Russian government hackers working for the GRU military intelligence unit have been exploiting a vulnerability in a mail relay software since August of last year, the National Security Agency warned in an alert Thursday morning. The hackers responsible for the exploitation are publicly known as Sandworm. The rare attribution from the NSA comes amid a broader agency effort to share more unclassified threat intelligence publicly, and just three months after the U.S. government publicly connected the Sandworm group with Russian government for the first time. Dive in with Shannon Vavra.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Everyone wants to be the WHO

Hack-for-hire firms in India have been impersonating the World Health Organization in credential-stealing email campaigns, Google’s Threat Analysis Group found. The campaign, which has targeted medical companies, consulting firms and financial services in the U.S., Slovenia, Canada, Iran, Bahrain, and Cyprus, uses Gmail accounts imitating the WHO to direct victims to lookalike websites. Google also announced that, since March, it has taken down approximately 1,000 YouTube channels that were behaving in a coordinated and spammy manner. Shannon broke it down.

Narcos need security, too

When you’re trying to market a new smartphone product is it more cost-effective to hire a public relations firm, or sue Apple for $2.6 billion? It’s a question that Pablo Escobar’s brother must have asked himself before he filed a suit against Apple, seeking damages for an alleged iPhone security flaw that made it possible for attackers to threaten his safety. Jeff Stone had the story.

SPONSORED BY MCAFEE

Adjusting to the new security realities of a remote workforce

CIOs and CISOs have been under intense pressure to meet the needs of homebound workers, while simultaneously needing to take added steps to safeguard their enterprise networks. McAfee's CTO, Steve Grobman, shares his observations on what security challenges enterprise IT leaders are encountering and measures to take to mitigate risks associated with home networks that are now becoming part of the enterprise IT infrastructure. Read more from Grobman.

Email scam impersonates delivery services

As more Americans rely on package deliveries during the coronavirus pandemic, scammers are trying to capitalize on the tracking process by sending spoofed emails containing malicious software. Hackers are sending spoofed emails that appear to be from FedEx, UPS and DHL as part of a mass emailing campaign meant to infect victims’ computers, according to Votiro. The messages appear to include package tracking updates, though at least some of them aim to infect recipients with a strain of malware known as Dridex, which is typically used to steal bank account data. Jeff spoke to the researchers.

A trip south coming for Huawei CFO?

A Canadian judge on Wednesday ruled that extradition proceedings to the U.S. for Huawei CFO Meng Wanzhou should continue. U.S. prosecutors have for over a year sought the custody of Meng on charges that she participated in a bank fraud scheme that violated American sanctions against Iran. It’s far from a done deal that Meng will arrive stateside, but it’s a blow to Huawei’s efforts to shield the daughter of the company’s founder from the U.S. justice system. Sean Lyngaas had the news.

Ransomware in session while school's out

Michigan State University is being targeted by a ransomware attack carried out by a hacker claiming to have stolen files, including students’ personal information, with the threat of publishing them online if a bounty is not paid. A post appeared Wednesday on a blog affiliated with NetWalker, a new form of ransomware, containing a screenshot of a Microsoft Windows file directory including folders apparently belonging to individuals on the university’s network. The post threatened “secret data publication” with a countdown clock with one week remaining. The ransom demanded was not specified. Benjamin Freed has the EdScoop story.

This malware contains multitudes

Looks can be deceiving in analyzing malware. The same code used as a staging tool in one attack might be the tip of the spear in another. That’s the case with a malicious program that has been used in hacking attempts against multiple economic sectors in the U.S. and Germany in the last six months, according to research published Thursday by Cybereason. Valak appears to be undoing the fastidious maintenance that marks new entrants onto the cybercriminal scene — with some 30 revisions to date. Sean offered more context.

Tweet Of The Day