Sean Lyngaas – Page 10 – WindowsTechs.com

Geico data breach opens door to unemployment scams

Posted on April 19, 2021 by Sean Lyngaas

Over the course of six weeks earlier this year, fraudsters repeatedly stole driver’s license numbers from a database maintained by Geico. Now, the motor vehicle insurer is warning customers that the scammers could apply for unemployment benefits using the pilfered data. “If you receive any mailings from your state’s unemployment agency/department, please review them carefully and contact that agency/department if there is any chance fraud is being committed,” Sheila King, a manager for data privacy at Geico, wrote in a breach notice letter posted to the website of California’s attorney general on April 15. The perpetrators of the breach used personal information on Geico customers that they acquired elsewhere to access Geico’s sales system and steal the driver’s license numbers, according to King. Geico has taken “additional security enhancements” to guard against fraud on its website in light of the incident, King added. It was unclear how many people were […]

The post Geico data breach opens door to unemployment scams appeared first on CyberScoop.

Continue reading Geico data breach opens door to unemployment scams→

FIN7 ‘technical guru’ sentenced to 10 years in prison

Posted on April 16, 2021 by Sean Lyngaas

A U.S. federal judge on Friday sentenced Fedir Hladyr to 10 years in prison for his alleged role as an administrator of the multibillion-dollar cybercrime group known as FIN7, which has breached hundreds of U.S. firms. The 10-year sentence includes three years Hladyr has already spent in detention since his arrest, and $2.5 million in restitution to be distributed to victims. FIN7 is one of the most formidable cybercriminal groups of the last decade, allegedly siphoning off millions of credit card numbers from restaurant and hospitality chains in 47 U.S. states. And Hladyr, a Ukrainian in his mid-30s, is allegedly a big reason that FIN7 operated like a well-oiled multinational corporation. Hladyr allegedly controlled an instant messaging service that the crime group used to upload stolen payment card data and screenshots from hacked financial firms. He also allegedly organized FIN7’s work through a project-tracking software that managed thousands of stolen usernames […]

The post FIN7 ‘technical guru’ sentenced to 10 years in prison appeared first on CyberScoop.

Continue reading FIN7 ‘technical guru’ sentenced to 10 years in prison→

How (and why) cyber specialists hacked a North American utility’s smart meter

Posted on April 16, 2021 by Sean Lyngaas

The hackers behind some of the most impactful intrusions of industrial organizations in the last five years have meticulously searched for ways to move from facilities’ IT networks to the more sensitive computers that interact with machinery. Before alleged Russian hackers cut power in Ukraine in 2015, for example, they spent many months mapping out utility computer networks and gathering grid workers’ credentials. And the hackers that triggered the 2017 shutdown of a Saudi petrochemical plant with the so-called Triton malware are known for using dozens of different tools to maintain access to IT and industrial networks. As state-sponsored hackers continue to probe U.S. infrastructure, cybersecurity experts regularly emulate those landmark attacks today to break into their clients’ networks in order to protect them. The latest example comes from Mandiant, FireEye’s incident response unit, which this week publicized the techniques it used to infiltrate a North American utility’s industrial control systems […]

The post How (and why) cyber specialists hacked a North American utility’s smart meter appeared first on CyberScoop.

Continue reading How (and why) cyber specialists hacked a North American utility’s smart meter→

White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign

Posted on April 15, 2021 by Sean Lyngaas

The Biden administration on Thursday imposed sweeping sanctions on Russian intelligence operatives for their alleged interference in the 2020 U.S. election, and on Russian companies for allegedly supporting Moscow’s extensive cyber-espionage operations. The Treasury Department sanctioned 32 organizations and individuals for their alleged influence operations aimed at the U.S. election. The White House said it was part of an effort to “disrupt the coordinated efforts of Russian officials, proxies, and intelligence agencies to delegitimize our electoral process.” As part of the crackdown, Treasury sanctioned six Russian tech firms for allegedly providing support to Russian intelligence services’ hacking operations by developing malicious software or setting up IT infrastructure. U.S. officials also made official what had long been rumored: They believe with “high confidence” that Russia’s foreign intelligence agency, the SVR, carried out the hacking campaign that has exploited software made by contractor SolarWinds and other vendors to infiltrate nine U.S. agencies […]

The post White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign appeared first on CyberScoop.

Continue reading White House slaps sanctions on Russian cyber activities while blaming SVR for SolarWinds campaign→

With court order, FBI removes hundreds of Exchange Server web shells from US organizations

Posted on April 14, 2021 by Sean Lyngaas

The FBI has used a court order to remove malicious code from hundreds of U.S. computers running the Microsoft Exchange Server email program, Justice Department officials announced Tuesday. The court-ordered removal of the web shells, or scripts used by hackers for persistent access, is one of the most aggressive actions taken yet by U.S. government officials or corporate executives to combat the Exchange Server vulnerabilities since Microsoft announced on March 2 that suspected Chinese spies were exploiting them. The alleged Chinese hackers used the flaws to steal emails from targeted organizations, according to private-sector analysts, but an array of scammers have since exploited the bugs for their own purposes. In the days after Microsoft revealed the vulnerabilities, incident responders estimated that tens of thousands of U.S. organizations running Exchange Server could be exposed to potential hacking. Many of those organizations have removed the web shells, but Justice Department officials said […]

The post With court order, FBI removes hundreds of Exchange Server web shells from US organizations appeared first on CyberScoop.

