America's Army Security Vulnerabilities

Both Sides in Russia-Ukraine War Heavily Using Telegram for Disinformation and Hacktivism

Cyber criminals and hacktivist groups are increasingly using the Telegram messaging app to coordinate their activities, leak data, and spread disinformation, as the Russia-Ukraine conflict enters its eighth day. A new analysis by Israeli cybersecurity company Check Point Research has found that...

Russia Releases List of IPs, Domains Attacking Its Infrastructure with DDoS Attacks

As the ongoing Russia-Ukraine conflict continues to escalate, the Russian government on Thursday released a massive list containing 17,576 IP addresses and 166 domains that it said are behind a series of distributed denial-of-service (DDoS) attacks aimed at its domestic infrastructure. Some of the....

Conti Ransomware Gang's Internal Chats Leaked Online After Siding With Russia

Days after the Conti ransomware group broadcasted a pro-Russian message pledging its allegiance to Vladimir Putin's ongoing invasion of Ukraine, an anonymous security researcher using the Twitter handle @ContiLeaks has leaked the syndicate's internal chats. The file dump, published by malware...

Ukraine-Russia Cyber Warzone Splits Cyber Underground

The Russia-Ukraine cyber warzone has split the Conti ransomware gang into warring factions, leading to a Ukrainian member spilling 60,000 of the group’s internal chat messages online. On Monday, vx-underground – an internet collection of malware source code, samples and papers that’s generally...

Ukraine’s Volunteer ‘IT Army’ Is Hacking in Uncharted Territory

The country has enlisted thousands of cybersecurity professionals in the war effort against...

Russia-Ukraine War: Phishing, Malware and Hacker Groups Taking Sides

Ukraine's Computer Emergency Response Team (CERT-UA) has warned of Belarusian state-sponsored hackers targeting its military personnel and related individuals as part of a phishing campaign mounted amidst Russia's military invasion of the country. "Mass phishing emails have recently been observed.....

Notorious TrickBot Malware Gang Shuts Down its Botnet Infrastructure

The modular Windows crimeware platform known as TrickBot formally shuttered its infrastructure on Thursday after reports emerged of its imminent retirement amid a lull in its activity for almost two months, marking an end to one of the most persistent malware campaigns in recent years. "TrickBot...

army-guide.com Cross Site Scripting vulnerability OBB-2383136

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Hackers Exploiting Infected Android Devices to Register Disposable Accounts

An analysis of SMS phone-verified account (PVA) services has led to the discovery of a rogue platform built atop a botnet involving thousands of infected Android phones, once again underscoring the flaws with relying on SMS for account validation. SMS PVA services, since gaining prevalence in...

Russian State-Sponsored Cyber Actors Target Cleared Defense Contractor Networks to Obtain Sensitive U.S. Defense Information and Technology

Summary Actions to Help Protect Against Russian State-Sponsored Malicious Cyber Activity: • Enforce multifactor authentication. • Enforce strong, unique passwords. • Enable M365 Unified Audit Logs. • Implement endpoint detection and response tools. From at least January 2020, through...

Researchers Link ShadowPad Malware Attacks to Chinese Ministry and PLA

Cybersecurity researchers have detailed the inner workings of ShadowPad, a sophisticated and modular backdoor that has been adopted by a growing number of Chinese threat groups in recent years, while also linking it to the country's civilian and military intelligence agencies. "ShadowPad is...

Tracking Secret German Organizations with Apple AirTags

A German activist is trying to track down a secret government intelligence agency. One of her research techniques is to mail Apple AirTags to see where they actually end up: Wittmann says that everyone she spoke to denied being part of this intelligence agency. But what she describes as a "good...

Webinar: How to See More, But Respond Less with Enhanced Threat Visibility

The subject of threat visibility is a recurring one in cybersecurity. With an expanding attack surface due to the remote work transformation, cloud and SaaS computing and the proliferation of personal devices, seeing all the threats that are continuously bombarding the company is beyond...

Cyber Threat Protection — It All Starts with Visibility

Just as animals use their senses to detect danger, cybersecurity depends on sensors to identify signals in the computing environment that may signal danger. The more highly tuned, diverse and coordinated the senses, the more likely one is to detect important signals that indicate danger. This,...

‘Be Afraid:’ Massive Cyberattack Downs Ukrainian Gov’t Sites

Cyberattackers brought down around 70 Ukrainian government websites on Friday, defacing the site of the foreign ministry with a message to “Be afraid and expect the worst.” The huge attack hit on Friday, unfolding hours after Russia and Western allies wrapped up fruitless talks intended to...

North Korean Hackers Stole Millions from Cryptocurrency Startups Worldwide

Operators associated with the Lazarus sub-group BlueNoroff have been linked to a series of cyberattacks targeting small and medium-sized companies worldwide with an aim to drain their cryptocurrency funds, in what's yet another financially motivated operation mounted by the prolific North Korean...

