The US Is Banning Kaspersky

This move has been coming for a long time.

The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—­the first such action under authorities given to the Commerce Department in 2019­—follows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers…

Continue reading The US Is Banning Kaspersky

Arrests made after North Koreans hired for remote tech jobs at US companies

US businesses are believed to have recruited thousands of North Korean IT workers, sending earnings (and potentially data) to North Korea.

Read more in my article on the Hot for Security blog. Continue reading Arrests made after North Koreans hired for remote tech jobs at US companies

MITRE Hack: China-Linked Group Breached Systems in December 2023

MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities.
The post MITRE Hack: China-Linked Group Breached Systems in December 2023 appeared first on SecurityWeek.
Continue reading MITRE Hack: China-Linked Group Breached Systems in December 2023

Whale Song Code

During the Cold War, the US Navy tried to make a secret code out of whale song.

The basic plan was to develop coded messages from recordings of whales, dolphins, sea lions, and seals. The submarine would broadcast the noises and a computer—the Combo Signal Recognizer (CSR)—would detect the specific patterns and decode them on the other end. In theory, this idea was relatively simple. As work progressed, the Navy found a number of complicated problems to overcome, the bulk of which centered on the authenticity of the code itself.

The message structure couldn’t just substitute the moaning of a whale or a crying seal for As and Bs or even whole words. In addition, the sounds Navy technicians recorded between 1959 and 1965 all had natural background noise. With the technology available, it would have been hard to scrub that out. Repeated blasts of the same sounds with identical extra noise would stand out to even untrained sonar operators…

Continue reading Whale Song Code

Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations 

Russia-linked APT28 deploys the GooseEgg post-exploitation tool against numerous US and European organizations.
The post Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations  appeared first on SecurityWeek.
Continue reading Russian Cyberspies Deliver ‘GooseEgg’ Malware to Government Organizations 

Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks

Chinese APT Evasive Panda compromises a software developer’s supply chain to target Tibetans with malicious downloaders.
The post Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks appeared first on SecurityWeek.
Continue reading Chinese Cyberspies Target Tibetans via Watering Hole, Supply Chain Attacks