MoleRats APT Launches Spy Campaign on Bankers, Politicians, Journalists

State-sponsored cyberattackers are using Google Drive, Dropbox and other legitimate services to drop spyware on Middle-Eastern targets and exfiltrate data. Malicious files doctored up to look like legitimate content related…

Merck Awarded $1.4B Insurance Payout over NotPetya Attack

Court rules ‘War or Hostile Acts’ exclusion doesn’t apply to the pharma giant’s 2017 cyberattack. Unsealed court records show pharmaceutical giant Merck was awarded a $1.4 billion payout last month…

Destructive Wiper Targeting Ukraine Aimed at Eroding Trust, Experts Say

Disruptive malware attacks on Ukrainian organizations (posing as ransomware attacks) are very likely part of Russia’s wider effort to undermine Ukraine’s sovereignty, according to analysts. Russia is positioned for a…

Cloned Dept. of Labor Site Hawks Fake Government Contracts

A well-crafted but fake government procurement portal offers the opportunity to submit a bid for lucrative government projects — but harvests credentials instead. A new phishing campaign is targeting aspiring…

Will 2022 Be the Year of the Software Bill of Materials?

Praise be & pass the recipe for the software soup: There’s too much scrambling to untangle vulnerabilities and dependencies, say a security experts roundtable. Here, have a can of soup.…

QR codes can eat your lunch, FBI warns

Written by Joe Warminsky Jan 18, 2022 | CYBERSCOOP QR codes are among the few “winners” of the coronavirus pandemic, the joke goes, because restaurants and other businesses have deployed…

‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

As Moscow moves troops and threatens military action, about 70 Ukrainian government sites were hit. “Be afraid” was scrawled on the Foreign Ministry site. Cyberattackers brought down around 70 Ukrainian…

Russian Security Takes Down REvil Ransomware Gang

The country’s FSB said that it raided gang hideouts; seized currency, cars and personnel; and neutralized REvil’s infrastructure. At the request of U.S. authorities. Russia’s Federal Security Service (FSB) has…

FBI shifting cybercrime focus from arrests, indictments to payment seizures, incident response

Written by Tim Starks Jan 13, 2022 | CYBERSCOOP In 2022, the FBI is looking to approach cybercrime differently. During separate public appearances on Thursday, two FBI officials said the…

US Military Ties Prolific MuddyWater Cyberespionage APT to Iran

US Cyber Command linked the group to Iranian intelligence and detailed its multi-pronged, increasingly sophisticated suite of malware tools. U.S. Cyber Command has confirmed that MuddyWater – an advanced persistent…