Nov 20, 2018

New malware from Russia's Fancy Bear uses email to phone home

Researchers at Palo Alto Networks discovered new malware being used by the Kremlin-backed hacking group Fancy Bear.

Why it matters: The "cannon" malware uses email to communicate with its command and control server. That's not common in malware right now, says Jen Miller-Osborn, deputy director of threat Intelligence for the Palo Alto Networks Unit 42 research team, and doesn't appear to be something Fancy Bear has ever done before.

Details: Cannon is a new early phase of a multi-stage attack — it communicates basic information with command and control servers and downloads new malware.

  • It has only been observed in a single campaign. The malware was sent to government officials in North America, Europe and a former Soviet state, according to the Palo Alto Networks write-up.

The intrigue: "We don't know if this is a one-off, or a trojan we'll see again," said Miller-Osborn. "So we also don't know if the email technique is a one off, or something they are starting to use."

Go deeper

Bloomberg offers to release three women from nondisclosure agreements

Mike Bloomberg. Photo: Brett Carlsen/Getty Images

Mike Bloomberg said Friday his company will release three women identified to have signed nondisclosure agreements so they can publicly discuss their allegations against him if they wish.

Why it matters, via Axios' Margaret Talev: Bloomberg’s shift in policy toward NDAs comes as he tries to stanch his loss of female support after the Las Vegas debate. It is an effort to separate the total number of harassment and culture complaints at the large company from those directed at him personally. That could reframe the criticism against him, but also protect the company from legal fallout if all past NDAs were placed in jeopardy.

Coronavirus spreads to more countries, and U.S. ups its case count

Data: The Center for Systems Science and Engineering at Johns Hopkins, the CDC, and China's Health Ministry. Note: China numbers are for the mainland only and U.S. numbers include repatriated citizens.

The novel coronavirus continues to spread to more nations, and the U.S. reports a doubling of its confirmed cases to 34 — while noting those are mostly due to repatriated citizens, emphasizing there's no "community spread" yet in the United States.

The big picture: COVID-19 has now killed at least 2,250 people and infected almost 77,000 others, mostly in mainland China. New countries to announce infections recently include Israel, Lebanon and Iran.

Go deeperArrowUpdated 13 mins ago - Health

Repatriated American citizens have doubled coronavirus cases in U.S.

Face mask discarded outside the Diamond Princess cruise ship. Photo: Tomohiro Ohsumi/Getty Images

The official number of confirmed cases of the novel coronavirus in the U.S. just doubled — to 34 — but public health officials are pointing out that these are mostly people who've been repatriated.

Why it matters: As concerns grow about a global pandemic, officials from the Centers for Disease Control and Prevention want to make sure the message gets out: "We are not seeing community spread here in the United States," Nancy Messonnier says.

Go deeperArrow2 hours ago - Health