Sean Lyngaas – Page 12 – WindowsTechs.com

How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals

Posted on March 31, 2021 by Sean Lyngaas

Suspected Iranian hackers have impersonated a well-known Israeli physicist as part of a broader campaign to break into the email accounts of some two-dozen medical researchers in Israel and the U.S., email security firm Proofpoint said Wednesday. The intrusion attempts — carefully crafted efforts to spy on senior medical professionals in the genetic, neurology and oncology fields — are the handiwork of the Charming Kitten hacking group, Proofpoint said. A 2019 U.S Justice Department indictment linked the group to the Iranian military. The phishing campaign shows how, more than a decade after the Stuxnet worm’s infiltration of an Iranian nuclear facility, hacking is still central to the high-stakes spying game between Iran, Israel and the U.S. And it is but one of several recent examples, including the targeting of the 2020 U.S. election, of how Iranian hackers are capable of threatening U.S. interests. In this case, the suspected Iranian […]

The post How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals appeared first on CyberScoop.

Continue reading How alleged Iranian hackers are posing as an Israeli scientist to spy on US medical professionals→

Hackers try to bug PHP programming language in supply chain cautionary tale

Posted on March 29, 2021 by Sean Lyngaas

Unidentified hackers have tried to plant malicious code in PHP, a programming language used in an estimated 79% of websites. The developers who maintain PHP said Sunday that the attackers likely broke in through a PHP server, and made two “commits,” or attempted changes to the PHP source code. It’s but one example of the supply-chain vulnerabilities inherent in the basic building blocks of popular websites. “While investigation is still underway, we have decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the git.php.net server,” Nikita Popov, a software developer who helps maintain PHP, said in a statement. Popov said PHP would move its code repositories to GitHub, an open-source platform for software developers. Popov did not immediately respond to a request for comment, but told Bleeping Computer that PHP’s maintainers had caught the malicious code before it was introduced publicly […]

The post Hackers try to bug PHP programming language in supply chain cautionary tale appeared first on CyberScoop.

Continue reading Hackers try to bug PHP programming language in supply chain cautionary tale→

Hackers target German lawmakers in an election year

Posted on March 26, 2021 by Sean Lyngaas

Hackers have attempted to breach the private email accounts of certain German parliamentarians, a spokesperson for the legislative body confirmed Friday, in the latest example of cyber campaigns aimed at German politicians. German national security officials have briefed the parliament, known as the Bundestag, on the incident, and all the affected lawmakers have been informed, said Frank Bergmann, a Bundestag spokesperson. It was not immediately clear whether the phishing attempts were successful, who was responsible or what their goal was. Spokespeople for the BSI, Germany’s federal cybersecurity agency, and the BfV, the country’s domestic intelligence agency, declined to comment. The attempted intrusions comes six months ahead of Germany’s national elections. The German parliament has been a recurring target for foreign hackers, including a 2015 breach that the European Union blamed on Russia’s military intelligence agency. Since the Russian hack-and-leak operation aimed at the 2016 U.S. election, governments around Europe have […]

The post Hackers target German lawmakers in an election year appeared first on CyberScoop.

Continue reading Hackers target German lawmakers in an election year→

China-based hackers used front companies to hack Uighurs, Facebook says

Posted on March 24, 2021 by Sean Lyngaas

Facebook on Wednesday exposed what it said was a long-running hacking campaign targeting Uighurs living around the world and supported by Chinese technology firms. The scheme was aimed at journalists and dissidents, and affected Uighurs living in places like as far-flung as U.S., Turkey and Australia. It involved fake Facebook personas duping targets into clicking on links, as well as malicious Android and iOS software, Facebook said. Facebook said it’s aware of less than 500 people whom the campaign targeted. Facebook’s investigators traced the Android malware developers in the hacking campaign to Chinese firms Beijing Best United Technology and Dalian 9Rush Technology. Neither could be reached for comment on Wednesday. China has a history of allegedly using front companies as cover for its hacking operations. The hacking campaign began as far as back as 2019, and Facebook executives said they expected the attackers to continue their spying efforts. It’s only […]

The post China-based hackers used front companies to hack Uighurs, Facebook says appeared first on CyberScoop.

Continue reading China-based hackers used front companies to hack Uighurs, Facebook says→

Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion

Posted on March 23, 2021 by Sean Lyngaas

Honeywell, a Fortune 100 firm that makes aerospace and energy equipment, said Tuesday that malware had disrupted “a limited number” of its computer systems. Honeywell said it had “returned to service” following the incident, but the Charlotte, North Carolina-based firm’s statement did not elaborate on how service was disrupted. A Honeywell spokesperson did not immediately respond to questions on the incident, including whether ransomware was involved and who was responsible. Honeywell, which reported some $33 billion in sales last year, said it did not expect the malware disruption to have a “material impact” on the firm. Honeywell called in Microsoft to help remediate the intrusion, and the computer systems have “since been secured,” the statement said. “Our investigation is ongoing, but at this point, we have not yet identified any evidence that the attacker exfiltrated data from our primary systems that store customer information,” Honeywell added. “If we discover that […]

The post Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion appeared first on CyberScoop.

