German authorities said yesterday that they are investigating a cyber espionage campaign against Federal networks. The attack was detected in December, but the threat actors are believed to have been present in the networks for about a year before they were discovered. The campaign is attributed (not officially, but by anonymous sources close to the investigation) to Fancy Bear, Russia's GRU military intelligence service.
Deutsche Welle describes the Informationsverbund Berlin-Bonn (IVBB) network, the hackers' target, as a dedicated secure platform used only by "the Chancellery, the German parliament, federal ministries, the Federal Audit Office and several security institutions in Berlin and Bonn, the former German capital where some ministries still have offices."
UpGuard disclosed that it found another exposed AWS S3 bucket. This one belongs to Birst, a cloud business intelligence and analytics firm. The data exposed belonged to Capital One, the eighth largest US commercial bank. UpGuard thinks the data could provide attackers a "roadmap" to Capital One's infrastructure. [Update, 3.3.18: UpGuard has taken down its report on the breach. Birst and its corporate parent, Infor, have said that no data were exposed. An Infor representative told ITWire: "A Birst employee placed a copy of certain non-production components of the Birst software in a publicly-available S3 bucket to provide a prospective customer in the financial services industry non-production, read-only access to the software (a proof-of-concept). These components were not populated with data; no data from the financial institution was ever present in the test environment at any time, although the filename contained the name of the financial institution." Thus it appears that no data were exposed. Capital One contacted the CyberWire to point out that the report of a breach was inaccurate.]
Wandera describes RedDrop, Android malware distributed for the purpose of blackmailing its victims. RedDrop combines the functionality of spyware, Trojan, and data exfiltration. If users take apps only from reputable sources and enable Google Play Protect, they're probably safe.
Intel adds new fixes for Spectre to Broadwell and Haswell chips.
The US Federal Trade Commission has reached a settlement with PayPal subsidiary Venmo over the company's privacy and security practices. The US Securities and Exchange Commission has begun investigation into multiple ICOs, looking particularly at sales structures and presale agreements.