Russian hackers throw Trump victory party with new spear phishing campaign

As Trump was giving his victory speech, a new wave of spear phishing attacks from Russian hackers was already on its way using his win as click-bait. (credit: Gage Skidmore)

Less than six hours after Donald Trump won the US presidential election, a new spear phishing campaign was launched by a Russia-based group. The group is apparently one of the two organizations connected to the breach at the Democratic National Committee, and it's responsible for nearly a decade of intelligence collection campaigns against military and diplomatic targets.

Security firm Volexity refers to the group as "the Dukes" based on the malware family being utilized. According to a report by Volexity founder Steven Adair, the group is known for a malware family known as "the Dukes"—also referred to as APT29 or "Cozy Bear." The Dukes' primary targets in this latest round of attacks appear to be non-governmental organizations (NGOs) and policy think tanks in the US.

According to Volexity's data, the threat group sent e-mails from purpose-built Gmail accounts and what may be a compromised e-mail account from Harvard University's Faculty of Arts and Science. The phishing e-mails dropped a new variant of backdoor malware dubbed "PowerDuke" by Volexity, and this malware gave attackers remote access to compromised systems. Volexity has been tracking a number of campaigns based on PowerDuke since August, when some "highly targeted" malicious e-mails were sent to individuals at a number of policy research organizations in the US and Europe. The e-mails were disguised as messages from the Center for a New American Security (CNAS), Transparency International, the Council on Foreign Relations, the International Institute for Strategic Studies (IISS), and Eurasia Group. Another wave of similar e-mails targeted universities in October.

Read 4 remaining paragraphs | Comments

OpenSSL Releases Security Update

Original release date: November 10, 2016

OpenSSL version 1.1.0c has been released to address vulnerabilities in prior versions. Exploitation of some of these vulnerabilities may allow a remote attacker to cause a denial-of-service condition.

Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary update.


This product is provided subject to this Notification and this Privacy & Use policy.


Google Releases Security Updates for Chrome

Original release date: November 10, 2016

Google has released Chrome version 54.0.2840.99 for Windows and version 54.0.2840.98 for Linux. These new versions address multiple vulnerabilities that, if exploited, may allow an attacker to take control of an affected system.

US-CERT encourages users and administrators to review the Chrome Releases page and apply the necessary updates.


This product is provided subject to this Notification and this Privacy & Use policy.


Yahoo admits some staff knew of mega breach in 2014

(credit: Neon Tommy)

Yahoo admitted to the world—on a news day dominated by a guy called Trump—that some of its employees were aware that it had suffered a breach shortly after a "state-sponsored actor" hacked into the ailing Web firm's systems in 2014.

In a filing to the US Securities and Exchange Commission on Wednesday, Yahoo said that a panel of independent experts was looking at how much knowledge employees at the company had of the incident shortly after the massive breach had occurred.

Yahoo has previously stated that it only became aware of the hack attack following a "recent investigation." As Ars reported previously, Yahoo confirmed in September that at least half a billion of its user accounts had been breached.

Read 8 remaining paragraphs | Comments