Continue reading With court order, FBI removes hundreds of Exchange Server web shells from US organizations→

Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says

Posted on April 13, 2021 by Sean Lyngaas

About a quarter of roughly 1,500 electric utilities sharing data with the North American power grid regulator said they installed the malicious SolarWinds software used by suspected Russian hackers, the regulator said on Tuesday. The electric utilities did not report any significant follow-on activity from the hackers, but the broad exposure of the sector points to the challenges of protecting utilities from supply-chain breaches. A minority of the electric-sector organizations that downloaded the malicious code used the affected SolarWinds software in their “operational technology” networks, a broad term for more sensitive software and hardware used to manage industrial operations, according to the North American Electric Reliability Corp. NERC is a not-for-profit regulatory authority backed by the U.S. and Canadian governments. But Manny Cancel, a senior vice president at NERC, said clear communication on the espionage campaign from the U.S. government helped the sector to reduce its exposure to any […]

The post Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says appeared first on CyberScoop.

Continue reading Hundreds of electric utilities downloaded SolarWinds backdoor, regulator says→

NSA says it found new critical vulnerabilities in Microsoft Exchange Server

Posted on April 13, 2021 by Sean Lyngaas

The National Security Agency on Tuesday said it alerted Microsoft to a fresh batch of critical vulnerabilities that hackers could exploit to remotely compromise the Exchange Server email software program. Microsoft said that it hadn’t see any hacks using the vulnerabilities on its customers, but the news comes at a time of heightened concern over bugs in Exchange Server. Microsoft on March 2 revealed that suspected Chinese spies had exploited another set of flaws in Exchange Server to siphon off emails from targeted U.S. organizations. A bevy of opportunistic cybercriminals proceeded to exploit those vulnerabilities, to which tens of thousands of U.S. businesses and state and local organizations were reportedly exposed. The latest software bugs that the NSA discovered are in the 2013, 2016 and 2019 versions of Exchange Server. Microsoft said that the vulnerabilities, if exploited, could allow an attacker to execute code remotely on a target computer. Like […]

The post NSA says it found new critical vulnerabilities in Microsoft Exchange Server appeared first on CyberScoop.

Continue reading NSA says it found new critical vulnerabilities in Microsoft Exchange Server→

Ex-DHS chief confirms suspected Russian hackers targeted his email account

Posted on April 12, 2021 by Sean Lyngaas

Former acting Homeland Security Secretary Chad Wolf on Monday confirmed news reports that the suspected Russian spies behind a multi-prong breach of federal networks had targeted his email account while in office. “The fact that they got my email and knew that I was running late to meetings or I had a schedule change [was] not that big of a deal at the end of the day, but the overall access was,” Wolf said during a webinar hosted by the Heritage Foundation. “If they have the ability to do that, what else did they have the ability to do? Or what else did we not have insight into?” added Wolf, who served as President Donald Trump’s last Homeland Security secretary before stepping down in January. Wolf’s comments come after the Associated Press reported on March 29 that the suspected Russian hackers had accessed his email account and those of some […]

The post Ex-DHS chief confirms suspected Russian hackers targeted his email account appeared first on CyberScoop.

Continue reading Ex-DHS chief confirms suspected Russian hackers targeted his email account→

White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief

Posted on April 12, 2021 by Sean Lyngaas

President Joe Biden has picked two veterans of the National Security Agency, Chris Inglis and Jen Easterly, for senior cybersecurity positions at the White House and Department of Homeland Security, the White House said Monday. Biden intends to nominate Inglis as the national cyber director and Easterly as the director of DHS’s Cybersecurity and Infrastructure Security Agency, the White House said in a statement. Both positions are subject to Senate confirmation. The nominations come as the Biden administration continues to grapple with two high-profile hacking operations linked to Russia and China that have exposed vulnerabilities in federal, state and local government networks. The national cyber director is a new, congressionally mandated role designed to make the government better at responding to those types of major hacks. If confirmed, Inglis, who spent nearly three decades at the NSA, will be charged with coordinating offensive and defensive operations across the vast federal […]

The post White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief appeared first on CyberScoop.

Continue reading White House to nominate NSA veterans Chris Inglis, Jen Easterly as national cyber director, CISA chief→

White House asks for additional $110 million in CISA funding to address cyber threats

Posted on April 9, 2021 by Sean Lyngaas

The White House on Friday asked Congress for $110 million in additional funding in 2022 to help the Department of Homeland Security shore up federal and state defenses in the wake of high-profile hacking operations. The money would allow DHS’s Cybersecurity and Infrastructure Security Agency to improve its defensive tools, hire more experts and “obtain support services to protect and defend federal information technology systems,” Shalanda Young, the acting director of the Office of Management and Budget, wrote in an April 9 letter to congressional appropriators. It would add to a recent $650 million funding boost for CISA that was part of the coronavirus relief package cleared by Congress. The White House’s discretionary funding request for CISA in fiscal 2022 totals $2.1 billion, or $110 million more than Congress allotted the agency the previous fiscal year. Discretionary budgets are those that Congress can alter with appropriations bills, in contrast to the […]

The post White House asks for additional $110 million in CISA funding to address cyber threats appeared first on CyberScoop.

Continue reading White House asks for additional $110 million in CISA funding to address cyber threats→