Patrick Howell O’Neill – Page 3

Cobalt Dickens threat group looks to be similar to indicted hackers

Posted on August 24, 2018 by Patrick Howell O'Neill

A mass credential-stealing campaign by hackers linked to the Iranian government and targeting 76 universities around the world was discovered this month by Secureworks, an Atlanta-based cybersecurity company owned by Dell. The campaign involved 16 domains, 300 spoofed websites and fake login pages, 76 targeted universities and 14 countries including the United States, Canada, United Kingdom and Japan, the company announced. “Universities are attractive targets for threat actors interested in obtaining intellectual property,” Secureworks’ researchers said on Friday. “In addition to being more difficult to secure than heavily regulated finance or healthcare organizations, universities are known to develop cutting-edge research and can attract global researchers and students.” The campaign is ongoing with the most recent domain having been registered on Aug. 19. Carried out by hackers that Secureworks researchers dub Cobalt Dickens, this campaign used some of the same infrastructure as the Iranian hackers indicted by the United States in […]

The post Cobalt Dickens threat group looks to be similar to indicted hackers appeared first on Cyberscoop.

Continue reading Cobalt Dickens threat group looks to be similar to indicted hackers→

Google removes dozens of YouTube channels linked to ‘influence operation’

Posted on August 23, 2018 by Patrick Howell O'Neill

Google removed dozens of YouTube channels, blogs and social media accounts linked to an “influence operation” allegedly sponsored by the Iranian government, the company announced on Thursday. Google also announced that it had recently notified Gmail users targeted by phishing campaigns from “a wide range of countries,” including Iran. Google linked the accounts to the Islamic Republic of Iran Broadcasting and dated the operation back to at least January 2017. Based on the global nature of the activity, it appears the operations are not targeted at the U.S. midterm elections. The action followed Monday’s termination of hundreds of accounts on Facebook and Twitter linked to a group known as “Liberty Front Press,” an effort also tied to Iran. “Our technical research has identified evidence that these actors are associated with the IRIB, the Islamic Republic of Iran Broadcasting,” Kent Walker, Google’s senior vice president of global affairs, said in a […]

The post Google removes dozens of YouTube channels linked to ‘influence operation’ appeared first on Cyberscoop.

Continue reading Google removes dozens of YouTube channels linked to ‘influence operation’→

Democrats find hackers targeting voter database

Posted on August 22, 2018 by Patrick Howell O'Neill

The Democratic National Committee reached out to the FBI after cybersecurity firm Lookout found a spearphishing operation aimed at breaking into the Democrats’ voter database, CNN reported on Tuesday. Lookout discovered the hacking attempt on Monday using its “phishing AI detection” tool which found a phishing site replicating the login to NGP VAN, the tech provider to Democratic and progressive campaigns and organizations. The DNC was the victim of an expansive and successful phishing campaign leading into the 2016 elections that saw thousands of internal emails made public. That campaign has been widely linked to Russian government-sponsored hackers. On Monday, the same day the attempted hacking campaign was first discovered, President Donald Trump again expressed doubt that Russians hacked Democratic targets in the 2016 campaign. “Our Principal Engineer for phishing, Jeremy Richards, received an alert from our phishing AI detection, and Lookout started to investigate the phishing site, which we […]

The post Democrats find hackers targeting voter database appeared first on Cyberscoop.

Continue reading Democrats find hackers targeting voter database→

New critical vulnerability exposes Apache Struts instances to remote attacks

Posted on August 22, 2018 by Patrick Howell O'Neill

A critical remote code execution vulnerability in Apache Struts, a popular open source web application software framework, allows hackers to take over targeted machines in attacks. The vulnerability (CVE-2018-11776) impacts the software, which is used by an estimated 65 percent of Fortune 100 companies and growing. Tuesday’s vulnerability is credited to insufficient validation of untrusted user data in the core of Struts. The announcement provoked a worried response from information security experts: 100% reliable RCE that where vulnerable targets are probably enumerable via Shodan… PATCH THIS. https://t.co/xj6yJjyjtk — Dino A. Dai Zovi (@dinodaizovi) August 22, 2018 The new Struts vulnerability was identified in April by Man Yue Mo from the Semmle Security Research Team. It was patched in June and publicly announced on Tuesday. Apache Struts users are urged to patch immediately. “Critical remote code execution vulnerabilities like the one that affected Equifax and the one we announced today are […]

The post New critical vulnerability exposes Apache Struts instances to remote attacks appeared first on Cyberscoop.

Continue reading New critical vulnerability exposes Apache Struts instances to remote attacks→

Talos: Remcos software is a surveillance tool posing as legitimate software

Posted on August 22, 2018 by Patrick Howell O'Neill

U.S. law enforcement has been alerted to the use of the Remcos RAT in multiple global hacking campaigns, according to Cisco’s Talos Security Intelligence and Research Group. The ads say Remcos Remote Access Tool is legal IT management software. But the RAT allows a user to sneak malware by security products and then secretly surveil a targeted computer. Remcos itself is sold by a German-registered company, Breaking Security, that markets it as a legitimate way to remotely access computers. However, the software has been spotted in hacking campaigns targeting defense contractors in Turkey, news agencies, diesel equipment manufacturers, airlines and energy sector companies. “What we found here is a piece of software being used by bad guys in a lot of different places,” Cisco Talos director Craig Williams told CyberScoop. “They sell a crypter attempting to make the malware undetectable, a keylogger payload, a mass mailer to mail it out and they even have […]

The post Talos: Remcos software is a surveillance tool posing as legitimate software appeared first on Cyberscoop.

