Scammers impersonate Europol chief in an effort to defraud Belgians

Scammers are impersonating the head of Europol, the European Union’s law enforcement agency, in an attempt to spook victims into handing over their financial information. The Belgian police have received hundreds of reports of emails purporting to come from Catherine De Bolle, Europol’s executive director, according to the Brussels Times. The email accuses the recipient of child pornography and sex trafficking, and then attempts to steal the PayPal account credentials. The email threatens to initiate criminal prosecution against the recipient unless they reply within 72 hours. Europol, which had warned about this type of scam in April, again urged internet users on Thursday not to fall for the gimmick. “Our executive director would never contact members of the public threatening individuals with opening a criminal investigation,” tweeted Europol, which does investigate lots of actual cybercrime. Cybercrooks often impersonate the law enforcement agencies that hunt them in an effort to intimidate […]

The post Scammers impersonate Europol chief in an effort to defraud Belgians appeared first on CyberScoop.

Continue reading Scammers impersonate Europol chief in an effort to defraud Belgians

New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

U.S. cybersecurity officials have scrambled to respond to one major hacking incident after another over the past nine months, from the alleged Russian intrusions into federal networks using bugged SolarWinds software, to the extortion of Colonial Pipeline, which controls the East Coast’s biggest fuel artery. Jen Easterly, the new director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), wants to break that cycle, and spend less time putting out fires and more time preparing for incidents in an attempt to reduce their impact. It’s a goal that will draw on Easterly’s experience working on cyber operations for the military, and her time trying to safeguard one of the largest U.S. investment banks from hackers. To date, actions taken by federal and private sector organizations “to protect us from threats are just not keeping pace,” she said in a recent interview. This month, Easterly set up the Joint Cyber Defense […]

The post New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them appeared first on CyberScoop.

Continue reading New CISA director wants to spend less time cleaning up after big hacks, more time preparing for them

Researchers show how to tamper with medication in popular infusion pumps using software flaws

McAfee security researchers on Tuesday said they had found multiple vulnerabilities in infusion pump software that, under certain conditions, a skilled hacker could use to alter a patient’s medication dose to a potentially unsafe level. The vulnerabilities are in equipment made by multinational vendor B. Braun that are used in pediatric and adult health care facilities in the United States. While there are no reports of malicious exploitation of the flaws, the research illustrates the challenge of securing devices conceived decades ago from 21st-century digital threats. The findings come as the health care sector reckons with a series of ransomware attacks that hit aging hospital computer networks during the pandemic. Medical devices “remain vulnerable to legacy issues that have persisted for many years and have exceptionally slow update or upgrade cycles,” said Steve Povolny, who heads the Advanced Threat Research team at McAfee. In a statement, B. Braun said the […]

The post Researchers show how to tamper with medication in popular infusion pumps using software flaws appeared first on CyberScoop.

Continue reading Researchers show how to tamper with medication in popular infusion pumps using software flaws

Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

The authors of a prolific internet-of-things botnet called Mozi have developed new capabilities for their malicious software to linger on infected device and avoid detection, Microsoft researchers said Thursday. A botnet is a horde of compromised computers that attackers use to distribute spam or ransomware, or conduct distributed denial of service (DDoS) attacks. The Mozi botnet’s malware now has features catered to networking equipment made by popular vendors Netgear, Huawei and ZTE so that the malicious code lives on when the device is rebooted, according to the research. The features could also make it harder for other malicious hackers to wipe code off of infected devices — malicious-on-malicious activity that is a feature of the scamming ecosystem. For network defenders, it’s an unwelcome development from a botnet that has been used to steal data and conduct DDoS attacks since surfacing in 2019. IBM researchers said last year that Mozi accounted […]

The post Mozi botnet gets stealthier in infecting Huawei network gateways and other gear appeared first on CyberScoop.

Continue reading Mozi botnet gets stealthier in infecting Huawei network gateways and other gear

Ohio man pleads guilty to role in $300-million cryptocurrency laundering service

A 38-year-old Ohio man has pleaded guilty to his role in a cryptocurrency laundering service that moved some $300 million on behalf of dark web marketplaces and other clients, the Justice Department said Wednesday. Larry Dean Harmon admitted to running Helix, a popular service for concealing the source of bitcoin transactions, from 2014 to 2017. Helix allegedly worked with AlphaBay, a notorious $1 billion marketplace for hacking tools and drugs that security researchers recently warned could be coming back online. Harmon faces up to 20 years in prison and a $500,000 fine, according to the Justice Department. A lawyer for Harmon could not be reached for comment. As part of his plea deal, Harmon agreed to forfeit more than $200 million in bitcoin. After a multi-year investigation of Helix, U.S. law enforcement arrested Harmon in his hometown of Akron in February, 2020. The U.S. Treasury’s Financial Crimes Enforcement Network has […]

The post Ohio man pleads guilty to role in $300-million cryptocurrency laundering service appeared first on CyberScoop.

