2024-01-25 07:15 (EST) - Suspected Kremlin-linked hackers breached Hewlett Packard Enterprises (HPE) cloud email, exfiltrating data from some mailboxes since May 2023. The attack is attributed to notorious Russian group APT29, the same entity recently involved in a Microsoft breach. The infringement went undetected in HPEs network for over six months, possibly linked to an earlier security event. Despite the intrusion, HPE reports no significant operational impact. The scale of the infraction remains undisclosed.

2024-01-24 20:27 (EST) - The Defense Intelligence Agency (DIA) is modernizing the Joint Worldwide Intelligence Communications System (JWICS), the federal governments global, top-secret intelligence network. This includes hardware updates, building redundancy, and a progressive shift towards regular cybersecurity evaluations instead of single initial assessments. The DIAs focus on cybersecurity includes monitoring from potential insider threats. The agency also plans to incorporate a zero trust security component controlling user access to specific data.

2024-01-24 16:35 (EST) - Hewlett Packard Enterprise (HPE) has announced a breach by suspected Russian hackers, Midnight Blizzard, resulting in data theft from their Microsoft Office 365 environment. The cyberattack initiated in May 2023 affected mainly cybersecurity and other operational departments. HPE acknowledges a possible connection to a similar breach the same month. The breach is under investigation with the help of external cybersecurity experts and law enforcement. HPE reassures that the breach has had no significant operational or financial impact.

2024-01-24 10:33 (EST) - Aleksandr Gennadievich Ermakov, a Russian national tied to the REvil ransomware group, faces sanctions from Australia, US, and UK for the 2022 Medibank cyber attack. During the attack, personal information of approximately 10 million people was stolen and leaked. Authorities linked Ermakov with various online aliases. Enforcement of these sanctions implies individuals providing assets, such as cryptocurrency or ransomware payments to Ermakov, commit an offense, aiming to deter association with Ermakov.

2024-01-23 18:08 (EST) - Russian national Alexander Ermakov has been sanctioned by the US, UK, and Australian governments for orchestrating a major ransomware attack on Medibank, Australias largest private health insurer, compromising data of 4 million Australians. Ermakov is linked to the notorious REvil ransomware operation, responsible for numerous global attacks. This move marks Australias first use of its cyber sanctions law, with authorities intending to apprehend Ermakov and investigate his associates.

2024-01-23 16:31 (EST) - A severe vulnerability (CVE-2023-35082) in Ivanti Endpoint Manager Mobile and MobileIron Core is being actively exploited. The flaw allows unauthorized remote access to user data and potential server modification. It affects all versions of Ivanti EPMM 11.10 to 11.8, and MobileIron Core 11.7 or lower. The cybersecurity firm Rapid7 has found the fault can be compounded with CVE-2023-35081 to allow attackers to write harmful web shell files. Federal agencies are urged to apply vendor-supplied corrections by February 8, 2024.

2024-01-23 16:28 (EST) - Kansas State University (K-State) is navigating a cyberattack which has disrupted various network systems, including VPN, university emails, and video services. Upon detecting the attack, affected systems were taken offline and IT forensic experts have been employed to assist ongoing investigations. The university assures efforts are being made for a safe system restoration. While some services, like K-State Today emails, will resume in a temporary format, no data breach affecting student or staff information has been reported so far.

2024-01-23 15:53 (EST) - At the Pacific Northwest National Laboratory (PNNL), researchers focus on cyber security, specifically using malware analysis and the zero trust principle. The aim is to predict and protect critical infrastructure from potential cyber threats. Senior researcher, Elena Peterson, and her team use information technology and operational technology, scrutinizing software, firmware, and network updates for malicious codes. Despite the challenges presented, especially with legacy systems, PNNLs mission is to constantly verify authenticity, securing networks and developing research.

2024-01-23 14:33 (EST) - A new ransomware operation, Kasseika, takes advantage of the Martini driver in TG Softs VirtIT Agent System to disable antivirus protection before encryption. It mirrors the attack chain and source code of the previously shut-down BlackMatter group, suggesting previous members or buyers of its code are behind Kasseika. Attacks start with phishing emails for initial access and conclude with a demand for Bitcoin, erasure of traces, and a deadline for decryption upon proof of payment. Trend Micro has provided associated indicators of compromise.

2024-01-23 14:01 (EST) - Hackers are using cracked software downloads to infiltrate Apple macOS users with a new malware that steals system information and cryptocurrency wallet data. The sophisticated attack involves a program called “Activator”, masquerading as a legitimate software patch, which prompts users to enter their system administrator password. This allows the malware to gain access, communicate with command servers, and execute payload scripts. The malware targets Bitcoin Core and Exodus crypto wallets, replacing them with infected versions that siphon off recovery phrases and wallet balances. This method marks a growing trend of using cracked software as a vehicular threat.

