Greg Otto – Page 34 – WindowsTechs.com

How sloppy OPSEC gave researchers an inside look at the exploit industry

Posted on January 21, 2019 by Greg Otto

The companies that make advanced surveillance software are quiet by design. They generate enough press to let the market (i.e., governments) know their products exist, but it’s not as if there’s an app store for mobile spyware. They do make mistakes, though. And thanks to two researchers from Lookout, the public now has more information on how these companies operate. In the course of investigating a new kind of Android-focused mobile malware, Lookout’s Andrew Blaich and Michael Flossman uncovered text conversations among members of a nation-state’s surveillance program. Those files, which were stored on a server that was part of the malware’s command-and-control infrastructure, represented a trove of insight about how much money the particular government budgeted for its program, whether its spies decided to buy exploits or build their own, and why it’s easier than ever for countries to leverage surveillance technology. It started when Blaich and Flossman were analyzing how a single malware sample had manipulated data within the popular […]

The post How sloppy OPSEC gave researchers an inside look at the exploit industry appeared first on CyberScoop.

Continue reading How sloppy OPSEC gave researchers an inside look at the exploit industry→

Two Ukrainians charged with hacking into SEC’s EDGAR database

Posted on January 15, 2019 by Greg Otto

The Securities and Exchange Commission and Department of Justice announced charges Tuesday against an alleged Ukrainian hacker and several other suspects in a scheme where nonpublic information was taken from the commission’s corporate filing system and used for illegal financial trading. Oleksandr Ieremenko is alleged to have hacked into the SEC’s EDGAR system, accessing “test files,” which companies can use to submit information ahead of their public earnings reports. Sometimes companies include nonpublic information in those filings. According to the SEC and U.S. Attorney’s Office of New Jersey, Ieremenko extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders. The traders made transactions before at least 157 earnings releases from May to October 2016, generating at least $4.1 million in illegal profits. The SEC discovered the breach in 2016 after realizing there was a vulnerability in the EDGAR system. The agency didn’t suspect until […]

The post Two Ukrainians charged with hacking into SEC’s EDGAR database appeared first on CyberScoop.

Continue reading Two Ukrainians charged with hacking into SEC’s EDGAR database→

Researchers find hardcoded passwords in popular building-access system

Posted on January 15, 2019 by Greg Otto

Hardcoded default passwords have been found in a popular building access control system, and the company behind the product has failed to release patches to fix the issue, according to researchers from cybersecurity company Tenable. Tenable said it discovered four vulnerabilities in a version of PremiSys, an access control system run by Manheim, Pennsylvania-based IDenticard. The most glaring flaw was hardcoded credentials providing administrator access to the entire service via an endpoint that controls the system. These credentials can be used by an attacker to dump contents of the badge system database, modify contents, or other various tasks with unfettered access. The flaw is made worse by the fact that users cannot change these credentials. Tenable recommends limiting traffic to this machine, but that may adversely affect how entire system works. Researchers for the Columbia, Maryland, company also found a different vulnerability that would allow attackers into a database of information stored on identification cards. An […]

The post Researchers find hardcoded passwords in popular building-access system appeared first on CyberScoop.

Continue reading Researchers find hardcoded passwords in popular building-access system→

Want to work in cybersecurity for the government? Curb your enthusiasm.

Posted on January 9, 2019 by Greg Otto

Recruiting people to work in the federal government, especially in cybersecurity, has been a challenge for as long as the term “cybersecurity” has existed. It’s why the government created vehicles like the CyberCorps: Scholarship for Service. If you are a college student who would like to devote your skills to the government, the United States will cut you a check — probably in the five-figure range — to study up on whatever tech-based track you’d like. In return, you’re obligated to work for Uncle Sam for the length of the scholarship issued, up to four years. In an ideal setting, this arrangement seems fair. Yet, clearly, when it comes to the government, these are not ideal times. The government shutdown has exacerbated this already fraught issue, with essential cybersecurity personnel at agencies like the Department of Homeland Security and National Institute of Standards and Technology either legally unable to continue […]

The post Want to work in cybersecurity for the government? Curb your enthusiasm. appeared first on CyberScoop.

Continue reading Want to work in cybersecurity for the government? Curb your enthusiasm.→

Housewares giant OXO hit hard by Magecart

Posted on January 8, 2019 by Greg Otto

Kitchen and office goods giant OXO has been notifying customers of a data breach — a task it has performed multiple times over the past few months after the credit card skimming malware Magecart was found on its e-commerce website. In a letter obtained by CyberScoop dated Dec. 26, the company says it discovered “the security of certain personal information” had been compromised via the company’s website during three distinct time frames: June 9, 2017 — Nov. 18, 2017 June 8, 2018 — June 9, 2018 July 20, 2018 — Oct. 16, 2018 The latest discovery was made on Dec. 18, 2018, according to the notice. Over the past year, security researchers have found instances of Magecart on OXO’s website. The malware, which has been found to be used by several different groups, skims various information from billing forms used on e-commerce sites. The big kitchen gadgeter @OXO was breached by #magecart […]

The post Housewares giant OXO hit hard by Magecart appeared first on CyberScoop.

