AP News | |

The Biden administration and Western allies formally blamed China on Monday for a massive hack of Microsoft Exchange email server software and asserted that criminal hackers associated with the Chinese government have carried out ransomware and other illicit cyber operations.

The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior Biden administration official described as part of a “pattern of irresponsible behavior in cyberspace.” They highlighted the ongoing threat from Chinese hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

Reuters | |

Microsoft said Thursday it has blocked tools developed by an Israeli hacker-for-hire company that were used to spy on more than 100 people around the world, including politicians, human rights activists, journalists, academics and political dissidents.

Microsoft issued a software update and worked with the Citizen Lab at the University of Toronto to investigate the secretive Israeli company behind the hacking efforts. Citizen Lab said the company goes by several names including Candiru, which according to legend is a parasitic fish found in the Amazon that attacks human private parts.

Kimberly Redmond | |

Cyber security company McAfee Corp (Nasaq: MCFE) said it has detected a vulnerability in Peloton Interactive Inc’s (Nasdaq: PTON) stationary exercise bicycles that enables hackers to access the equipment’s screen and potentially spy on riders through its microphone and camera.

In a report released Wednesday, McAfee said the threat most likely affects Peloton Bike+ in public, shared locations, such as hotels or gyms, because an attacker needs to physically access the screen using a USB drive containing a malicious code.

Kimberly Redmond | |

After this past weekend’s ransomware attack temporarily halted operations at JBS SA (OTC: JBSAY), the US Department of Agriculture (USDA) said it is unlikely that the pause will cause major disruptions to the industry.

The USDA told The Hill on Thursday that its daily production data shows “a strong rebound in cattle and hog slaughter” and that overall “the market is moving toward normalization.”

Bloomberg | |

A notorious Russia-linked hacking group is behind the cyberattack against JBS SA, according to four people familiar with the assault who were not authorized to speak publicly on the matter. The cyber gang goes by the name REvil or Sodinokibi.

While it’s unclear if all of REvil’s hackers operate in Russia, the group’s public face, a user on the dark web cyber-crime forum XSS who goes by the name “Unknown,” exclusively publishes in Russian. REvil typically uses a darkweb blog called “Happy Blog” to name victims when they decline to engage in ransom negotiations. REvil has yet to post a blog item dedicated to JBS.

Reuters | |

The group behind the SolarWinds cyber attack identified late last year is now targeting government agencies, think tanks, consultants, and non-governmental organizations, Microsoft Corp said on Thursday.

"This week we observed cyberattacks by the threat actor Nobelium targeting government agencies, think tanks, consultants, and non-governmental organizations," Microsoft said in a blog.

Reuters | |

Colonial Pipeline ramped up deliveries to fuel-starved markets up and down the East Coast on Friday following a nearly week-long outage caused by hackers, as Washington sought to reassure motorists that supplies would return to normal soon.

The strike on the nation's largest fuel pipeline was most disruptive cyberattack on record, triggering days of widespread panic buying that led filling stations across the U.S. Southeast to run out of gasoline, and pushing pump prices to their highest in years.

AP News | |

Suspected Russian hackers gained access to email accounts belonging to the Trump administration’s head of the Department of Homeland Security and members of the department’s cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what’s known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies and institutions across the country if it can’t protect itself.

Kimberly Redmond | |

A group of hackers reportedly breached Silicon Valley video and AI security startup Verkada Inc earlier this week and was able to gain unauthorized access to live feeds from over 150,000 security cameras.

After hacking into Verkada’s systems on Monday, the Switzerland-based collective, which calls itself “Advanced Persistent Threat 69420,” claims it had 36 hours of widespread access to surveillance footage within companies such as Tesla Inc (Nasdaq: TSLA), Nissan Motor Co (OTC US: NSANY), Cloudflare Inc (NYSE: NET) and Equinox Group, as well as hospitals, schools, prisons and police departments, Bloomberg reported.

Kimberly Redmond | |

The Biden administration is closely following a newly-discovered breach of Microsoft’s servers for its popular mail and calendar program, Exchange, which was reportedly carried out by Chinese hackers in late January.

Calling it an “active threat” with “a large number of victims,” White House press secretary Jen Psaki told reporters Friday, “We are still looking closely at what happened and the next steps that need to be taken.”