Continue reading Ohio man pleads guilty to role in $300-million cryptocurrency laundering service

BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

A critical set of software flaws first revealed in April also affects code made by BlackBerry that is used in countless devices in the medical, automotive and energy sectors, the technology vendor confirmed on Tuesday. A hacker who exploits the so-called BadAlloc software vulnerabilities, which Microsoft researchers uncovered, could cause devices running the software to crash. In BlackBerry’s case, the attacker would need to first gain access to a targeted network and then go after devices that are exposed to the internet. The affected software is BlackBerry’s QNX Real-Time Operating System, a suite of software that manages data across a network. It’s unclear just how many devices are running the affected BlackBerry software. The firm said last year that its QNX software was embedded in more than 175 million cars alone. A BlackBerry spokesperson did not immediately respond to a request for comment. “These vulnerabilities may introduce risks for certain […]

The post BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings appeared first on CyberScoop.

Continue reading BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings

Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras

A flaw in software used by millions of smart home devices could allow hackers to intercept audio and video data on equipment such as baby monitors and web cameras, security researchers said Tuesday. The vulnerability is in a software protocol made by Taiwanese internet of things (IoT) vendor ThroughTek, which has customers including the Chinese electronics giant Xiaomi. ThroughTek says 83 million devices made by other brands, such as the camera vendor Wyze, run its software. To exploit the flaw, an attacker would need “comprehensive knowledge” of the software protocol, and to obtain unique identifiers used by the targeted device, according to Mandiant, a division of FireEye, which discovered the issue. With that access, a hacker could communicate with devices remotely, potentially leading to follow-on hacks. The Department of Homeland Security plans to issue a public advisory to raise awareness of the security issue, Mandiant said. Yi-Ching Chen, an employee […]

The post Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras appeared first on CyberScoop.

Continue reading Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras

Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability

The so-called PrintNightmare vulnerability in Microsoft software is turning into a dream for ransomware gangs. For the second time this week, security researchers have warned that extortionists exploited the critical flaw in an attempt to lock files and shake down victims. It shows how, more than a month after Microsoft disclosed the bug and urged users to update their software, a new round of exploitation is under way against vulnerable organizations. A ransomware group dubbed Vice Society recently seized on the PrintNightmare bug to move through an unnamed victim’s network and attempt to steal sensitive data, Talos, Cisco’s threat intelligence unit, said Thursday. A day earlier, cybersecurity firm CrowdStrike said that hackers using another type of ransomware had tried to use PrintNightmare to infect victims in South Korea. Neither Talos nor CrowdStrike named the targeted organizations. The PrintNightmare vulnerability affects how Windows’ Print Spooler manages interactions between computers and printers. […]

The post Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability appeared first on CyberScoop.

Continue reading Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability

Microsoft catches hackers using Morse Code to help cover their tracks

Clever hackers use a range of techniques to cover their tracks on a target computer, from benign-looking communication protocols to self-erasing software programs. It’s not very often, though, that digital attackers turn to Morse Code, a 177-year-old signaling system, for operational security. Yet that’s exactly what played a part in a year-long phishing campaign that Microsoft researchers outlined on Thursday. Morse Code — a method of representing characters with dots and dashes popularized by telegraph technology — was one of several methods that the hackers, whom Microsoft did not identify, used to obscure malicious software. It’s a reminder that, for all of their complexities, modern offensive and defensive cyber measures often rest on the simple concept of concealing and cracking code. Hackers were sending select targets fake invoices to try to convince them to cough up their passwords and, in some cases, to collect IP addresses and location data of […]

The post Microsoft catches hackers using Morse Code to help cover their tracks appeared first on CyberScoop.

Continue reading Microsoft catches hackers using Morse Code to help cover their tracks

Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business

It might be time to update the obituary of one of the web’s most notorious marketplaces for hacking tools and drugs. Four years after the FBI shut down AlphaBay, which registered a reported $1 billion in transactions, a scammer is touting the launch of a new version of the illicit marketplace, according to threat intelligence firm Flashpoint. In an online posting earlier this week, someone claiming to be one of the original moderators of AlphaBay said the marketplace was coming back into business, Flashpoint researchers noted. Among the offerings on the revamped AlphaBay, according to the posting, will be the source code of a hacking tool that steals banking credentials, and money, from victims. U.S. and European law enforcement agencies have in the last year conducted a series of crackdowns on popular dark-web forums. But the alleged resurrection of AlphaBay, dubbed the Amazon.com of the dark web, shows how difficult it can […]

The post Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business appeared first on CyberScoop.

Continue reading Four years after FBI shut it down, AlphaBay dark web marketplace claims it’s back in business