Jeff Stone – Page 22 – WindowsTechs.com

Microsoft warns of malware-laced ‘John Wick 3,’ ‘Contagion’ movie torrents

Posted on April 28, 2020 by Jeff Stone

Internet scammers are conducting the kind of business that would probably get them in trouble with the inhabitants of the Continental Hotel. Tens of thousands of internet users in Spain, Mexico and South America have downloaded pirated copies of “John Wick 3” and other movies which come bundled with malicious software, according to a forthcoming Microsoft security warning viewed by CyberScoop. Since April 11, some bootleg movie files on torrent websites have come with a strain of malware that hackers are using to try to exploit a victim’s machine to generate cryptocurrency. The attempted attacks coincide with a 41% increase in traffic to piracy websites in the U.S., and a 62% increase in Spain, since February, according to the British anti-piracy firm Muso. Thousands of users continue to download pirated files of “John Wick 3,” and Spanish-language titles including “Punalies Por La Espalda” and “Contagio,” a Spanish-dubbed version of the […]

The post Microsoft warns of malware-laced ‘John Wick 3,’ ‘Contagion’ movie torrents appeared first on CyberScoop.

Continue reading Microsoft warns of malware-laced ‘John Wick 3,’ ‘Contagion’ movie torrents→

Researchers used a GIF to prove they could access Microsoft Teams user data

Posted on April 27, 2020 by Jeff Stone

Zoom isn’t the only video conferencing service attracting scrutiny from security researchers. Microsoft Teams, the technology giant’s professional collaboration tool, included a software bug that could have made it possible for hackers to steal data. Hackers could have used a malicious GIF to scrape user data from Microsoft Teams user accounts, spreading through an organization’s entire roster of employees who use the service, researchers from CyberArk announced Monday. The issue existed for three weeks between the end of February through mid-March, when much of the U.S. started to telework in response to the coronavirus pandemic. “The amount of data that goes into these applications is enormous and often includes confidential information from user names and passwords to top-secret business information – making them prime targets for attackers,” Omer Tsarfati, a CyberArk researcher, said in a blog post. CyberArk did not point to any evidence the issue had been exploited in […]

The post Researchers used a GIF to prove they could access Microsoft Teams user data appeared first on CyberScoop.

Continue reading Researchers used a GIF to prove they could access Microsoft Teams user data→

Researchers discover how far-right coronavirus protest websites are organized

Posted on April 24, 2020 by Jeff Stone

More evidence that a group of conservative political activists is operating a network of websites meant to inflame pandemic-related tension in the U.S. and solicit donations has been uncovered by a Seattle-based cybersecurity company. Threat intelligence firm DomainTools released research Friday indicating that pro-gun activist Aaron Dorr appears to be using widely available software to operate dozens of websites, many of which include “reopen” in the URL. DomainTools researchers have conducted a technical examination of “reopen” sites — like “ReopenMN” and “ReopenWI” — to determine just how consolidated the sites are, despite the appearance that they exist as standalone entities. The sites are registered to local gun advocacy groups and utilize One Click Politics, a digital organizing service that allows a single person to manage dozens of websites, run email promotion and collect money. The network starts with Dorr’s personal website on top, at least 13 gun rights coalition groups on the […]

The post Researchers discover how far-right coronavirus protest websites are organized appeared first on CyberScoop.

Continue reading Researchers discover how far-right coronavirus protest websites are organized→

Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again

Posted on April 22, 2020 by Jeff Stone

A lawsuit filed in the wake of a controversial cybersecurity presentation last year has ended with a whimper. Crown Sterling, which described itself as an “emerging digital cryptography” company, has entered into a confidential settlement with the company behind the Black Hat security conference. In a lawsuit filed last year, the vendor had accused Black Hat, owned by Informa Tech Holdings, of breach of contract after its content was pulled from the conference website in the aftermath of a sponsored presentation that saw independent cybersecurity researchers heckle Crown Sterling’s CEO. During Crown Sterling’s session at Black Hat on Aug. 8, CEO Robert Grant claimed his company had created an innovative new tool that would set a new standard in encryption with “quasi prime numbers” and “infinite wave conjugations.” Dan Guido, CEO of the consultancy firm Trail of Bits, told Grant he “should be ashamed” for selling technology that other technologists […]

The post Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again appeared first on CyberScoop.

Continue reading Crown Sterling and Black Hat settle lawsuit, promise to never speak of it again→

FBI enlists internet domain registries in fight against coronavirus scams

Posted on April 22, 2020 by Jeff Stone

The U.S. Department of Justice is expanding its efforts to counteract a huge surge in internet scams related to the coronavirus pandemic. Federal officials announced Wednesday that ongoing cooperation between the government and a range of technology companies has resulted in the removal of hundreds of websites that included “coronavirus,” “covid19” and related phrases in their names. The goal, the Justice Department said, is to curb fraudulent sites that prey on pandemic anxieties to distribute malware, solicit donations or steal personal data. The FBI has received and reviewed more than 3,600 complaints related to coronavirus scams, mostly in connection with fake cures and fraudulent vaccines, the Justice Department said in a press release. Bureau officials previously estimated that the Internet Crime Complaint Center receives between 3,000 and 4,000 complaints per day, up from a prior average roughly 1,000 per day, though not all alerts are regarding the pandemic. “For cybercriminals there was […]

The post FBI enlists internet domain registries in fight against coronavirus scams appeared first on CyberScoop.