The three most significant cyberattacks of 2021

People that predict tomorrow’s weather by looking at today’s are often right. Cloudy today? It'll probably be cloudy tomorrow. The same is often true for cybersecurity threats. Looking back at 2021 it looks a lot like 2020: A lot of ransomware attacks. So, when I was asked to write about the...

Facebook Bans Spy-for-Hire Firms for Targeting 50K People

Meta, Facebook’s parent company, has kicked six alleged spy-for-hire “cyber-mercenaries” to the curb, along with a mysterious Chinese law-enforcement supplier. It accused the entities of collectively targeting about 50,000 people for surveillance. In a report (PDF) entitled “Threat Report on the...

Spider-Man Movie Release Frenzy Bites Fans with Credit-Card Harvesting

Friday’s release of Spider-Man: No Way Home is the first post-pandemic premiere to really have all the Hollywood blockbuster accessories: superheroes, Zendaya, a healthy dose of comic book nostalgia — even its own phishing scam. Researchers at Kaspersky warned that the release of Spider-Man: No...

Microsoft Details Building Blocks of Widely Active Qakbot Banking Trojan

Infection chains associated with the multi-purpose Qakbot malware have been broken down into "distinct building blocks," an effort that Microsoft said will help to proactively detect and block the threat in an effective manner. The Microsoft 365 Defender Threat Intelligence Team dubbed Qakbot a...

SideCopy APT: Connecting lures to victims, payloads to infrastructure

This blog post was authored by Hossein Jazi and the Threat Intelligence Team. Last week, Facebook announced that back in August it had taken action against a Pakistani APT group known as SideCopy. Facebook describes how the threat actors used romantic lures to compromise targets in Afghanistan. In....

CMMC 2.0 – what, how, and why act now?

With the recent streamlining of the Cybersecurity Maturity Model Certification (CMMC) framework, the path to assure Defense Industrial Base (DIB) cybersecurity has changed dramatically from what was originally planned. There's a lot to learn about CMMC 2.0, but the objective remains the same:...

What Avengers Movies Can Teach Us About Cybersecurity

Marvel has been entertaining us for the last 20 years. We have seen gods, super-soldiers, magicians, and other irradiated heroes fight baddies at galactic scales. The eternal fight of good versus evil. A little bit like in cybersecurity, goods guys fighting cybercriminals. If we choose to go with.....

Facebook Bans Pakistani and Syrian Hacker Groups for Abusing its Platform

Meta, the company formerly known as Facebook, announced Tuesday that it took action against four separate malicious cyber groups from Pakistan and Syria who were found targeting people in Afghanistan, as well as journalists, humanitarian organizations, and anti-regime military forces in the West...

RE:WIRED 2021: Jen Easterly Wants Hackers to Help US Cyber Defense

The retired Army officer played offense at the NSA and the Pentagon. Now she's learning to play...

14 New Security Flaws Found in BusyBox Linux Utility for Embedded Devices

Cybersecurity researchers on Tuesday disclosed 14 critical vulnerabilities in the BusyBox Linux utility that could be exploited to result in a denial-of-service (DoS) condition and, in select cases, even lead to information leaks and remote code execution. The security weaknesses, tracked from...

Multiple BusyBox Security Bugs Threaten Embedded Linux Devices

Researchers have discovered 14 critical vulnerabilities in a popular program used in embedded Linux applications, all of which allow for denial of service (DoS) and 10 that also enable remote code execution (RCE), they said. One of the flaws also could allow devices to leak info, according to...

A Guide to Doing Cyberintelligence on a Restricted Budget

For those in the industry, it comes as no surprise that many cybersecurity programs have been impacted by loss of revenue during the pandemic. From cutting tooling and feed budgets to reduction in staff, it’s been challenging at best. In a recent SANS 2021 survey, “Threat Hunting In Uncertain...

Have You Checked the New Kubernetes RBAC Swiss Army Knife?

Kubernetes Role-Based Access Control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to...

US Navy ship Facebook page hijacked to stream video games

The official Facebook page of the US Navy’s destroyer-class warship, USS Kidd, has been hijacked. According to Task & Purpose, who first reported on the incident, the account has done nothing but stream Age of Empires, an award-winning, history-based real-time strategy (RTS) video game wherein...

Ex-army admin jailed for 12 years over US military health data theft

By Deeba Ahmed Frederick Brown, a medical data technician & admin associated with the 65th Medical Brigade of the US Army caused millions of dollars in losses. This is a post from HackRead.com Read the original post: Ex-army admin jailed for 12 years over US military health data...

Transnational Fraud Ring Bilks U.S. Military Service Members Out of Millions

More than 3,300 U.S. military service members, military dependents and civilians employed by the Department of Defense were compromised as part of a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the Department of Veterans Affairs. A....

Pwncat - Fancy Reverse And Bind Shell Handler

pwncat is a post-exploitation platform for Linux targets . It started out as a wrapper around basic bind and reverse shells and has grown from there. It streamlines common red team operations while staging code from your attacker machine, not the target. pwncat used to only support Linux, but...

