Cyber News

Iris Experts Group (IEG) Meeting 2021

3 months 1 week hence
The Iris Experts Group (IEG) will hold their annual meeting on Thursday June 17, 2021. The meeting will be virtual using the BlueJeans Meeting platform. The meeting is a full day meeting with breaks scattered through the day. The IEG is a forum for the discussion of technical questions of interest to US government(USG) agencies and their staff that are employing or may employ iris recognition to carry out their mission. Members include subject matter experts from USG agencies, academia and the commercial world. The meeting agenda is based on input from the members. The agendas of past meetings
Pauline Truong

Third PQC Standardization Conference

2 months 4 weeks hence
The NIST Post-Quantum Cryptography Standardization Process has entered the third phase, in which 7 third round finalists and eight alternate candidates are being considered for standardization. NIST plans to hold a third NIST PQC Standardization Conference in June 2021 to discuss various aspects of these candidates, and to obtain valuable feedback for the final selection(s). NIST will invite each submission team of the 15 finalists and alternates to give a short update on their algorithm. The conference will take place virtually. Call for Papers Submission deadline: April 23, 2021 Notification
Thelma A. Allen

Microsoft Exchange Cyber Attack — What Do We Know So Far?

5 hours 9 minutes ago
Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious
Ravie Lakshmanan

Phishing Attack Uses Fake Google reCAPTCHA

5 hours 54 minutes ago
The campaign begins with phishing emails that appear to come from a unified communications system used for streamlining corporate communication. This email contains a malicious email attachment.

Google Will Use 'FLoC' for Ad Targeting Once 3rd-Party Cookies Are Dead

7 hours 54 minutes ago
Signaling a major shift to its ads-driven business model, Google on Wednesday unequivocally stated it would not build alternate identifiers or tools to track users across multiple websites once it begins phasing out third-party tracking cookies from its Chrome browser by early 2022. "Instead, our web products will be powered by privacy-preserving APIs which prevent individual tracking while
Ravie Lakshmanan

Extortion Gang Breaches Cybersecurity Firm Qualys Using Accellion Exploit

7 hours 54 minutes ago
Enterprise cloud security firm Qualys has become the latest victim to join a long list of entities to have suffered a data breach after zero-day vulnerabilities in its Accellion File Transfer Appliance (FTA) server were exploited to steal sensitive business documents. As proof of access to the data, the cybercriminals behind the recent hacks targeting Accellion FTA servers have shared
Ravie Lakshmanan

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

7 hours 55 minutes ago
Cybercriminals are now deploying remote access Trojans (RATs) under the guise of seemingly innocuous images hosted on infected websites, once again highlighting how threat actors quickly change tactics when their attack methods are discovered and exposed publicly. New research released by Cisco Talos reveals an active malware campaign targeting organizations in South Asia that utilize malicious
Ravie Lakshmanan

Microsoft Attack Blamed On China Morphs Into Global Crisis

10 hours 34 minutes ago
A sophisticated attack on Microsoft Corp.’s widely used business email software is morphing into a global cybersecurity crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

2 days 18 hours ago
At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
BrianKrebs