It’s entirely possible that the U.S. government has undergone and is still suffering the fallout from the harshest, most potentially devastating cyber breach in the short history of digital information.
Reutersbroke the story last December that foreign entities the National Security Agency and FBI have identified them as the Russian hacking group APT29, also known as Dark Halo or Cozy Bear (logo pictured) had infiltrated several federal IT systems, including the Pentagon, National Institutes of Health, Homeland Security and State Department. This has been confirmed by highly-regarded security companies that include CrowdStrike, FireEye, Volexity and Microsoft, for starters.
By Eduard Kovacs on February 01, 2021
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) says many of the victims of the threat group that targeted Texas-based IT management firm SolarWinds were not directly linked to SolarWinds.
“While the supply chain compromise of SolarWinds first highlighted the significance of this cyber incident, our response has identified the use of multiple additional initial infection vectors. We have found that significant numbers of both the private-sector and government victims linked to this campaign had no direct connection to SolarWinds,” a CISA spokesperson told
SecurityWeek.
“This is an ongoing response, and we are still working with our government and private sector partners to fully understand this campaign, and to develop and share timely information to mitigate the threat posed by this adversary,” the agency said.
20 January 2021, 3:45 am EST By
Messaging apps are incredibly important these days as people are still unable to freely meet in person to talk, whether about personal things or any work/school-related stuff, but according to a security researcher, some of the apps we are using aren t as safe as we think they are.
(Photo : Pexels)
Logic Bugs Found in Messaging Apps
In a report by Bleeping Computer, Google Project Zero security researcher Natalia Silvanovich has found vulnerabilities in several messaging apps including Facebook Messenger, Signal, Google Duo, Mocha, and JioChat which allows attackers to listen to their victim s surroundings without consent before they pick up a call.
Malwarebytes says SolarWinds hackers accessed its internal emails
By
03:03 PM
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same threat actor, Malwarebytes CEO and co-founder Marcin Kleczynski said. We can confirm the existence of another intrusion vector that works by abusing applications with privileged access to Microsoft Office 365 and Azure environments. After an extensive investigation, we determined the attacker only gained access to a limited subset of internal company emails.