Collaborate Disseminate
After reading the technical details about this zero-day that targeted governmental entities and a think tank in Europe and learning about the Winter Vivern threat actor, get tips on mitigating this cybersecurity attack. Continue reading New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail
Hackers from countries like Iran are increasingly pairing their hacking operations with information operations pushing propaganda.
The post Microsoft: State-backed hackers grow in sophistication, aggressiveness appeared first on CyberScoop.
Continue reading Microsoft: State-backed hackers grow in sophistication, aggressiveness
Google removed fake Signal and Telegram apps from its Play store.
An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store…
Continue reading Fake Signal and Telegram Apps in the Google Play Store
The NSA discovered the intrusion in 2020—we don’t know how—and alerted the Japanese. The Washington Post has the story:
The hackers had deep, persistent access and appeared to be after anything they could get their hands on—plans, capabilities, assessments of military shortcomings, according to three former senior U.S. officials, who were among a dozen current and former U.S. and Japanese officials interviewed, who spoke on the condition of anonymity because of the matter’s sensitivity.
[…]
The 2020 penetration was so disturbing that Gen. Paul Nakasone, the head of the NSA and U.S. Cyber Command, and Matthew Pottinger, who was White House deputy national security adviser at the time, raced to Tokyo. They briefed the defense minister, who was so concerned that he arranged for them to alert the prime minister himself…
Under fire for security failures and premium pricing for security features, Microsoft said it would make logging tools more widely available.
The post Microsoft set to expand access to detailed logs in the wake of Chinese hacking operation appeared first on CyberScoop.
A Chinese hacking group focused on espionage utilized a flaw in a Microsoft authentication system to target the U.S. government.
The post Hackers based in China nab email data from US government agencies appeared first on CyberScoop.
Continue reading Hackers based in China nab email data from US government agencies
Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure.
Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection.
Continue reading Chinese Hacking of US Critical Infrastructure
A group called “Dark Pink” is likely based in Southeast Asia and shows signs of development and ongoing activity, researchers say.
The post Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign appeared first on CyberScoop.
Continue reading Southeast Asian hacking crew racks up victims, rapidly expands criminal campaign
Reuters is reporting that the FBI “had identified and disabled malware wielded by Russia’s FSB security service against an undisclosed number of American computers, a move they hoped would deal a death blow to one of Russia’s leading cyber spying programs.”
The headline says that the FBI “sabotaged” the malware, which seems to be wrong.
Presumably we will learn more soon.
EDITED TO ADD: New York Times story.
EDITED TO ADD: Maybe “sabotaged” is the right word. The FBI hacked the malware so that it disabled itself.
Despite the bravado of its developers, Snake is among the most sophisticated pieces of malware ever found, the FBI said. The modular design, custom encryption layers, and high-caliber quality of the code base have made it hard if not impossible for antivirus software to detect. As FBI agents continued to monitor Snake, however, they slowly uncovered some surprising weaknesses. For one, there was a critical cryptographic key with a prime length of just 128 bits, making it vulnerable to factoring attacks that expose the secret key. This weak key was used in Diffie-Hellman key exchanges that allowed each infected machine to have a unique key when communicating with another machine…
Google’s Threat Analysis Group reported on a subset of APT43 called Archipelago and detailed how the company is trying to protect users.
The post Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea appeared first on TechRepublic.
Continue reading Cyberespionage threat actor APT43 targets US, Europe, Japan and South Korea