Daily Cyber Brief

Iranian APT exploited Log4j vulnerability to gain access into US Gov network, Chinese APT infiltrates Certificate Authority, and Germany warns of Qatari World Cup spyware...

Cybersecurity

Iranian cyberspies exploited Log4j to break into a US govt network

Iranian state-sponsored cyber criminals used an unpatched Log4j flaw to break into a US government network, illegally mine for cryptocurrency, steal credentials and change passwords, and then snoop around undetected for several months, according to CISA. In an…

China-Based Billbug APT Infiltrates Certificate Authority

The state-sponsored cyberattack group known as Billbug managed to compromise a digital certificate authority (CA) as part of an wide-ranging espionage campaign that stretched back to March — a concerning development in the advanced persistent threat (APT) playbook…

Germany says nein to Qatari World Cup spyware, err, apps

World Cup apps from the Qatari government collect more personal information than they need to, according to Germany's data protection agency, which this week warned football fans to only install the two apps "if it is absolutely necessary." Also: consider using a burner phone…

Are We Ready for AI-Generated Code?

In recent months, we've marveled at the quality of computer-generated faces, cat pictures, videos, essays, and even art. Artificial intelligence (AI) and machine learning (ML) have also quietly slipped into software development, with tools like GitHub Copilot, Tabnine, Polycode…

WASP malware stings Python developers

Malware dubbed WASP is using steganography and polymorphism to evade detection, with its malicious Python packages designed to steal credentials, personal information, and cryptocurrency. Researchers from Phylum and Check Point earlier this month reported…

Russia’s cyber personnel has ‘underperformed’ in Ukraine: U.S. Defense official

A senior Pentagon official on Wednesday said that Russia’s cyber personnel “underperformed” during the initial invasion of Ukraine, prompting it to ultimately rely less on digital attacks during the now months-long conflict than was expected. Speaking at the Aspen Cyber…

LockBit Remains Most Prolific Ransomware in Q3

The infamous LockBit ransomware variant remained the most widespread in the third quarter of 2022, accounting for over a fifth (22%) of detections, according to a new report from Trellix. The threat intelligence vendor analyzed proprietary data from its sensor network, open…

State-Backed APT Group Activity Continuing Apace

High levels of advanced persistent threat (APT) group activity from Russia, China, Iran and North Korea has continued since the Russian invasion of Ukraine, according to the ESET APT Activity Report T2 2022. ESET researchers analyzed cyber activities of many of these…

Networking Tech Vulnerability Could Be Used to Hack Spacecraft: Researchers

The flaw affects Time-Triggered Ethernet (TTE), a networking technology specifically designed for real-time applications and cyber-physical systems with high safety and availability requirements. TTE is often used to reduce costs and improve efficiency as it…

Disneyland Malware Team: It’s a Puny World After All

A financial cybercrime group calling itself the Disneyland Team has been making liberal use of visually confusing phishing domains that spoof popular bank brands using Punycode, an Internet standard that allows web browsers to render domain names with non-Latin…

Daily Cyber Brief

Iranian APT exploited Log4j vulnerability to gain access into US Gov network, Chinese APT infiltrates Certificate Authority, and Germany warns of Qatari World Cup spyware...

Cybersecurity

Join the conversation

Overt Operator