Joe Warminsky – Page 9 – WindowsTechs.com

SolarWinds attack is not ‘espionage as usual,’ Microsoft president says

Posted on December 18, 2020 by Joe Warminsky

The breach of SolarWinds software that allowed widespread espionage on U.S. government agencies and other organizations worldwide is more than just a shocking use of digital spycraft, Microsoft’s top executive said Thursday. The incident “represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” writes the company’s president, Brad Smith, in a blog post. “In effect, this is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency.” The breach, which multiple U.S. sources have pinned on Russian intelligence, “is not ‘espionage as usual,’ even in the digital age,” Smith writes. In an addendum to the blog post, Microsoft said that it found no indications that its own software systems were used to attack others, but it did find “malicious SolarWinds binaries in our environment, which […]

The post SolarWinds attack is not ‘espionage as usual,’ Microsoft president says appeared first on CyberScoop.

Continue reading SolarWinds attack is not ‘espionage as usual,’ Microsoft president says→

Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets

Posted on December 15, 2020 by Joe Warminsky

Regulators in Ireland have fined Twitter for failing to report a data breach promptly and not adequately documenting the incident, marking the first time the regulator has penalized a “big tech” company for violations of Europe’s data protection law. The fine of 450,000 euros, or about $550,000, stems from a bug that allowed thousands of people’s private tweets to be made public between late 2014 and early 2019, when Twitter reported the problem to European authorities. The social media company said it could only identify specific users affected by the breach from September 2017 onward — about 89,000 total over that stretch. The bug only affected users of Twitter’s Android app. Ireland’s Data Protection Commission issued the decision Tuesday on behalf of the European Union, under the EU’s General Data Protection Regulation (GDPR). Twitter’s European headquarters are in Ireland, as are those of Google, Facebook and several other multibillion-dollar U.S. […]

The post Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets appeared first on CyberScoop.

Continue reading Twitter fined nearly $550,000 in Europe for response to bug that exposed private tweets→

Former NSA contractor Reality Winner loses appeal, will remain imprisoned

Posted on December 8, 2020 by Joe Warminsky

The former National Security Agency contractor convicted in 2018 of illegally leaking top secret information to a news organization will remain in federal prison after an appeals court upheld a ruling against a compassionate release amid the COVID-19 pandemic. The eight-page opinion Monday from the U.S. Court of Appeals for 11th Circuit backed an earlier ruling that lawyers for Reality Winner had not sufficiently shown that her medical conditions or prison conditions justified an early release. The appeals court didn’t rule on the merits of Winner’s argument — it simply said the lower court had considered her request properly. “After careful consideration and with the benefit of oral argument, we conclude that the District Court did not abuse its discretion in denying Ms. Winner’s motion,” Monday’s opinion says. “Because we resolve her appeal on this basis alone, we need not (and do not) address Ms. Winner’s other arguments.” In early […]

The post Former NSA contractor Reality Winner loses appeal, will remain imprisoned appeared first on CyberScoop.

Continue reading Former NSA contractor Reality Winner loses appeal, will remain imprisoned→

Hacker who sent information on US personnel to Islamic State is freed by judge

Posted on December 4, 2020 by Joe Warminsky

A foreign hacker sentenced to 20 years in U.S. prison for giving the Islamic State the personal information of about 1,300 U.S. military and government personnel has been given a compassionate release by a federal judge due to the coronavirus pandemic. Ardit Ferizi, who was arrested in 2015 at age 19 in Malaysia and later extradited to the U.S., must spend two weeks in quarantine before deportation by U.S. Immigrations and Customs Enforcement, according to the order from Judge Leonie M. Brinkema of the Eastern District of Virginia. Brinkema agreed with a request from Ferizi saying that his asthma and obesity put him at greater risk for contracting COVID-19. Ferizi will be deported to his home country of Kosovo, where he has a support network of family, the judge said. The judge expressed confidence that U.S. officials will be able to monitor his conduct online, given how quickly he was […]

The post Hacker who sent information on US personnel to Islamic State is freed by judge appeared first on CyberScoop.

Continue reading Hacker who sent information on US personnel to Islamic State is freed by judge→

An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’

Posted on December 2, 2020 by Joe Warminsky

If there’s one thing to read this week about Apple security, it’s researcher Ian Beer’s massive, spirited and highly detailed account of how he developed a powerful tool for breaking into nearby iPhones. The piece, “An iOS zero-click radio proximity exploit odyssey,” earned Beer high praise for his persistence in working out the attack, as well as thorough reporting of how he did it. He posted the magnum opus Tuesday on the blog for Google Project Zero, the tech giant’s team of zero-day hunters. Beer — known as one of the most skilled iOS hackers around — makes some things clear up top: The vulnerability was reported to Apple before the company launched coronavirus contact-tracing technology on iPhones in May. And no one should ever be lulled into a false sense of security, he says, when it comes to mobile devices. “The takeaway from this project should not be: no one will […]

The post An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’ appeared first on CyberScoop.