Continue reading FBI enlists internet domain registries in fight against coronavirus scams→

Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting

Posted on April 21, 2020 by Jeff Stone

Hackers are trying to infect organizations throughout the world with a popular strain of malware by sending emails that appear to be from an Egyptian oil company. In research published Tuesday, Romanian antivirus company BitDefender noted a surge in attempted phishing attacks that try to trick users into downloading malware by masquerading as Enppi, an oil company owned by the Egyptian government. The malware, known as Agent Tesla, is a spyware tool which enables hackers to monitor keystrokes, steal data about file downloads and collect username and password credentials from internet browsers, among other capabilities. The number of attacks spiked in the weeks before the world’s top oil producers debated whether to cut output during a meeting between the OPEC+ alliance and the Group of 20 nations, which suggests interest in specific countries’ strategies around an international standoff that’s had ramifications for the global economy. BitDefender researchers said hackers used the […]

The post Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting appeared first on CyberScoop.

Continue reading Hackers posed as Egyptian oil contractor in apparent spy campaign ahead of OPEC meeting→

The CFAA will soon have its day before the Supreme Court

Posted on April 20, 2020 by Jeff Stone

The future of a long-controversial federal law could come down to how the U.S. Supreme Court interprets the way that a local police officer looked up information on an exotic dancer in a law enforcement database. The Supreme Court indicated on Monday it will hear a case involving the U.S. Computer Fraud and Abuse Act, a piece of legislation instituted in 1986 that internet freedom advocates have described as “the worst law in technology.” The CFAA makes it illegal for computer users to access another computer or exceed authorized access without authorization. Technologists and attorneys have argued that the law is so vaguely-worded that it could open well-intentioned security researchers up to prosecution for doing their job, or criminalize the use of work computers for personal purposes. In the best known case, internet pioneer Aaron Swartz took his own life before standing trial for allegedly downloading articles from a database […]

The post The CFAA will soon have its day before the Supreme Court appeared first on CyberScoop.

Continue reading The CFAA will soon have its day before the Supreme Court→

Detroit hospital network says data breach affected more than 100,000 patient accounts

Posted on April 20, 2020 by Jeff Stone

A Detroit-area health care organization is alerting patients that their information may have been compromised in a recent data breach. Beaumont Health, a network of eight hospitals through the Detroit area, said in a letter Friday that “an unauthorized third party” accessed names, birth dates, Social Security numbers and medical conditions about some 112,000 people. Hackers also accessed bank account data and driver’s license numbers about some of those affected, the Detroit Free Press first reported. Administrators noticed on March 29 that email accounts belonging to Beaumont employees apparently had been compromised following a phishing attack. Outsiders had spent May 23, 2019 through June 3, 2019 accessing personal data, though Beaumont now says it has no knowledge to suggest that the stolen data was misused. The incident involves information about less than 5% of the 2.3 million people that the medical organization has treated in the nearly 12 months since […]

The post Detroit hospital network says data breach affected more than 100,000 patient accounts appeared first on CyberScoop.

Continue reading Detroit hospital network says data breach affected more than 100,000 patient accounts→

Equifax settles with Massachusetts, Indiana for nearly $40 million

Posted on April 17, 2020 by Jeff Stone

Nearly three years after one of the largest data breaches in history, state attorneys general still are making Equifax pay. Massachusetts Attorney General Maura Healy announced Friday the credit processing company has agreed to pay $18.2 million and update its cybersecurity protocols. The settlement will end claims filed in connection with the company’s failure to stop a 2017 data breach that affected roughly 145 million Americans, including roughly 3 million Massachusetts residents. The announcement comes one day after Indiana Attorney General Curtis Hill said his office has agreed to resolve a class action suit against Equifax for $19.5 million. Both settlements come after Equifax agreed in January to pay $380.5 million as part of yet another settlement with U.S. regulators. Equifax also will be required to spend at least $1 billion on improving its data protection capabilities, and may be required to cover an additional $125 million to cover out-of-pocket […]

The post Equifax settles with Massachusetts, Indiana for nearly $40 million appeared first on CyberScoop.

Continue reading Equifax settles with Massachusetts, Indiana for nearly $40 million→

PasteBin just made it easier for hackers to avoid detection, researchers say

Posted on April 16, 2020 by Jeff Stone

A policy change at a seemingly innocuous website could make it more difficult to stop hackers, according to information security experts who track malicious software in the wild. PasteBin, a text repository where developers share internet code, said on Wednesday it has discontinued a service that charged users a $50 one-time fee to search the site for new data. Researchers had used the scraping API to scour PasteBin for cybercriminal activity, as hackers frequently posted stolen personal data and malicious code to the site. PasteBin has a lot of legitimate activity, including posts about software tests and blocks of banal code meant for cryptographic network protocols. The malicious activity makes up a fraction of the content, and is difficult to identify without scraping capabilities because of the construction of the site. A number of Twitter feeds, like @ScumBots and @leak_scavenger, were dedicated to catching malicious uploads early, and then distributing details early […]

The post PasteBin just made it easier for hackers to avoid detection, researchers say appeared first on CyberScoop.

Continue reading PasteBin just made it easier for hackers to avoid detection, researchers say→