Chris Bing – Page 3 – WindowsTechs.com

North Korea to blame for string of Latin America bank hacks, insiders say

Posted on June 18, 2018 by Chris Bing

A string of devastating bank hacks across Latin America all carry North Korean fingerprints, according to three people with knowledge of the matter. Several high profile incidents that were only recently disclosed, including breaches at Mexico’s Bancomext and Chile’s Bank of Chile, saw the attacker drop destructive malware after attempting to leverage the SWIFT payment system to siphon money through fraudulent transfer requests. North Korea was involved in both breaches, the sources said, adding that they were tied to others that haven’t yet been disclosed. Two sources reviewed inside information about the breach investigations, which are still ongoing. Confidential technical reports about the incidents are already being shared within private information sharing groups comprised of other financial institutions. Historically, the only nation state-linked hacking group that’s been known to manipulate SWIFT is believed to be associated with the North Korean regime. It’s not yet clear how hackers breached the banks, although email phishing and password […]

The post North Korea to blame for string of Latin America bank hacks, insiders say appeared first on Cyberscoop.

Continue reading North Korea to blame for string of Latin America bank hacks, insiders say→

This Chinese hacking group pwned a bunch of Mongolian government sites

Posted on June 15, 2018 by Chris Bing

A Chinese hacking group broke into a national data center in Mongolia late last year in an expansive cyber-espionage campaign that allowed the attackers to quietly plant malware into government websites, according to a new research report by Kaspersky Lab and supplemental analysis provided to CyberScoop. According to Kaspersky’s latest research, a known Chinese hacking group used watering hole-style attacks and spear phishing emails to breach specific employees of the Mongolian data center. After gaining individual access, they leveraged those accounts to gain additional control over the facility’s infrastructure. The episode began around October 2017. It was discovered by Kaspersky in March 2018. The Chinese speaking group that’s responsible is widely linked to Beijing. It’s tracked by the cybersecurity community under different names, including APT27, EmissaryPanda, IronPanda and LuckyMouse. They’ve been known to also target U.S. defense contractors. The Kaspersky report does not list Mongolia as the victim, but instead […]

The post This Chinese hacking group pwned a bunch of Mongolian government sites appeared first on Cyberscoop.

Continue reading This Chinese hacking group pwned a bunch of Mongolian government sites→

National labs will probe election tech for vulnerabilities under planned DHS program

Posted on June 13, 2018 by Chris Bing

The government is currently planning a cybersecurity program that would allow federally funded national scientific laboratories to privately probe and then document security flaws existing in U.S. election technology, most of which is developed and sold by private companies, according to a senior U.S. official. Rob Karas, director of the National Cybersecurity Assessments and Technical Service team at the Homeland Security Department, said that multiple election technology vendors had already shown an interest in engaging on the effort. Karas declined to name the firms, but said the initiative will begin later this summer. The outreach process is still ongoing. It would provide voting-technology companies — hardware and software makers alike — with a free, comprehensive vulnerability assessment report so that they can better understand how their systems might be hacked. This type of information is typically considered valuable as companies look to harden their products. The individual reports will not be made […]

The post National labs will probe election tech for vulnerabilities under planned DHS program appeared first on Cyberscoop.

Continue reading National labs will probe election tech for vulnerabilities under planned DHS program→

Chinese hackers stole sensitive U.S. Navy submarine plans from contractor

Posted on June 8, 2018 by Chris Bing

A Chinese intelligence agency was able to successfully hack into a Navy contractor around February, stealing more than a half terabyte worth of highly sensitive documents about U.S. submarine technology and plans. The hackers, according to the Washington Post, employed by China’s Ministry of State Security (MSS), targeted a Rhode Island-based company that was actively working on a Navy development project known as “Sea Dragon.” The Post reported that the breach was driven by China’s continued mission to challenge the U.S. military’s existing naval superiority, especially as it relates to the hotly contested South China Sea territory. While China has made strides in developing aspects of their navy, the country has lagged in building both anti-submarine technology and a next generation fleet. Based on publicly available information, the Sea Dragon program is part of the Pentagon’s Strategic Capabilities Office. It focuses on building a “cost-effective disruptive offensive capability … by […]

The post Chinese hackers stole sensitive U.S. Navy submarine plans from contractor appeared first on Cyberscoop.

Continue reading Chinese hackers stole sensitive U.S. Navy submarine plans from contractor→

Flash zero-day shows up in Qatar amid geopolitical struggles

Posted on June 7, 2018 by Chris Bing

A zero-day vulnerability in Adobe Flash was recently used to infect a likely diplomatic target in Qatar with malware, new research from Seattle-based cybersecurity company ICEBRG and Chinese tech firms Qihoo and Tencent shows. Adobe patched the vulnerability Thursday as part of a broader software update in a release that credited Seattle-based cybersecurity firm ICEBRG for alerting them to the flaw. The findings come as Qatar faces significant geopolitical struggles, including a trade blockade established by the United Arab Emirates (UAE), Saudi Arabia, Bahrain and Egypt. Over the last six months, politically-motivated Middle Eastern hacking has popped up numerous times. In late May, Qatar was outed as being connected to a hacking operation against top Republican donor Elliot Brody, an influential critic of the gulf state. Months earlier, Qater blamed UAE for hacking and editing content hosted by the Qatari News Agency (QNA), a government-backed news program. Subsequent reporting tied the QNA hack […]

The post Flash zero-day shows up in Qatar amid geopolitical struggles appeared first on Cyberscoop.

