Author Archives: Patrick Howell O'Neill

DHS notifies 21 states of Russian hacking attempts prior to 2016 election

Posted on by

Nearly a year after the end of the 2016 campaign, the Department of Homeland Security on Friday night notified 21 states of attempted Russian hacking against their election systems. A small number of networks were compromised, CyberScoop has learned, but none of the targeted systems involved the tallying of votes. For the majority of the states targeted, only early-stage activity like scanning was seen. A minority of targeted states saw serious attempts to compromise networks, some of which were successful. ,Alabama, Colorado, Illinois, Minnesota, Maryland, Virginia, Wisconsin and Washington are among the states that have acknowledged receiving a notification. The remaining states are publicly unknown. News of the targeting first came to light in June when Jeanette Manfra, acting deputy undersecretary for cybersecurity and communications at the DHS’s National Protection and Programs Directorate, testified during a hearing held by the Senate Select Committee on Intelligence that focused on Russian interference in the U.S. election. […]

The post DHS notifies 21 states of Russian hacking attempts prior to 2016 election appeared first on Cyberscoop.

Continue reading DHS notifies 21 states of Russian hacking attempts prior to 2016 election

‘Confidential’ Verizon credentials, server logs left publicly exposed

Posted on by

Stop us if you’ve heard this before: Sensitive data was left publicly exposed on an Amazon Web Services S3 storage server owned by a billion-dollar corporation. This time the offender is Verizon Wireless who left data including server logs and internal credentials exposed, according to Kromtech Security Research Center. “Although no customers data are involved in this data leak, we were able to see files and data named ‘VZ Confidential’ and ‘Verizon Confidential’, some of which contained usernames, passwords and these credentials could have easily allowed access to other parts of Verizon’s internal network and infrastructure,” Bob Diachenko, a Kromtech executive, explained in a statement. “Another folder contained 129 Outlook messages with internal communications within Verizon Wireless domain, again, with production logs, server architecture description, passwords and login credentials.” The leak, first reported by ZDNet, is the latest in a long march of 2017 exposures highlighting just how easy it is […]

The post ‘Confidential’ Verizon credentials, server logs left publicly exposed appeared first on Cyberscoop.

Continue reading ‘Confidential’ Verizon credentials, server logs left publicly exposed

ISPs ‘likely’ helped infect targets of state surveillance

Posted on by

A spying tool known as FinFisher is involved in a seven-country campaign that most likely involve “complicit” internet providers helping to infect targets of surveillance, according to researchers with the cybersecurity firm ESET. “In two of the campaigns, the spyware has been spread via a man-in-the-middle attack and we believe that major internet providers have played the role of the man in the middle,” Filip Kafka, the ESET Malware Analyst who conducted the research, explained. This falls directly in line with FinFisher’s own marketing material which boasts it collaborates with internet service providers to distribute malicious files. ESET declined to name the countries or internet providers involved in the unprecedented scheme. The reason is “so as not to put anyone in danger,” the company said. Downloading a popular targeted application led users to be redirected to a malicious server hosting spyware enabling keylogging, file exfiltration and real-time surveillance. “The most important innovation is the way […]

The post ISPs ‘likely’ helped infect targets of state surveillance appeared first on Cyberscoop.

Continue reading ISPs ‘likely’ helped infect targets of state surveillance

Israeli startup touting ‘the longest range’ Wi-Fi spying tool in the world

Posted on by

Israel has a reputation for being home to some of the most capable offensive hacking firms on the planet. These shadowy companies sell wares to governments all over the world, and the market grows more and more competitive every year. Case in point: The launch of a new Israeli firm called WiSpear, which is sparking a new rivalry in the lucrative business of Wi-Fi interception. This tech is used by police, intelligence and military agencies, which pay hackers to break into the networks of chosen targets. WiSpear, launched in 2016 by a former commander in the Special Operations Unit of the Intelligence Corps in the Israeli Defense Force, sells the “SpearHead Wi-Fi Man-in-the-middle platform, ” promising to intercept a targeted Wi-Fi signal — and then steal data like social media passwords and other communications — at “the longest interception ranges” and with a design that can “integrate with any infection system.” The kilometers-long range is […]

The post Israeli startup touting ‘the longest range’ Wi-Fi spying tool in the world appeared first on Cyberscoop.

Continue reading Israeli startup touting ‘the longest range’ Wi-Fi spying tool in the world

New Android app lets people detect credit card skimmers at gas pumps

Posted on by

Cheap, quick and effective, credit card skimmers plague ATMs and point-of-sale posts around the world, stealing credit card numbers while being almost impossible to spot with the naked eye. That’s why Nate Seidle, CEO of the open source electronics firm SparkFun, developed a free, open-source skimmer detection app on Android that looks for the Bluetooth signals Seidle found on the skimmers he tested. Seidle built the app after his local police department asked him to take apart three skimmers that were found nearby gas pumps to see if it was possible to alert the victims. That was accomplished, but the developers went a step further and put together Skimmer Scanner to look for skimmers broadcasting 10-15 feet over Bluetooth as HC-O5 with the password 1234. Skimmers take seconds to install once an attacker acquires one of the physical master keys for a gas pump or ATM, opens up the machine, unplugs the credit card reader from the main controller, […]

The post New Android app lets people detect credit card skimmers at gas pumps appeared first on Cyberscoop.