Continue reading Talos: Remcos software is a surveillance tool posing as legitimate software→

Senator raises the specter of ‘hack back’ once again

Posted on August 21, 2018 by Patrick Howell O'Neill

For years, the United States has wrestled with this question: Should a private company be able to retaliate when its targeted by a cyberattack? Sen. Sheldon Whitehouse, D-R.I., raised the specter of “hacking back” once more on Tuesday when he argued for a more transparent process in which a private company could approach the government for permission and guidelines on retaliation. “If [a major CEO] wanted permission to figure out how to hack back, I don’t think he’d know what agency’s door to knock on to actually give him an answer,” Whitehouse said at a Judiciary Committee hearing on Tuesday. The Senator asked for written responses from the Department of Homeland Security and Office of the Director of National Intelligence about where a private sector actor could go to get an answer on the prospect of hacking back. “We ought to think hard about how and when to license hack-back […]

The post Senator raises the specter of ‘hack back’ once again appeared first on Cyberscoop.

Continue reading Senator raises the specter of ‘hack back’ once again→

Skype adds encrypted chat option for all users

Posted on August 20, 2018 by Patrick Howell O'Neill

Skype’s encrypted “Private Conversation” mode is now available to all users who opt in to the feature first revealed in January. Eight months ago, Microsoft’s Skype announced a partnership with developers of encrypted messaging app Signal to use its encryption protocol to secure chat, file exchange and recorded audio messages with end-to-end encryption. The new feature arrives less than a week after the U.S. government reportedly went to court in attempt to force Facebook to break the encryption on Messenger, a messaging app with over 1 billion users around the world. The information surrounding that case, first reported by Reuters, is extremely limited. Messenger also utilizes the Signal protocol for encryption in a feature called “Secret Conversations.” The recent court case revolves around government attempts to wiretap voice conversations by a Messenger user which is separate from the Secret Conversation implementation. Signal’s encryption protocol is also used by WhatsApp, another Facebook-owned app that also […]

The post Skype adds encrypted chat option for all users appeared first on Cyberscoop.

Continue reading Skype adds encrypted chat option for all users→

Report: Chinese probed Alaska organizations after trade talks in early 2018

Posted on August 16, 2018 by Patrick Howell O'Neill

As trade tensions between China and the U.S. heated up earlier this year, an Alaskan trade delegation visited China in late May. Immediately following that trip, companies and government organizations in Alaska experienced a dramatic spike in network reconnaissance activities from inside a top Chinese university, according to the cybersecurity firm Recorded Future. The reconnaissance activity was conducted with infrastructure at Tsinghua University that was previously associated with hacking of geopolitical targets in support of China’s economic development goals, Recorded Future’s researchers said. Chinese computers scanned Alaskan internet service providers and government websites for security vulnerabilities, a tactic that can signal an attempt to conduct cyberattacks. Research branches at Tsinghua — an elite Chinese research school in Beijing ranked as one of the best technical universities in the world — “also have connections to state organizations with a history of stealing U.S. technology,” Recorded Future’s Sanil Chohan, Winnona DeSombre, and Justin Grosfelt wrote. The analysis also connected sophisticated cyberespionage […]

The post Report: Chinese probed Alaska organizations after trade talks in early 2018 appeared first on Cyberscoop.

Continue reading Report: Chinese probed Alaska organizations after trade talks in early 2018→

Microsoft patches zero-day exploit against Internet Explorer

Posted on August 15, 2018 by Patrick Howell O'Neill

Researchers at Trend Micro recently discovered a high-risk zero-day exploit against the latest versions of Windows and Internet Explorer in malicious web traffic, the security firm announced on Wednesday. Microsoft issued patches this week. The vulnerability, dubbed CVE-2018-8373, is “a remote code execution vulnerability [that] exists in the way that the scripting engine handles objects in memory in Internet Explorer,” according to Microsoft. “The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” Microsoft said. The vulnerability is exploited by visiting a malicious web page or opening a malicious Microsoft Word document rendered with Internet Explorer. Internet Explorer is the second-most-popular web browser after Google Chrome. It’s also especially popular in enterprise environments, which means exploits can potentially be used to attack businesses and other large organizations. Trend Micro security researcher Elliot Cao is credited with discovery. […]

The post Microsoft patches zero-day exploit against Internet Explorer appeared first on Cyberscoop.

Continue reading Microsoft patches zero-day exploit against Internet Explorer→

Foreshadow, the new data-stealing vulnerabilities impacting Intel chips

Posted on August 14, 2018 by Patrick Howell O'Neill

Three new Spectre-class vulnerabilities that impact how Intel chips process information were revealed on Tuesday. The bugs mean data meant to be protected can be accessed by a hackers due to speculative execution leaks, a problem that’s plagued all modern processors since the beginning of the year. The problem, which ironically lays in Intel’s security technology SGX, may allow hackers to access private data including passwords and other files. The data can be stolen across virtual machines or applications on the same device. Speculative execution works like this: All modern chips make educated assumptions — the speculation — about what will happen next in order to speed up performance — the execution. The original class of attack included the Spectre (Variants 1 and 2) and Meltdown (Variant 3) vulnerabilities, discovered by Google’s Project Zero and made public in January. Virtually all modern computer chips have even impacted. There have been […]

The post Foreshadow, the new data-stealing vulnerabilities impacting Intel chips appeared first on Cyberscoop.

Continue reading Foreshadow, the new data-stealing vulnerabilities impacting Intel chips→