Cybersecurity

Confronting Reality in Cyberspace: Foreign Policy for a Fragmented Internet

The global internet—a vast matrix of telecommunications, fiber optics, and satellite networks—is in large part a creation of the United States. The technologies that underpin the internet grew out of federal research projects, and U.S. companies innovated, commercialized…

ChromeLoader: New Stubborn Malware Campaign

In January 2022, a new browser hijacker/adware campaign named ChromeLoader (also known as Choziosi Loader and ChromeBack) was discovered. Despite using simple malicious advertisements, the malware became widespread, potentially leaking data from thousands…

New ‘Luna Moth’ hackers breach orgs via fake subscription renewals

A new data extortion group has been breaching companies to steal confidential information, threatening victims to make the files publicly available unless they pay a ransom. The gang received the name Luna Moth and has been active since at least March in phishing…

Millions in cryptocurrency stolen in phishing attacks on Uniswap users

A phishing attack on users of Uniswap, a decentralized cryptocurrency exchange, has caused millions of dollars in losses. The incident first came to light on Monday when Binance CEO Changpeng Zhao said his threat intelligence team “detected a potential exploit on Uniswap…

Microsoft Issues Fixes for 84 Vulnerabilities: Here's What to Patch Now

Microsoft today released patches for 84 vulnerabilities across its product categories, including one bug now actively exploited and four that the company rated as critical severity. The July security update also includes fixes for four elevation of privilege vulnerabilities in the…

CISA orders agencies to patch new Windows zero-day used in attacks

CISA has added an actively exploited local privilege escalation vulnerability in the Windows Client/Server Runtime Subsystem (CSRSS) to its list of bugs abused in the wild. This high severity security flaw (tracked as CVE-2022-22047) impacts both server and client Windows…

‘Callback’ Phishing Campaign Impersonates Security Firms

Victims instructed to make a phone call that will direct them to a link for downloading malware. A new callback phishing campaign is impersonating prominent security companies to try to trick potential victims into making a phone call that will instruct them to download…

Microsoft: Phishing bypassed MFA in attacks against 10,000 orgs

Microsoft says a massive series of phishing attacks has targeted more than 10,000 organizations starting with September 2021, using the gained access to victims' mailboxes in follow-on business email compromise (BEC) attacks. The threat actors used landing pages…

European Central Bank Head Targeted in Hacking Attempt

The European Central Bank said Tuesday that its president, Christine Lagarde, was targeted in a hacking attempt but no information was compromised. The attempt took place “recently,” the Frankfurt-based central bank for the 19 countries that use the euro said in an…

Aerojet Rocketdyne Pays $9m Settlement Over Whistleblower Allegations

US government contractor Aerojet Rocketdyne has paid a $9m settlement after allegations that it misrepresented its compliance with US government security requirements. The El Segundo, California, company violated the False Claims Act, according to allegations…