Continue reading New Android app lets people detect credit card skimmers at gas pumps

Identity management firm SecureAuth acquired for $225 million, will merge with Core Security

Posted on by

California-based identity management company SecureAuth was acquired for $225 million by K1 Investment Management, the company announced Wednesday. The acquisition was followed by a merger with the Georgia-based cybersecurity firm Core Security, resulting in a company with 360 employees, 1,500 customers and a name that won’t be announced until 2018. Jeff Kukowski, currently the CEO at SecureAuth, will serve as the CEO of the new company, which will also be headquartered in California. SecureAuth offers two lines of products. SecureAuth IdP is an access product that addresses a variety of authentication requirements. SecureAuth Cloud Access is a security manager of cloud services addressing authentication, visibility, compliance, administration and various other security tools. Core Security does attack intelligence, network security and vulnerability management for enterprises. With over 200 employees, the majority of the new company’s workforce will be coming from Core. Kukowski pitched his new company as able to manage and visualize the “full attack […]

The post Identity management firm SecureAuth acquired for $225 million, will merge with Core Security appeared first on Cyberscoop.

Continue reading Identity management firm SecureAuth acquired for $225 million, will merge with Core Security

Viacom left master keys exposed on a public AWS server

Posted on by

The American media giant Viacom left one gigabyte of sensitive files publicly exposed, according to researchers from the cybersecurity firm UpGuard. It’s the latest in a long string of incidents in which a wide spectrum of companies have found out that moving to cloud computing like Amazon Web Services can come with cybersecurity pitfalls resulting from misconfiguration mistakes. The exposed files included Viacom’s secret cloud keys — information that a hacker could have used to take control of the company’s cloud servers. “Such a scenario could enable malicious actors to launch a host of damaging attacks, using the IT infrastructure of one of the world’s largest broadcast and media companies,” UpGuard’s Dan O’Sullivan explained. “The potential nefarious acts made possible by this cloud leak could have resulted in grave reputational and business damages for Viacom, on a scale rarely seen.” UpGuard researcher Chris Vickery originally found the leak Aug. 30 and notified Viacom the […]

The post Viacom left master keys exposed on a public AWS server appeared first on Cyberscoop.

Continue reading Viacom left master keys exposed on a public AWS server

Researchers steal bitcoin by exploiting SS7 vulnerabilities

Posted on by

Hackers have exploited a security weakness in global telecom networks to break into a GMail account, take control of a bitcoin wallet and steal over $4,000 in the cryptocurrency. Researchers from the cybersecurity firm Positive Technologies demonstrated the technique exploiting flaws in Signalling System No. 7 (SS7), a nearly 50-year-old set of protocols used to perform most of the world’s telephone calls and text messages, among other functions. SS7 has long been a target for sophisticated hackers intent on eavesdropping and attacking targets around the world. The attackers only needed a victim’s full name and phone number in order to eventually hack a wallet at the popular Bitcoin exchange Coinbase and take the virtual currency for themselves. The research focuses in on the issue of multi-factor authentication relying on text messages that can be intercepted by exploiting flaws in SS7 as demonstrated by Positive Technologies. “The inherent security vulnerabilities within the SS7 network, […]

The post Researchers steal bitcoin by exploiting SS7 vulnerabilities appeared first on Cyberscoop.

Continue reading Researchers steal bitcoin by exploiting SS7 vulnerabilities

Read: DHS releases details on Kaspersky product ban

Posted on by

The recent order to remove Kaspersky products from federal networks commands almost every government agency to act within the next 90 days, while also carving out a big hole for the Department of Defense and the U.S. intelligence community which are unaffected by the DHS action. The directive, which will be published in the Federal Register on Tuesday, lays out exactly which products are banned and which are exempt. The binding operational directive obtained by CyberScoop “does not address Kaspersky code embedded in the products of other companies.” That could potentially refer to Kaspersky products being used in other companies’ products, which are used widely across Pentagon and civilian agencies. Kaspersky is a multi-national company with a wide array of products, with many agencies harnessing tech that uses Kaspersky Cloud Security for enterprise. It’s not yet clear how many machines the directive will impact, but DHS should know within the next 30 days when […]

The post Read: DHS releases details on Kaspersky product ban appeared first on Cyberscoop.

Continue reading Read: DHS releases details on Kaspersky product ban

Equifax executives retire one week after massive security breach

Posted on by

Two Equifax executives are retiring from Equifax just one week after the credit reporting firm announced a security incident in which over 143 million records were compromised, according to an announcement made late Friday. The Chief Information Officer, David Webb, and Chief Security Officer, Susan Mauldin, are no longer with the company effective immediately. Mark Rohrwasser, who has led Equifax’s international IT operations since 2016, is now interim CIO. Russ Ayres, previously the Vice President in the IT organization at Equifax, is interim CSO and reports directly to Rohrwasser. The move comes as part of a thorough review and reaction to the breach announced on Sept. 7. The internal investigation into the incident, led by the cybersecurity firm Mandiant, is ongoing and the FBI is investigating as well. Equifax also issued updates on its internal investigation noting that it saw “suspicious network traffic” on July 29 and, in the midst of looking into that traffic, found additional suspicious activity. […]

The post Equifax executives retire one week after massive security breach appeared first on Cyberscoop.

Continue reading Equifax executives retire one week after massive security breach