Continue reading Flash zero-day shows up in Qatar amid geopolitical struggles→

Russian-linked VPNFilter malware is even worse than originally thought, new research suggests

Posted on June 6, 2018 by Chris Bing

A malware framework that’s already infected hundreds of thousands of routers across the globe appears to be even more dangerous than originally thought, according to new findings by Cisco’s internal cybersecurity unit Talos. The latest results show that the malware, “VPNFilter,” affects a wider array of devices, including more than 11 different hardware vendors, and carries several previously unknown infection capabilities, such as the potential to manipulate internet traffic on the end device in novel ways. The Talos researchers revealed the additional analysis Wednesday after having first publicly documented the botnet last week. A significant percentage of the devices infected through VPNFilter are based in Ukraine, leading domestic security services to claim that the malware symbolized a national security threat. Broadly speaking, VPNFilter works by traversing the web and automatically targeting unpatched routers and servers that carry outdated software. The term “botnet” is used to describe an army of zombie computers […]

The post Russian-linked VPNFilter malware is even worse than originally thought, new research suggests appeared first on Cyberscoop.

Continue reading Russian-linked VPNFilter malware is even worse than originally thought, new research suggests→

Former DIA official allegedly sold secrets to China, including possible Cyber Command information

Posted on June 5, 2018 by Chris Bing

A former Defense Intelligence Agency (DIA) official was caught providing secret military documents to the Chinese government, including what appears to be sensitive information about the locations of U.S. Cyber Command outposts and personnel, according to a newly unsealed Justice Department indictment. The case reveals an increasingly obvious counterintelligence battle between the U.S. and China as the two countries are spending billions on developing advanced cyberwarfare units. The arrest of Ron Rockwell Hansen, a 20-year Army veteran, marks the third publicly visible case in the last year of an American passing secretive documents to Chinese government-linked agents. Former Central Intelligence Agency case officer Jerry Chun Shing Lee was arrested in January for allegedly tipping off Chinese spies to the CIA’s human network inside the authoritarian regime. No longer employed by the government but still familiar with the U.S. intelligence community, Hansen possessed top-secret security clearances for both his civilian and active-duty work. He […]

The post Former DIA official allegedly sold secrets to China, including possible Cyber Command information appeared first on Cyberscoop.

Continue reading Former DIA official allegedly sold secrets to China, including possible Cyber Command information→

Synack offers free penetration testing for election systems ahead of 2018 midterms

Posted on June 5, 2018 by Chris Bing

One of the largest bug bounty firms in the business has launched an initiative that will allow any Secretary of State to test the security of election systems ahead of the 2018 midterm elections. Redwood City, Calif.-based Synack announced Tuesday its offering free crowdsourced remote penetration testing services to state and local governments until November. Synack co-founder Jay Kaplan told CyberScoop the idea came together after a series of meetings with government officials, including top executives at the Department of Homeland Security, that discussed how the private sector could be doing more to ward off digital meddling. After Synack’s services are completed, states and localities can harden their systems based on the test’s results. In a letter written to all 50 Secretaries of State, which was provided to CyberScoop, Kaplan wrote: “Staying one step ahead of the adversary is critical to success. Our pro bono services look for vulnerabilities in […]

The post Synack offers free penetration testing for election systems ahead of 2018 midterms appeared first on Cyberscoop.

Continue reading Synack offers free penetration testing for election systems ahead of 2018 midterms→

North Korea hasn’t stopped launching cyberattacks amid peace talks

Posted on May 30, 2018 by Chris Bing

As Kim Jong-un speaks publicly about nuclear disarmament, North Korea’s hacker army continues to launch cyberattacks against different businesses across Asia, Europe and the U.S., according to private sector analysts and former U.S. officials. Experts from several cybersecurity firms — Dell SecureWorks, McAfee, Symantec, FireEye and Recorded Future — all told CyberScoop that activity from North Korea has stayed steady or grown in volume since peace talks gained steam earlier this year. The activities of these Pyongyang-linked hacking groups largely focuses on financial theft and covertly stealing digital secrets. While affected companies have quietly dealt with the onslaught in recent months, their contracted cybersecurity firms confidentially collected and studied recent malware samples that show the North Koreans are still actively developing new iterations of their toolsets. “Similar to operations conducted prior to that date [circa January], North Korean actors have engaged in broad cyber espionage using a Destover-variant tool, developed and […]

The post North Korea hasn’t stopped launching cyberattacks amid peace talks appeared first on Cyberscoop.

Continue reading North Korea hasn’t stopped launching cyberattacks amid peace talks→

Chinese group said to use HackingTeam tools to spread ransomware, cryptominers

Posted on May 29, 2018 by Chris Bing

A sophisticated Chinese cybercrime group is using old, leaked computer code from a notorious cyber-arms dealer known as HackingTeam to breach thousands of companies, mostly based in Asia, according to new research by Israel cybersecurity firm Intezer. The latest observation shows how HackingTeam’s breach in 2015, when its wares leaked online for anyone to copy, is still having effects on global security. HackingTeam claims that it only sells its “lawful intercept” product to governments and law enforcement agencies, but prior investigations have shown the extent to which these tools are often abused by authoritarian regimes to target otherwise innocent dissidents. The 2015 leak provided these powerful capabilities to a wide array of people, including apparently cybercriminals. Intezer explained in a blog post published Tuesday that researchers first noticed a series of unique remote access trojans, cryptominers and ransomware variants for Windows, Linux and Android platforms while monitoring public data feeds. In addition, the group appears […]

The post Chinese group said to use HackingTeam tools to spread ransomware, cryptominers appeared first on Cyberscoop.

Continue reading Chinese group said to use HackingTeam tools to spread ransomware, cryptominers→