Browser makers Apple, Google, Microsoft, and Mozilla, have banned a root certificate that was being used by the Kazakhstan government to intercept and decrypt HTTPS traffic for residents in the country’s capital, the city of Nur-Sultan (formerly Astana). From a report: The certificate had been in use since December 6, 2020, when Kazakh officials forced local internet service providers to block…
Tag: CYBER
UK Use of Software Linked To Russia-Hack Runs Deep
The little-known Texas software company that’s been attacked by suspected Russian hackers has a sprawling reach among U.K. government agencies, potentially putting clients from the National Health Service to police forces at risk. From a report: SolarWinds, which fell victim to hackers who put a “backdoor” in the software giving them access to users’ computer networks, has been deployed by the…
Hackers Tied To Russia Hit US Nuclear Agency, Three States
The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber attack that struck a number of federal government agencies. Microsoft Corp. was also breached, and its products were used to further attacks on others, Reuters reported. Bloomberg reports: The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile,…
CISA and FBI Warn of Rise in Ransomware Attacks Targeting K-12 Schools
In a joint security alert published this week, the US Cybersecurity Infrastructure and Security Agency, along with the Federal Bureau of Investigation, warned about increased cyber-attacks targeting the US K-12 educational sector, often leading to ransomware attacks, the theft of data, and the disruption of distance learning services. From a report: “As of December 2020, the FBI, CISA, and MS-ISAC continue…
Some Ransomware Gangs are Now Phoning Victims Who Restore from Backups
“We recommend that you discuss this situation with us in the chat,” one caller warned, “or the problems with your network will never end.” ZDNet reports: In attempts to put pressure on victims, some ransomware gangs are now cold-calling victims on their phones if they suspect that a hacked company might try to restore from backups and avoid paying ransom…
Mysterious Phishing Campaign Targets Organizations in COVID-19 Vaccine Cold Chain
IBM’s cyber-security division says that hackers are targeting companies associated with the storage and transportation of COVID-19 vaccines using temperature-controlled environments — also known as the COVID-19 vaccine cold chain. From a report: The attacks consisted of spear-phishing emails seeking to collect credentials for a target’s internal email and applications. While IBM X-Force analysts weren’t able to link the attacks to…
FBI Warns of Email Forwarding Rules Being Abused in Recent Hacks
The US Federal Bureau of Investigation says that cyber-criminals are increasingly relying on email forwarding rules in order to disguise their presence inside hacked email accounts. From a report: In a PIN (Private Industry Notification) alert sent last week and made public today, the FBI says the technique has been seen and abused in recent BEC (Business Email Compromise) attacks reported…
Companies Urged To Adjust Hiring Requirements for Cyber Jobs
Companies need millions more cybersecurity professionals to fill roles around the world, but researchers say outlandish job requirements are the problem, rather than a lack of workers. From a report: Around 3.1 million professionals are needed to bridge the cybersecurity talent gap, a trade association for cybersecurity professionals estimated in a November report. The International Information System Security Certification Consortium, known…
India Bans Another 43 Chinese Apps Over Cybersecurity Concerns
India is not done banning Chinese apps. The world’s second largest internet market, which has banned over 175 apps with links to the neighboring nation in recent months, said on Tuesday it was banning an additional 43 such apps. From a report: Like with the previous orders, India cited cybersecurity concerns to block these apps. “This action was taken based on…
Baidu’s Android Apps Caught Collecting Sensitive User Details
Two Android applications belonging to Chinese tech giant Baidu were removed from the official Google Play Store at the end of October after they were caught collecting sensitive user details. From a report: The two apps — Baidu Maps and Baidu Search Box — were removed after Google received a report from US cyber-security firm Palo Alto Networks. Both apps had…