Continue reading Housewares giant OXO hit hard by Magecart→

Quora says hackers took data on 100 million users

Posted on December 4, 2018 by Greg Otto

Popular question-and-answer site Quora has discovered that hackers broke into its system and took data on 100 million users. The company announced in a blog post Monday that it discovered user data was compromised by a third party who gained unauthorized access to one of its systems. The company says the data taken included names, email addresses and encrypted passwords, along with data imported from linked social media networks. Data related to the site, including upvotes, downvotes, questions, answers, comments and direct messages could also have been accessed. “The overwhelming majority of the content accessed was already public on Quora, but the compromise of account and other private information is serious,” the blog post reads. The company isn’t sure on the precise cause of the hack, but has retained a third-party digital forensics firm to assist with the investigation. Law enforcement has also been contacted. Quora is still figuring out who […]

The post Quora says hackers took data on 100 million users appeared first on Cyberscoop.

Continue reading Quora says hackers took data on 100 million users→

Research: Prolific cybercriminal tessa88 is Russian national

Posted on November 20, 2018 by Greg Otto

The identity of a notorious figure in the hacker underworld has possibly come to light, due to new research from threat intelligence firm Recorded Future. In a blog post published Tuesday, the company’s Insikt Group points to evidence that unmasks “tessa88,” a prolific data broker who sold access to information stolen in high-profile breaches. The company claims that tessa88 is tied to Russian national Maksim Donakov. Operating from February to May 2016, mostly on the dark web, tessa88 sold access to stolen databases, including LinkedIn, VKontakte, Facebook, MySpace, and Twitter, according to the research. Andrei Barysevich, Recorded Future’s director of advanced collection, told CyberScoop that while tessa88 was a was a constant on many dark web forums, the holder of that alias was purely a broker and there is no reason to believe that person carried out the hacks. “He was the seller of the data,” Barysevich told CyberScoop. “We did not find any evidence that […]

The post Research: Prolific cybercriminal tessa88 is Russian national appeared first on Cyberscoop.

Continue reading Research: Prolific cybercriminal tessa88 is Russian national→

DHS’s cybersecurity office is a presidential signature away from a new name

Posted on November 14, 2018 by Greg Otto

The House of Representatives unanimously passed a bill Tuesday that would codify the Department of Homeland Security’s National Protection and Programs Directorate into law and give it a more relevant name. The CISA Act, which passed the Senate in October and now heads to President Donald Trump’s desk to be signed into law, would now brand the office as the Cybersecurity and Infrastructure Security Agency. The National Protection and Programs Directorate (NPPD) is currently the point office responsible for securing federal networks and safeguarding critical infrastructure from cyberthreats. “[Tuesday’s] vote is a significant step to stand up a federal government cybersecurity agency,” said Secretary Kirstjen M. Nielsen. “The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical. It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.” Chris Krebs, currently the DHS […]

The post DHS’s cybersecurity office is a presidential signature away from a new name appeared first on Cyberscoop.

Continue reading DHS’s cybersecurity office is a presidential signature away from a new name→

Attackers behind CMS portal breach used legit accounts to swipe data

Posted on November 9, 2018 by Greg Otto

The attackers responsible for a breach of an online portal run by the Centers for Medicare and Medicaid Services last month did so by taking advantage of lax privileges given to legitimate accounts, CyberScoop has learned. In October, CMS announced that hackers obtained data on 75,000 people from a portal used by health insurance agents and brokers assisting people with direct enrollment in the government’s health insurance exchanges. On an internal briefing call held Wednesday at the Department of Health and Human Services, Acting CMS CIO Rajiv Uppal updated agency IT officials with more details on the breach. The details of that call were shared with CyberScoop. Uppal said the breach happened after 45 portal accounts were discovered to be conducting millions of searches in order to pull information from the database. From those searches — which included names, birthdates and the last four digits of Social Security numbers — attackers […]

The post Attackers behind CMS portal breach used legit accounts to swipe data appeared first on Cyberscoop.

Continue reading Attackers behind CMS portal breach used legit accounts to swipe data→

HSBC discloses breach of U.S. bank accounts

Posted on November 6, 2018 by Greg Otto

HSBC disclosed a security incident earlier this week, saying that a small number of U.S.-based bank accounts were breached. In a letter template sent to the California Attorney General’s office, the bank said it became aware of online accounts being accessed by unauthorized users between Oct. 4 and Oct. 14. The bank started notifying affected customers on Tuesday. Once the company was made aware of the unauthorized activity, it suspended online account access. “HSBC regrets this incident, and we take our responsibility for protecting our customers very seriously,” a spokesperson for the bank said. “We responded to this incident by fortifying our log-on and authentication processes, and implemented additional layers of security for digital and mobile access to all personal and business banking accounts. We have notified those customers whose accounts may have experienced unauthorized access, and are offering them one year of credit monitoring and identity theft protection service.” The company says the attackers accessed […]

The post HSBC discloses breach of U.S. bank accounts appeared first on Cyberscoop.

Continue reading HSBC discloses breach of U.S. bank accounts→