ MORE...
According to the report published today, "this campaign is part of the ongoing cyber confrontation between Israel and Iran, with the most recent wave of attacks causing significant damage to some of the affected companies." The Iranian-backed Fox Kitten hacking group (also tracked as Parisite by ICS cybersecurity company Dragos) has been active since at least 2017 and is known for orchestrating and being involved in cyber-espionage and data theft campaigns. READ MORE...
An ongoing law enforcement operation has disrupted aspects of a leading website where internet scammers frequently buy and sell stolen data, according to the site's administrators and multiple sources with visibility into the site. A message posted Thursday on a forum at the Joker's Stash, a marketplace where members have previously listed millions of payment cards stolen from U.S. restaurant chains, notifies members that "these bastards busted" an "external proxy server". READ MORE...
Drive-by download attacks have been on the uptick over the past two months, thanks to a highly active attack framework that security researchers have dubbed "SocGholish" for its ample use of social engineering tools and techniques. SocGholish impersonates legitimate browser, Flash, and Microsoft Teams updates to trick users into executing malicious ZIP files that are automatically placed on their machines when a visit to an infected compromise triggers a drive-by download. READ MORE...
President-elect Joe Biden said on Thursday he has instructed his advisers to learn as much as possible about a hacking campaign that's roiled the U.S. government, as the investigators warned that the suspected Russian effort represented a "grave risk." In a statement, Biden pledged to "elevate cybersecurity as an imperative across the government," following revelations about how hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks. READ MORE...
Google this week announced an extended support period for Android 11 and later devices launching with Qualcomm System-on-Chip (SoC) models. Currently, devices receive support for a period of three years, which includes security patches, but moving forth users will enjoy one additional year of operating system and security updates. The move, the Internet search giant says, is meant to help vendors and users alike, and to ensure better continuity. It is also accompanied by a no-retroactivity. READ MORE...
A threat actor is distributing fake Windows and Android installers for the Cyberpunk 2077 game that is installing a ransomware calling itself CoderWare. To trick users into installing malware, threat actors commonly distribute them as gamer installers, cheats, and cracks for copyrighted software. This week, Kaspersky malware analyst Tatyana Shishkova discovered an Android ransomware masquerading as a mobile version of the Cyberpunk 2077 game. The game was being distributed from a fake website. READ MORE...
At least 28 third-party add-ons for top social media sites, including Facebook and Vimeo, redirect users to phishing sites and steal data. More than two dozen malicious programs posing as third-party extensions for top social media sites have been downloaded some 3 million times, surreptitiously redirecting users to phishing sites, displaying advertisements, and stealing data, antivirus firm Avast reports. READ MORE...
The U.S. government officials trying to test the country's ability to respond to a major cyberattack thought they had pulled out all the stops. Engineers had planned to simulate the kind of security incident that would cause an electrical blackout, after all, and had even planned to hold the event on an isolated island off the coast of New York. Even with all that preparation, a once-in-a-century pandemic still wasn't in the script. READ MORE...
It's scary to receive a ransom demand from a cybercriminal, but I would argue it's even more frightening to receive a threatening phone call from your attackers if you refuse to pay. As ZDNet reports, the FBI has sent out a PIN (Private Industry Notification) alert to private sector companies warning them that not only are hackers using the DoppelPaymer ransomware in an attempt to extort money from affected organisations. READ MORE...
Researchers at Sophos noticed recently that the operators of multiple ransomware families have been using a backdoor named SystemBC, which provides attackers a connection to compromised devices and which uses the Tor anonymity network to hide command and control (C&C) communications. Initially observed in 2019, SystemBC enables persistent access to the system, providing attackers with means to conceal communications and remotely control the infected devices. READ MORE...