At least two dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. Sean Lyngaas has the scoop.

A Message From AWS Educate

With over 1,500 institutions and hundreds of thousands of students who use AWS Educate, we wanted to take you on a trip around the world and highlight how students are learning and innovating with the cloud. Learn more.

Signal boss stirs the pot

Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. Tim Starks breaks it down.

Facebook catches hackers tied to Palestine, Hamas

Facebook detailed steps it took to counter two groups of alleged Palestinian hackers, one with suspected ties to the Palestinian state and another reportedly linked to the Hamas militant group. Attackers linked to Preventive Security Service (PSS), the Palestinian Authority’s internal intelligence organization, targeted victims primarily in the Palestinian territories and Syria, Facebook said. Meanwhile, alleged Hamas-linked hackers, dubbed Arid Viper, targeted victims associated with the Palestinian Authority, government organizations and backers of the Fatah-led government. Tim explains.

A botnet that brings the fire

For all stripes of hackers, the Exchange Server bugs are the gift that keeps on giving. Just days after Microsoft announced that suspected Chinese spies were exploiting the bugs, Russian-speaking crooks were taking advantage of the flaws to breathe new life into their cryptocurrency-generating botnet, Cybereason said Thursday. The reemergence of the so-called Prometei botnet, named after the Russian word for Prometheus, is a reminder of the many malicious purposes that the zombie computers serve. Sean has the details.

Take a moment to update your Chrome browser

Google released an updated version of the Chrome browser that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting. Google has been dealing with several serious flaws in recent days — the company previously fixed another zero-day flaw on April 12. Keep your tech up to date! Shannon Vavra has this.

SonicWall exploit joins the zero-day party

As if there weren’t enough zero-day exploits out there right now, an unidentified group of hackers has exploited three new vulnerabilities in popular email software made by SonicWall, FireEye said this week. Whoever is responsible was savvy: They knew where the log files on the product were so they could delete them in an attempt to cover their tracks. Sean has more.

SPONSORED BY CISCO

Aiming for the right defense strategy against ransomware threats

Ransomware has had a banner year in 2020 with critical infrastructure sectors seeing a significant increase in attacks. Security expert Steve Caimi discusses five security strategies organization leaders need to adopt to create a more robust security posture and withstand modern threats. Read more from Caimi.

Tweet Of The Day