Chris Bing – Page 8 – WindowsTechs.com

Hacking group threatens researchers’ lives after they discover attack servers

Posted on March 13, 2018 by Chris Bing

A hacking group commonly linked to the Iranian government threatened to kill security researchers who came across their cyber espionage operation, according to a new report. Researchers with multinational cybersecurity company Trend Micro were probing a server that appeared connected to a possible data breach in the Middle East when they received a message that read: “Stop!!! I Kill You Researcher.” The server, used by a group known as “MuddyWaters,” later proved to be the attacker’s command and control (C&C) infrastructure. The infrastructure had been used to launch several attacks against multiple Middle Eastern and Central Asian government institutions, research shows. “It seems that the attackers are actively monitoring the incoming connections to the C&C,” a blog by Trend Micro reads. “In one of our attempts, we sent an improper request to the C&C server, which replied with the following message: ‘Stop!!! I Kill You Researcher.’ This level of personalized messaging […]

The post Hacking group threatens researchers’ lives after they discover attack servers appeared first on Cyberscoop.

Continue reading Hacking group threatens researchers’ lives after they discover attack servers→

ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign

Posted on March 9, 2018 by Chris Bing

An expansive and ongoing computer espionage campaign spread across Egypt, Turkey and Syria has been powered by technology developed by a Canadian-American networking company, SandVine, and an infamous spyware maker known as GammaGroup or Lench IT Solutions, security researchers say. New research by human rights advocacy organization Citizen Lab shows how products made by two Western technology contractors facilitated nationwide surveillance in multiple developing countries under authoritarian rule. The findings piggyback on prior reporting by a Slovakian cybersecurity company, which also discovered similar “man-in-the-middle” cyberattacks at the internet service provider (ISP) level in September and December. People getting online through local ISPs in Egypt, Turkey and Syria were tricked into installing highly intrusive spyware that allows the attacker to gain full access of an infected device, including its microphone and camera. Whenever targeted users in Turkey attempted to access certain websites to install free software, they were instead covertly served up a nearly identical but boobytrapped […]

The post ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign appeared first on Cyberscoop.

Continue reading ISPs inside Turkey and Egypt spread FinFisher spyware in massive espionage campaign→

The FBI Director thinks this company found an answer to ‘Going Dark’

Posted on March 9, 2018 by Chris Bing

FBI Director Christopher Wray did something Wednesday few of his recent predecessors have done: He finally provided what the bureau believes is a model for how private U.S. technology companies can comply with law enforcement requests to access encrypted data. Wray, who spoke Wednesday at a FBI conference in Boston, claimed that it’s still possible to develop a workaround for law enforcement to collect evidence on encrypted systems that is “consistent with both the rule of law and strong cybersecurity.” In prepared remarks, the FBI director specifically named Palo Alto, Calif.-based Symphony, the creator of an encrypted messaging platform that’s popular in the banking industry, as an example for how other technology companies could one day work with the FBI. “Some of you may know about the chat and messaging platform called Symphony,” Wray said Wednesday. “This was used by a group of major banks, and marketed as offering something called ‘guaranteed […]

The post The FBI Director thinks this company found an answer to ‘Going Dark’ appeared first on Cyberscoop.

Continue reading The FBI Director thinks this company found an answer to ‘Going Dark’→

China’s government is keeping its security researchers from attending conferences

Posted on March 8, 2018 by Chris Bing

The Chinese government has taken steps to bar its country’s security researchers from sharing their knowledge at some foreign cybersecurity events, especially those organized in Western countries, sources tell CyberScoop. A popular hacking competition that’s taking place March 14-16 in Vancouver, Canada, titled “Pwn2Own,” will be impacted by this recent shift in Chinese policy, event organizers say. “There have been regulatory changes in some countries that no longer allow participation in global exploit contests, such as Pwn2Own and Capture the Flag competitions,” explained Brian Gorenc, director of Trend Micro’s Zero Day Initiative, which manages the Pwn2Own event. A spokesperson for Trend Micro clarified that Gorenc’s comment was specifically aimed at China. There will be no Chinese research teams at Pwn2Own this year. The change will be especially obvious, past attendees told CyberScoop, because for the last several years Chinese teams have dominated the competition. At Pwn2Own, teams compete to […]

The post China’s government is keeping its security researchers from attending conferences appeared first on Cyberscoop.

Continue reading China’s government is keeping its security researchers from attending conferences→

Trump backs paper ballot backups for voting systems

Posted on March 6, 2018 by Chris Bing

President Donald Trump said Tuesday that he supports states moving toward voting technology that offers a paper backup ballot. The public endorsement came during a rare open press conference where Trump welcomed the Prime Minister of Sweden to Washington. The show of support followed a question by a Swedish reporter about whether the White House was concerned about Russian meddling happening once again in the 2018 midterm elections. “I think you have to be really watching closely. You don’t want your system of votes to be compromised in anyway. And we won’t allow that to happen. We’re doing a very, very deep study and we’re coming out with what I think are some strong suggestions on the [2018] election,” said Trump. “You have to be very vigilant. One of the things we’re learning is that it’s always good, it’s old fashioned, but it’s always good to have a paper backup […]

The post Trump backs paper ballot backups for voting systems appeared first on Cyberscoop.