Continue reading An iOS exploit that enables iPhone takeover is described in cybersecurity researcher’s ‘work of art’→

Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says

Posted on December 1, 2020 by Joe Warminsky

Sometimes a sneaky Monero miner is more than just a sign of a crook. Cyber-espionage campaigns this summer in France and Vietnam deployed cryptocurrency mining software on victims’ networks to help draw attention away from the hackers’ spying tools, Microsoft says in a new report. The company’s threat intelligence unit has pinned the activity on an advanced persistent threat (APT) group it calls Bismuth, more commonly known as APT32 or OceanLotus. “Recent campaigns from the nation-state actor BISMUTH take advantage of the low-priority alerts coin miners cause to try and fly under the radar and establish persistence,” the researchers say in a report released Monday. In this case, the coin miners collected Monero, a cryptocurrency with a reputation for being harder to trace than other digital coins. The hacking group — which other cybersecurity researchers have linked to the Vietnamese government — has been developing new techniques to break into […]

The post Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says appeared first on CyberScoop.

Continue reading Cryptocurrency miners were ‘distraction technique’ in APT’s espionage campaigns, Microsoft says→

MacOS backdoor appears to be update of tool previously used by Vietnam-linked group

Posted on November 30, 2020 by Joe Warminsky

The hacking group known as APT32 or OceanLotus appears to have a new version of a tool used to infiltrate MacOS computers, according to researchers with cybersecurity company Trend Micro. The malicious software arrives as a .zip file that tries to disguise itself with a Microsoft Word icon, and it is engineered to evade detection by antivirus software, Trend Micro says. Once activated, the malware serves as a backdoor for other payloads that can exfiltrate data from an infected machine. It’s the latest sign of expanded or upgraded tactics from APT32, which is known for espionage campaigns that target Southeast Asia. Recent discoveries attributed to the group include efforts to use imitation news sites to spy on users and sometimes infect their machines with malware, and using the Google Play Store to distribute apps surreptitiously loaded with spyware. In this case, the MacOS backdoor appears to aimed at computers in Vietnam itself. “The […]

The post MacOS backdoor appears to be update of tool previously used by Vietnam-linked group appeared first on CyberScoop.

Continue reading MacOS backdoor appears to be update of tool previously used by Vietnam-linked group→

UK bill proposes stiff fines for companies that violate Huawei ban

Posted on November 24, 2020 by Joe Warminsky

The U.K. government is proposing big penalties for companies that fail to comply with telecommunications security requirements aimed at keeping technology from Huawei out of the country’s new high-speed networks. Legislation proposed Tuesday by Prime Minister Boris Johnson’s government would levy fines of as much as 100,000 pounds ($134,000) per day if companies don’t meet deadlines for new security requirements. The bill essentially would codify a decision by Johnson this summer to ban Huawei from the U.K.’s 5G and fiber optics networks because of security concerns. The U.S. had pressured Britain to block Huawei over its alleged ties to the Chinese state. The Trump administration has continued to expand restrictions on the company as the U.S. and China continue to battle over trade rules, internet policy and other tech issues. Huawei has denied it spies on customers at the behest of the Chinese government. The legislation clarifies what is expected […]

The post UK bill proposes stiff fines for companies that violate Huawei ban appeared first on CyberScoop.

Continue reading UK bill proposes stiff fines for companies that violate Huawei ban→

Another ‘Minecraft’ lesson for kids: Beware of deceitful adware apps

Posted on November 23, 2020 by Joe Warminsky

Part of the appeal of “Minecraft” is that the in-game experience is highly customizable with thousands of bits of third-party software. For mobile versions of the game, those “mods” can be downloaded as separate apps. If you pay attention to app-store security, you can probably guess where this is going, especially if you have kids. More than 20 of the “Minecraft” mods recently available in the Google Play Store didn’t do much for the game at all, and instead displayed ads on smartphones and tablets “in an extremely intrusive manner,” according to researchers at Kaspersky. The cybersecurity company says the store has taken down most of the apps since the researchers reported them, but a handful were still available as of Monday morning. Kaspersky’s findings are the latest reminder that mobile devices remain attractive targets for nuisance adware. And the makers of those sneaky apps aren’t really worried about customer […]

The post Another ‘Minecraft’ lesson for kids: Beware of deceitful adware apps appeared first on CyberScoop.

Continue reading Another ‘Minecraft’ lesson for kids: Beware of deceitful adware apps→