Collaborating Authors

Election meddling by Iran, Russia, China to amp up prior to presidential election

FOX News

Fox News Flash top headlines are here. Check out what's clicking on In the wake of the Treasury Department citing "brazen attempts to sow discord" in the U.S. election process by Iran, other nation-state actors are ratcheting up activity in the final week before the election. Based on recent activity, the three biggest threats are coming from Iran, Russia, and China, according to a new report by cybersecurity firm Digital Shadows. Last week, the U.S. Treasury Department warned about "components" of the Iranian Government, disguised as media outlets, attempting to subvert U.S. democratic processes and influence the election.

Hackers Created Thousands of Coronavirus (COVID-19) Related Sites As Bait


As the world comes to grips with the coronavirus pandemic, the situation has proven to be a blessing in disguise for threat actors, who've taken advantage of the opportunity to target victims with scams or malware campaigns. Now, according to a new report published by Check Point Research today and shared with The Hacker News, hackers are exploiting the COVID-19 outbreak to spread their own infections, including registering malicious Coronavirus-related domains and selling discounted off-the-shelf malware in the dark web. "Special offers by different hackers promoting their'goods' -- usually malicious malware or exploit tools -- are being sold over the darknet under special offers with'COVID19' or'coronavirus' as discount codes, targeting wannabe cyber-attackers," the cybersecurity firm said. COVID-19 Discounts: Exploit Tools for Sale The report comes following an uptick in the number of malicious coronavirus-related domains that have been registered since the start of January. "In the past three weeks alone (since the end of February 2020), we have noticed a huge increase in the number of domains registered -- the average number of new domains is almost 10 times more than the average number found in previous weeks," the researchers said.

Cyberattackers are delivering malware by using links from whitelisted sites


Bad actors have added a new snare to their bag of social engineering tricks-- malicious OneDrive, Google Drive, iCloud, and Dropbox links. A new whitepaper from Menlo Security "Is SaaS the New Trojan Horse in the Age of the Cloud?" describes this latest attack vector. Links to these legitimate sites can often slip by standard security measures that stop malware and block access to suspicious sites. Many of these services are whitelisted by security products because they are approved services, meaning that an enterprise has few or no defenses against these advanced attacks. These services are the latest tactic designed to dupe users into divulging their credentials or unknowingly download and install malware.

LuckyMouse threat group strikes national data center to exploit government websites


Chinese-speaking threat actors have launched a campaign against a national data center in a bid to compromise government resources. On Wednesday, researchers from Kaspersky Labs said that the campaign was detected back in March, but is believed to have been active since fall 2017. In a blog post, the team said the ongoing attack is the work of a Chinese-speaking threat group dubbed LuckyMouse, otherwise known as EmissaryPanda and APT27. The hackers chose a significant target for the campaign -- a national data center in central Asia. It is believed that the data center was chosen for one specific reason; access to a "wide range of government resources at one fell swoop."

Chinese cyberspies targeted Tibetans with a malicious Firefox add-on


Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems. Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly. The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of TA413. Proofpoint said the attackers targeted Tibetan organizations with spear-phishing emails that lured members on websites where they'd be prompted to install a Flash update to view the site's content.