Continue reading Trump backs paper ballot backups for voting systems→

While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says

Posted on March 6, 2018 by Chris Bing

After senators repeatedly criticized him for the weak U.S. response to Russian cyberattacks and propaganda, the head of the intelligence community complained Tuesday that a lack of policy had stifled his agencies from taking action. The White House is currently involved in various policy discussions with intelligence agencies, the Pentagon and the Homeland Security Department about how to best counter Russian operations, said Director of National Intelligence Dan Coats. But there’s still no timetable for when any of these policies will be either introduced or codified into law. In the meantime, “Russia is likely to continue to pursue even more aggressive cyberattacks with the intent of degrading our democratic values and weakening our alliances,” Coats said Tuesday at a hearing by the Senate Armed Services Committee. The National Security Council, White House Homeland Security Adviser Thomas Bossert and White House Cybersecurity Coordinator Rob Joyce are discussing the appropriate policy and legal framework necessary […]

The post While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says appeared first on Cyberscoop.

Continue reading While U.S. ponders response to Russia, agencies’ hands are tied in cyberspace, intelligence chief says→

DHS leaders push cybersecurity risk assessment program for critical infrastructure companies

Posted on March 1, 2018 by Chris Bing

Secretary of Homeland Security Kirstjen Nielsen is pitching a new supply chain cybersecurity program in an effort to engage with some of the country’s largest critical infrastructure providers, including the oil, electric and water treatment industries. “Our nation’s supply chain is being targeted by our most sophisticated adversaries with increasing regularity,” Nielsen said Thursday to a room full of people representing private sector companies. “We ask for you to work with us on this initiative … the goal of this initiative is to help stakeholders make better informed procurement decisions by providing them with supply chain risk assessment and mitigation recommendations.” The program is focused on DHS authoring and providing digital risk assessments to companies and government agencies about products that they may acquire or install on their systems. The move comes after the federal government banned the use of Moscow-based Kaspersky Labs’ anti-virus software across government systems. In addition, legislation […]

The post DHS leaders push cybersecurity risk assessment program for critical infrastructure companies appeared first on Cyberscoop.

Continue reading DHS leaders push cybersecurity risk assessment program for critical infrastructure companies→

NSA chief ripped by Congress for cyberwar process he doesn’t control

Posted on February 27, 2018 by Chris Bing

President Donald Trump has not specifically directed Adm. Michael Rogers to “disrupt Russian cyberthreats where they originate,” the NSA director and head of U.S. Cyber Command said during a congressional hearing Tuesday. “I need a policy decision that indicates there is specific direction to do that,” Rogers said before the Senate Armed Services Committee. “The president ultimately would make this decision in accordance with a recommendation from the Secretary of Defense.” The comments come as multiple investigations looking into the Kremlin’s expansive meddling in the 2016 Presidential election continue to unearth new information. “I believe that [Russian] President [Vladimir] Putin has clearly come to the conclusion ‘There’s little price to pay here, and that therefore I can continue this activity’,” Rogers told lawmakers. Speaking in front of Congress as leader of U.S. Cyber Command, Rogers noted that he is currently able to direct operators to take certain actions against Russia […]

The post NSA chief ripped by Congress for cyberwar process he doesn’t control appeared first on Cyberscoop.

Continue reading NSA chief ripped by Congress for cyberwar process he doesn’t control→

NSA chief ripped by Congress for cyberwar process he doesn’t control

Posted on February 27, 2018 by Chris Bing

The post NSA chief ripped by Congress for cyberwar process he doesn’t control appeared first on Cyberscoop.

Continue reading NSA chief ripped by Congress for cyberwar process he doesn’t control→

Winter Olympics hack shows how advanced groups can fake attribution

Posted on February 27, 2018 by Chris Bing

The recent attack on the Winter Olympic Games has served as a reminder of an information security fundamental: attribution is hard. Especially when that attribution results in different companies pointing fingers at different foreign groups, potentially leading to geopolitical repercussions. Case in point: Hackers reportedly acting on behalf of the Russian government were recently posited as the group behind a unique computer virus that disrupted the opening ceremony of the 2018 Winter Olympics, according to The Washington Post. Prior to the Olympics, cybersecurity firms McAfee and ThreatConnect found some evidence that a mysterious collage of hackers were targeting the Olympics by breaching related, third-party organizations that were connected to the event. CyberScoop also reported that the Olympic’s primary IT provider, Atos, was likely hacked months before the opening ceremony disruption. Dubbed “Olympic Destroyer” by security researchers, the malware was littered with code fragments tied to past, known breaches caused by at least […]

The post Winter Olympics hack shows how advanced groups can fake attribution appeared first on Cyberscoop.

Continue reading Winter Olympics hack shows how advanced groups can fake attribution→