‘They knew I was running late to meetings’: Former DHS chief on reports that SolarWinds hackers targeted his emails
Former Acting Secretary for the Department of Homeland Security Chad Wolf on Monday recounted the intense first days of the SolarWinds crisis, and remarked on recent reports that the suspected Russian hackers behind the attack had gained access to his email account. “My first question was: were these unclassified email accounts? The answer was yes,” Wolf said at a virtual talk hosted by the Heritage Foundation. “It’s still concerning, but it would have been even more of a concern if they had access to the lines that DHS does its most sensitive work on.”
Facebook takes down troll farm linked to Iranian opposition group
Facebook on Tuesday announced it had removed 14 networks in 11 countries for using fake accounts to amplify deceptive campaigns, including one linked to an exiled militant Iranian group operating a troll farm out of Albania. The social media giant took down 1,167 Facebook accounts, 290 Instagram accounts, 255 Pages, and 34 Groups in the month of March for their connections to these “coordinated inauthentic behavior” campaigns, which targeted a range of countries including Israel, Mexico, Benin, and Georgia…
US says APTs are using Fortinet bugs to gain initial access for future attacks
In a joint security alert published today, on Friday, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) said they’d observed multiple state-sponsored hacking groups scanning the web for Fortinet devices in order to find and gain access to sensitive networks so they could launch future attacks.
Google: North Korean hackers are still targeting security researchers
The North Korean government-backed hackers who spent last year trying to lure security professionals to malicious sites to infect their systems with malware have returned with new attacks.
DHS chief lays out a cybersecurity vision with a focus on ransomware and infrastructure
The top official at the Department of Homeland Security announced today a series of 60-day cybersecurity-focused “sprints” aimed at focusing the department’s efforts on ransomware, industrial control systems, and other priorities. Alejandro Mayorkas, who was sworn in as DHS Secretary last month, said during a virtual talk hosted by the RSA Conference that his department is working on a proposal for a “Cyber Response and Recovery Fund” to provide assistance to state, local, tribal and territorial governments dealing with cyberattacks….
‘We’re responding in election cycles:’ Niloofar Razi Howe on the big changes needed to prevent the next SolarWinds attack
In a hearing held by the House Committee on Appropriations last week, Niloofar Razi Howe described 2021 as “one of the most consequential years in cybersecurity—and it’s only March.” Between the fallout from the SolarWinds supply chain attack, Microsoft Exchange vulnerabilities, and a surge in ransomware incidents, cybersecurity experts in both the private and public sectors have a lot to worry about. The Biden administration and lawmakers across party lines have made the incidents a top priority, with many calling on the U.S. to harden defenses and aggressively respond to nation state intrusions….
Iranian cyberspies target professionals at medical research organizations in the US, Israel
Hackers linked to Iran have targeted 25 senior professionals at various medical research organizations located in a the US and Israel as part of a weeks-long phishing campaign, email security firm Proofpoint revealed today.
RedEcho group parks domains after public exposure
A Chinese hacking group linked to a campaign that targeted India’s power grid and critical infrastructure entities has taken down its attack infrastructure after having its operations exposed at the end of February 2021.
Several German politicians reportedly targeted in hack blamed on Russia
At least seven members of Germany’s Bundestag and 31 members of the state parliament have been targeted by a hack that is believed to be the work of Russia’s GRU military intelligence unit, German newspapers reported Friday. Frank Bergmann, a spokesman for the Bundestag, told The Record that the parliamentary body was promptly informed of the incident by government authorities, and all members of parliament who were affected were notified. According to information available so far, Bergmann said there was no direct attack on the infrastructure of the German Bundestag…
NSA director says U.S. has a ‘blind spot’ for detecting attacks like SolarWinds, Microsoft Exchange
The top official at the U.S. National Security Agency and U.S. Cyber Command told lawmakers on Thursday that the common failing with recent high-profile cyber attacks boils down to U.S. government agencies having a gap in visibility of foreign hackers using domestic infrastructure to launch attacks. At a hearing held by the U.S. Senate Committee on Armed Services, General Paul Nakasone repeatedly emphasized that nation state adversaries are aware of this gap and are actively exploiting it in part because it allows them to better evade the eye of intelligence agencies like the NSA that are focused on activity conducted outside the U.S….