All Vulnerabilities for apntoil.army.mil Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| apntoil.army.mil ---|--- Open Bug...

Porn Problem: Adult Ads Persist on US Gov't, Military Sites

U.S. military and government website subdomains have a sticky problem: They’re “quite vulnerable” to blackhat SEO tactics that result in persistent redirects to spammy Viagra ads and porn videos. An example is one that showed up on a dot.mil subdomain on the Minnesota National Guard site (you can.....

Romance, BEC Scams Lands Soldier in Jail for 46 Months

A former Army reservist was just sentenced to 46 months in prison and ordered to pay nearly $2 million in penalties and restitution, after pleading guilty to scamming dozens of people online, including the elderly and a veteran’s organization for Marines. Joseph Iorhemba Asan Jr. along with his...

Fighting the Rogue Toaster Army: Why Secure Coding in Embedded Systems is Our Defensive Edge

There are plenty of pop culture references to rogue AI and robots, and appliances turning on their human masters. It is the stuff of science fiction, fun, and fantasy, but with IoT and connected devices becoming more prevalent in our homes, we need more discussion around cybersecurity and safety......

Army Testing Facial Recognition in Child-Care Centers

Live video feeds of daycare centers are common, but the Army wants to take their kid-monitoring capabilities to the next level. Under a new pilot program being rolled out at a Fort Jackson, S.C. child-care center, the military is looking for service providers to layer commercially available facial....

army-uk.com Cross Site Scripting vulnerability OBB-2124019

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its...

Breaking the Security Barrier of a Globally Deployed Infusion Pump

ARCHIVED STORY Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump By Douglas McKee, Steve Povolny and Philippe Laulheret · August 24, 2021 Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th,...

Vulnerabilities in Globally Used B. Braun Infusion Pump

ARCHIVED STORY McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump Douglas McKee and Philippe Laulheret · Aug 24, 2021 Overview As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR)...

Breaking the Security Barrier of a Globally Deployed Infusion Pump

ARCHIVED STORY Overmedicated: Breaking the Security Barrier of a Globally Deployed Infusion Pump By Douglas McKee, Steve Povolny and Philippe Laulheret · August 24, 2021 Cyberattacks on medical centers are one of the most despicable forms of cyber threat there is. For instance, on October 28th,...

Vulnerabilities in Globally Used B. Braun Infusion Pump

ARCHIVED STORY McAfee Enterprise ATR Uncovers Vulnerabilities in Globally Used B. Braun Infusion Pump Douglas McKee and Philippe Laulheret · Aug 24, 2021 Overview As part of our continued goal to provide safer products for enterprises and consumers, we at McAfee Advanced Threat Research (ATR)...

Black Hat: Scaling Automated Disinformation for Misery and Profit

LAS VEGAS – Researchers recently demonstrated the weaponization of deep neural networks that can be used to shape public opinion, enrage people on Twitter and possibly spark QAnon 2.0. The research, presented last week at Black Hat by Drew Lohn, senior fellow at the Center for Security and...

Home routers are being hijacked using vulnerability disclosed just 2 days ago

The early bird catches the worm. Unless the worm was early enough to hide. On August 3, 2021 a vulnerability that was discovered by Tenable was made public. Only two days later, on August 5, Juniper Threat Labs identified some attack patterns that attempted to exploit this vulnerability in the...

Black Hat: New CISA Head Woos Crowd With Public-Private Task Force

LAS VEGAS – Just weeks after the U.S. Senate confirmed Jen Easterly to lead the Cybersecurity and Infrastructure Security Agency (CISA), the new director spoke at Black Hat USA 2021 on Thursday, albeit virtually, announcing a major public-private partnership to fight cybercrime. Called the Joint...

Game Over: How to Stop DDoS Attacks on Online Gamers

You’re just about to take out a long-time rival, claim Victory Royale or round out a royal flush when your ping spikes or you’re DCed. Chances are you, or the game you’re playing, have been hit by a denial of service (DoS) attack. What’s the story? A recent report cited that of all cyber attacks...

Exploit for Vulnerability in Asrock Rgb Driver Firmware

How to exploit a vulnerable windows driver Exploit and Proof...

Don Spies and Kim Grauer on tracking illicit Bitcoin transactions

In this episode of Security Nation, we’re joined by Don Spies and Kim Grauer of Chainalysis. They discuss the relationship between ransomware and cryptocurrency and how Chainalysis leverages unique characteristics of the latter to combat the former. Stick around for our Rapid Rundown, where Tod...

Pakistan-linked hackers targeted Indian power company with ReverseRat

A threat actor with suspected ties to Pakistan has been striking government and energy organizations in the South and Central Asia regions to deploy a remote access trojan on compromised Windows systems, according to new research. "Most of the organizations that exhibited signs of compromise were.....