‘Russian Hackers’ Again Target German MPs: Report
Hackers used phishing emails to gain access to the computers of at least seven federal MPs and 31 lawmakers in regional parliaments, according to Der Spiegel weekly. A spokesman for the lower house of parliament confirmed the cyber attack but said there was “currently no indication” of a direct attack on the IT infrastructure of…
Purple Fox Malware Squirms Like a Worm on Windows
The malware campaign, dubbed Purple Fox, has been active since at least 2018 and the discovery of the new worm-like infection vector is yet another sign that consumer-grade malware continues to reap profits for cybercriminals. According to Guardicore researcher Amit Serper, the Purple Fox operators primarily used exploit kits and phishing emails to build botnets…
Insurer CNA Says Cyberattack Caused Network Disruption
The Chicago, Illinois-based company is one of the largest commercial insurers in the United States, offering cyber insurance policies alongside a broad range of other insurance products. In a March 23 announcement, the company revealed that, over the weekend, it fell victim to a cyberattack that impacted certain systems, and which resulted in network disruptions….
Remote Code Execution Vulnerability Patched in Apache OFBiz
A Java-based web framework, Apache OFBiz is an open source enterprise resource planning (ERP) system that includes a suite of applications to automate business processes within enterprise environments, and which can be used across any industry. OFBiz is one of the platforms that was affected by a Java serialization vulnerability identified and reported in 2015,…
Researchers Raise Alarm for F5 BIG-IP Malware Attacks
Malware hunters at U.K.-based NCC Group are raising the alarm for mass scanning and “multiple exploitation attempts” with exploits targeting critical security flaws in the F5 enterprise networking infrastructure products. The vulnerabilities were patched on March 10 and are considered high-priority fixes because of the risk of exposure to authentication bypass and remote code execution…
US Sentences Russian, North Macedonian in Cyber Fraud Case
Sergey Medvedev, 33, of Russia and Marko Leopard, 31, of North Macedonia, were sentenced to ten and five years respectively, according to a Justice Department statement. Both had previously pleaded guilty to criminal conspiracy in federal court in Nevada. Medvedev, arrested in Thailand in 2018, co-founded the “Infraud Organization,” a marketplace for “counterfeit documents, stolen…
Here’s How Security Flaws in GE Relays Could Be Exploited in Real World Attacks
Grid Solutions is a GE Renewable Energy business that provides electricity management solutions for the energy sector, including oil and gas, as well as industry and infrastructure organizations. Advisories published this week by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and GE Grid Solutions (account required) inform customers that more than a dozen UR…
FBI: Cybercrime Victims Reported Losses of $4.2 Billion in 2020
The number of complaints received by the FBI in 2020 increased significantly compared to the previous year, when it got roughly 467,000 complaints. The total reported losses for 2019 were approximately $3.5 billion. Since 2016, reported losses total $13.3 billion, the agency said. The FBI said its Recovery Asset Team, which it established in 2018…
FBI Warns of PYSA Ransomware Attacks on Education Institutions in US, UK
Last year, authorities in the UK and France also issued alerts for the PYSA ransomware, following attacks on government and other types of organizations. According to the FBI, PYSA attacks have been launched by “unidentified cyber actors” against higher education, K-12 schools and seminaries in a dozen U.S. states, as well as the U.K. The…
US Teen ‘Mastermind’ in Epic Twitter Hack Sentenced to Prison
A Florida teenager accused of masterminding a Twitter hack of celebrity accounts in a crypto currency scheme has been sentenced to three years in juvenile prison in a plea agreement, officials said. State prosecutors announced the deal Tuesday in the case of Graham Ivan Clark, 18, described as the mastermind of the July 2020 “Bit-Con”…