Continue reading Industrial giant Honeywell says it has ‘returned to service’ after cyber intrusion→

Ransomware attacks hit event-management, wireless technology firms

Posted on March 23, 2021 by Sean Lyngaas

A Washington, D.C.-area event-management firm and a Canadian wireless technology provider are dealing with separate ransomware incidents — a reminder of a digital scourge that costs U.S. businesses many millions of dollars a year. The incidents come as the Department of Homeland Security has undertaken a new initiative, backed by $25 million in additional funding, to combat a steady stream of ransomware attacks. Ransomware attackers encrypted the systems of the events firm, Spargo Inc., on March 14, according to a notification sent by the Armed Forces Communications and Electronics Association (AFCEA), a Spargo client. Law enforcement personnel are investigating the incident, which may have exposed the phone numbers and physical and email addresses of some people who have attended AFCEA events, according to the notification. AFCEA hosts popular government and industry events that U.S. military officers regularly attend. The ransomware incident does not appear to have involved more sensitive information […]

The post Ransomware attacks hit event-management, wireless technology firms appeared first on CyberScoop.

Continue reading Ransomware attacks hit event-management, wireless technology firms→

Thousands of Exchange servers breached prior to patching, CISA boss says

Posted on March 22, 2021 by Sean Lyngaas

A U.S. government cybersecurity official on Monday warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached. “Patching is not sufficient,” said Brandon Wales, acting head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). “There are literally thousands of compromised servers that are currently patched. And these system owners, they believe they are protected.” “We’re seeing improvements there, but more work needs to be done,” Wales said at an event hosted by Auburn University’s McCrary Institute. “The vulnerabilities can be scriptable, allowing automation exploitation, and that’s just a risk that’s unacceptable.” Everyone from suspected Chinese spies to ransomware gangs have in the last month moved to exploit the flaws in Exchange Server, a popular email software. At least one of the bugs could […]

The post Thousands of Exchange servers breached prior to patching, CISA boss says appeared first on CyberScoop.

Continue reading Thousands of Exchange servers breached prior to patching, CISA boss says→

Hackers are exploiting new F5 bug in the wild

Posted on March 22, 2021 by Sean Lyngaas

That didn’t take long. Just days after enterprise IT provider F5 Networks disclosed critical vulnerabilities in its software, researchers say hackers have exploited one of the bugs in attempted intrusions. “Starting this week and especially in the last 24 hours … we have observed multiple exploitation attempts against our honeypot infrastructure,” researchers from security firm wrote in a blog post Thursday. The situation escalated over the weekend, with proof-of-concept exploits posted to Twitter that make it easier to take advantage of the bug. Government agencies and big corporations alike use the F5 software, known as BIG-IP, to manage data on their networks. The vulnerability documented by NCC Group could allow an attacker to execute code remotely on a system and delete data. It is one of a slew of BIG-IP flaws that F5 revealed on March 10. Security fixes are available. It was unclear whether the exploitation NCC Group observed went […]

The post Hackers are exploiting new F5 bug in the wild appeared first on CyberScoop.

Continue reading Hackers are exploiting new F5 bug in the wild→

Two Infraud members sentenced for role in $568 million crime gang, US says

Posted on March 19, 2021 by Sean Lyngaas

A U.S. federal judge has sentenced two men — one from Russia, the other from North Macedonia — to prison terms of 10 and five years, respectively, for their role in a $568 million cybercriminal ring that stole payment cards and personal data from around the world. Both Sergey Medvedev of Russia and Marko Leopard of North Macedonia had pleaded guilty last year to a racketeering conspiracy, the U.S. Justice Department said in announcing the sentencing Friday. The jail time is the latest in a series of moves by U.S. prosecutors against the once-powerful crime ring, known as Infraud, which Medvedev allegedly co-founded. At its height, Infraud had more than 10,000 members and became a go-to place for “carding,” or buying things online with stolen credit card data. But a U.S. indictment of 36 of the organization’s affiliates in 2018, and subsequent arrest of 13 alleged members, effectively put Infraud out of […]

The post Two Infraud members sentenced for role in $568 million crime gang, US says appeared first on CyberScoop.

Continue reading Two Infraud members sentenced for role in $568 million crime gang, US says→

Electric equipment giant Schweitzer joins US testing program to defend grid from hacking threats

Posted on March 19, 2021 by Sean Lyngaas

A major supplier of U.S. electrical equipment has joined a Department of Energy-funded research program to defend industrial infrastructure from hacking, the Biden administration announced Thursday. As part of the program, Schweitzer Engineering Laboratories, which makes gear that helps power the grid, will submit products for testing to the Idaho National Laboratories (INL). The Department of Energy-backed INL hosts some of the U.S. government’s most talented penetration testers of industrial equipment. The program is “especially [important] now with nation-states paying particular interest to the electric sector,” David Whitehead, Schweitzer’s chief executive, said in an interview. The vulnerability-testing initiative is known as the Cyber Testing for Resilient Industrial Control System (CyTRICS) program, and has been in the works for at least two years. But it has taken on greater importance amid reports of a growing number of foreign hacking groups probing industrial control systems, the hardware and software that underpin energy systems. […]

The post Electric equipment giant Schweitzer joins US testing program to defend grid from hacking threats appeared first on CyberScoop.

Continue reading Electric equipment giant Schweitzer joins US testing program to defend grid from hacking threats→