2024-01-23 13:55 (EST) - VexTrio, an operator of a vast traffic distribution system (TDS) with over 70,000 domains, is enabling significant cyber threats through scams, phishing, and malware, though not directly engaging in cybercrime. The group facilitates connections between threat actors who compromise vulnerable websites and those who host malicious content. Using complex evasion techniques and functioning like a legitimate TDS network, VexTrio serves more than 60 cybercrime affiliate groups and is regarded as a dominant threat actor by cyber security firm Infoblox.

2024-01-23 12:40 (EST) - In response to the Biden administrations AI executive order, MK Palmore, Director of Google Clouds Office of the CISO, points out that while AI adoption is rising, careful implementation, rigorous testing protocols and inclusion of diversity in dialogues are crucial.

2024-01-23 12:39 (EST) - North Korean advanced persistent threat (APT) group, ScarCruft, is reportedly planning attacks on cybersecurity researchers, intending to steal confidential threat intel and enhance its operational tactics. Recent evidence suggests ScarCruft is developing new malware and testing innovative infection chains. The group has historically targeted individuals and entities in South Korea and is likely to use disinformation about another North Korean APT, Kimsuky, to lure its targets. The end goal may involve using stolen information to refine unique cyberattack approaches, and impersonating cybersecurity professionals to launch targeted attacks.

2024-01-23 10:13 (EST) - Cyber threat groups ClearFake, SocGholish, and others have teamed up with VexTrio—an entity known as the largest malicious traffic broker—to expand their web crime activities via a “criminal affiliate program.” VexTrio, active since 2017, uses sophisticated traffic distribution systems to perpetuate scams, spyware, and adware on a network of an estimated 70,000 domains. Their unique business model partners with nearly 60 affiliates and strategically reroutes web traffic, posing a significant challenge to cybersecurity efforts.

2024-01-23 08:53 (EST) - The Federal Reserve Board of Governors, the Federal Reserve Bank of Richmond, and the MIT Internet Policy Research Initiative are hosting their second conference focusing on assessing cyber risks across the financial system. The inaugural 2022 conference emphasized on the challenge in managing risks that are hard to measure, like cyber risks, despite substantial investments in network security.

2024-01-23 08:10 (EST) - The Australian government sanctioned Russian national Aleksandr Gennadievich Ermakov, tied to the REvil ransomware group and the 2022 Medibank data breach, affecting 10 million people. Ermakov, who accessed and leaked customer data, including sensitive personal and health information, used multiple aliases online. Despite not being among the detentions in Russia earlier this year, Ermakovs public identification could hamper his activities. The sanctions also criminalize providing him with assets, including cryptocurrency or ransomware payments.

2024-01-23 05:08 (EST) - Researchers from NIST Trustworthy and Responsible AI are advancing Adversarial Machine Learning (AML) field through a thorough taxonomy of terms and definitions. Their work maps out AML attack strategies and offers insight into controlling such attacks. This taxonomy aims to deliver a common language in the AML domain enhancing security measures against rapidly changing threats. They address shortcomings of current mitigation strategies and tackle attacks on multiple data modalities and learning approaches.

2024-01-23 05:08 (EST) - The National Institute of Standards and Technology (NIST) has released a draft guide for improving cybersecurity measurement practices within organizations. The two-volume document, NIST SP 800-55 Revision 2, provides a roadmap for developing effective information security programs and encourages a data-driven approach to risk assessment. The public can offer comments until March 18, 2024. The guide, applicable with any risk management framework, promotes quantitative measures of risk for clearer insights and aims for more resource-efficient security practices.

2024-01-22 19:40 (EST) - The Defense Department continues to prioritize secure digitization and cloud services to accelerate its digital transformation journey. A pilot Joint Operational Edge connects US-based networks with tactical edge areas, leveraging secure cloud services for efficient decisions and resilience. Adoption of software-as-a-service is viewed as a balance between cost, ease of ownership and resilience. The Department of Navy and Air Force are focusing on better value proposition and managing risks, emphasizing the need for education, and integrated risk management capability.

2024-01-22 17:10 (EST) - The Stanford report identified presence of child sexual abuse material in LAION-5B, a popular dataset used for AI research. Despite efforts to filter illegal and harmful content, such instances raise ethical, legal, and trust issues, especially as federal agencies encourage AI research. The incident exemplifies the need for alternatives like the National Artificial Intelligence Research Resource (NAIRR) to provide reliable tools for AI development. The challenge highlights the risks of extracting data from the open web for research purposes.