Cozy Bear, or APT29, the Russian state-sponsored cyber-espionage group, appears to be active again , and it is thought to be impersonating the United States State Department in a large spear-phishing campaign.
Neither CrowdStrike nor FireEye has directly blamed Cozy Bear, saying attribution is still in progress, but FireEye noted , “This campaign has targeted over 20 FireEye customers across: Defense, Imagery, Law Enforcement, Local Government, Media, Military, Pharmaceutical, Think Tank, Transportation, and US Public Sector industries in multiple geographic regions.”
Other cybersecurity news: windows 10 update creates network and security issuesMicrosoft confirmed that Windows 10 October 2018 Update, aka version 1809, has caused issues that involve losing network access. The same re-released Windows 10 update has compatibility issues with some Trend Micro security products .
Some Windows Insiders were outraged after an update to the Windows 10 Mail app enabled ads for non-Office 365 subscribers. Careful not to get whiplash, as Microsoft had posted and then deleted an FAQ about the ads in Mail for Windows 10 . Frank Shaw, lead communications spokesman for Microsoft, said , “This was an experimental feature that was never intended to be tested broadly and is being turned off.”
Amazon blocks public access to S3 storage buckersPerhaps we will hear of fewer AWS S3 data storage bucket leaks now that Amazon Web Services has rolled out new security features , including an option to block public access to S3 buckets.
Trump signs bill that creates new cybersecurity agencyU.S. President Donald Trump signed a cybersecurity bill into law on Friday. The Cybersecurity and Infrastructure Security Agency Actnames the Department of Homeland Security's National Protection and Program Directorate as the head of this new cybersecurity agency.
Voxox database misconfiguration exposes over 26M text messages and moreThe communications company Voxox failed to protect a server with a password, resulting in the exposure of “a massive database” that contains over 26 million text messages, as well as “password reset links, two-factor codes, shipping notifications,” and other personal information. “The ability to access two-factor codes in near real-time could have put countless number of accounts at risk of hijack,” security researcherDylan Katz told TechCrunch.
Facebook denies trying to hide Russian interference with electionFacebook’s Sheryl Sandberg denied claims made in a New York Times report that she and Mark Zuckerberg were reluctant to come clean about the Russian interference with the 2016 election.
Federal charges against Julian Assange tied to Russian hackingFederal prosecuters accidentally revealed that criminal charges have been filed against WikiLeaks founder Julian Assange . The charges apparently are related his ties to the Russian government and its hacking .
Vulnerabilities and cyber attacks Hacking ATMs is just too easy, according to a new reportby Positive Technologies (pdf). Of the tested ATMs, 69 percent were vulnerable to Black Box attacks. The firm warned , “Performing the entire attack―connecting the device to the ATM, bypassing security, and collecting the cash―would take just 10 minutes on some ATM models.” While certainly not the first to show how easily fingerprint biometric security can be undermined, New York University researchers used a neural network to generate fake fingerprints , dubbed DeepMasterPrints, which work like a master key does to locks. They were able to imitate more than one in five prints, opening up the possibility of fingerprint-based dictionary attacks.Interesting research on creating synthetic fingerprints that can match a large number of real fingerprints. These would be Master Prints, just like we have Master Keys for locks. #GAN https://t.co/YzNjfHzZpB pic.twitter.com/2n39On45pP
― Mikko Hypponen (@mikko) November 13, 2018 Beware the “ Kitten of Doom ” DoS attack, which involves sending 100 emojis to a target’s Skype for Business or Lync client. SEC Consult Vulnerability Lab warned that if besieged with emojis, the instant messaging client will not be usable until the attack ends. Juniper Threat Labs discovered that attackers are actively scanning for misconfigured publicly exposed Docker services in the cloud in order to add their own containers and infect them with Monero miners. The infection chain spreads automatically via utilities and scripts. Hardware version A of D-Link DIR-850L wireless routers need updated firmware, as the devices have an authen