Security

Researchers have discovered never-before-seen malware, dubbed Hildegard, that is being used by the TeamTNT threat group to target Kubernetes clusters.

While Hildegard, initially detected in January 2021, is initially being used to launch cryptojacking operations, researchers believe that the campaign may still be in the reconnaissance and weaponization stage. Eventually, they warn, TeamTNT may launch a more large-scale cryptojacking attack via Kubernetes environments or steal data from applications running in Kubernetes clusters.

The first steps in the late 2020 hacking of the US Treasury Department may have begun at least nine months earlier with the suspected initial breach of SolarWinds networking software.

Following a Homeland Security agency's report that SolarWinds are not the only firm exploited in the hack, that network company is continuing to investigate as well. Its new CEO, Sudhakar Ramakrishna, says that there is evidence SolarWinds was originally hacked in December 2019.

It's been more than two months since revelations that alleged Russia-backed hackers broke into the IT management firm SolarWinds and used that access to launch a massive software supply chain attack. It now appears that Russia wasn't alone; Reuters reports that suspected Chinese hackers independently exploited a different flaw in SolarWinds products last year at around the same time, apparently hitting the US Department of Agriculture's National Finance Center.

Investigators at cybersecurity firm Check Point Research have discovered a vulnerability affecting the popular video-sharing platform TikTok that allowed threat actors to steal users’ private data.

The flaw, which has since been patched, raises questions about how much data users can safely share with mobile apps.

Apple on Tuesday released a new iOS software update that includes fixes for three security weaknesses in the former version.

The company said on its support website that it is aware of the three security bugs and that they "may have been actively exploited." The company also said it does not disclose details regarding security issues "until an investigation has occurred."

Security firm Malwarebytes said it was breached by the same nation-state-sponsored hackers who compromised a dozen or more US government agencies and private companies.

The attackers are best known for first hacking into Austin, Texas-based SolarWinds, compromising its software-distribution system and using it to infect the networks of customers who used SolarWinds’ network management software. In an online notice, however, Malwarebytes said the attackers used a different vector.

An Israeli cybersecurity firm has discovered some serious security flaws affecting a piece of popular Domain Name System (DNS) software. Jerusalem-based JSOF has disclosed seven vulnerabilities affecting dnsmasq, an open-source DNS forwarding program, that the firm has collectively called DNSpooq.

Vulnerabilities found in Signal, Google Duo, Facebook Messenger, and other messaging apps allowed attackers to listen in on users without their permission, security experts have warned.

“On January 29, 2019, a serious vulnerability was discovered in Group FaceTime which allowed an attacker to call a target and force the call to connect without user interaction from the target, allowing the attacker to listen to the target’s surroundings without their knowledge or consent,” Natalie Silvanovich, a security engineer at Google’s Project Zero, wrote.

The variety of techniques used by the SolarWinds hackers was sophisticated yet in many ways also ordinary and preventable, according to Microsoft.

To prevent future attacks of similar levels of sophistication, Microsoft is recommending organizations adopt a "zero trust mentality", which disavows the assumption that everything inside an IT network is safe. That is, organizations should assume breach and explicitly verify the security of user accounts, endpoint devices, the network and other resources.

A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest.

The intrusions have been linked to a threat actor that the cyber-security has been tracking under the name of Chimera. Believed to be operating in the interests of the Chinese state, the group's activities were first described in a report [PDF] and Black Hat presentation [PDF] from CyCraft in 2020.