Author Archives: Sean Lyngaas

Verkada breach spotlights ongoing concerns over surveillance firms’ security

Posted on by

Even for Elisa Costante, who studies vulnerabilities in surveillance devices for a living, the breach at the security-camera startup Verkada was startling.  A group of hackers earlier this month claimed to have access to some 150,000 live-camera feeds that Verkada maintains in schools, prisons and hospitals. The incident provided outsiders with an entry into live video feeds at companies including Tesla, and enabled hackers to access archived video from Verkada subscribers. “It really opens the eyes on what can happen” when an attacker exploits access to a web of insecure surveillance devices, said Costante, a senior director at security vendor Forescout Technologies. The U.S. Department of Justice on Thursday announced an indictment against Tillie Kottman, one of the people who claimed responsibility for the incident, for alleged computer and wire fraud, and aggravated identity theft. The charges don’t mention the Verkada breach, and accuses Kottmann, who lives in Switzerland, and others […]

The post Verkada breach spotlights ongoing concerns over surveillance firms’ security appeared first on CyberScoop.

Continue reading Verkada breach spotlights ongoing concerns over surveillance firms’ security

Finland implicates China-linked APT31 in parliament hack

Posted on by

The Finnish government has blamed a group of suspected Chinese spies for hacking into the Finnish parliament last year and accessing emails. In a statement Thursday, Finnish intelligence officials pointed the finger at APT31, a hacking group that security researchers say operates on behalf of Chinese interests. The intrusions began last fall and were revealed in December, when the speaker of the Finnish parliament described it as  “hostile cyber activity” that could harm Finnish interests. The Finnish Security and Intelligence Service labeled it a state-backed operation. That statement said APT31 was responsible, but did not name China directly. Separately, Finnish police on Thursday describe the hacking as “aggravated espionage” and “message interception.” The Finnish statements are part of a pattern of increased willingness of U.S. allies in Europe to blame specific hacking groups for spying campaigns. Viktor Rantala, a Finnish scholar, said it was the first time that he could recall that […]

The post Finland implicates China-linked APT31 in parliament hack appeared first on CyberScoop.

Continue reading Finland implicates China-linked APT31 in parliament hack

Twitter hacker pleads guilty, sentenced to 3 years

Posted on by

A Florida teenager has admitted to orchestrating the hijacking of celebrity Twitter accounts last year as part of a plea deal that will see him serve three years in a juvenile facility, prosecutors said Tuesday. Graham Ivan Clark, 18, admitted to being behind a scheme that saw him steal more than $117,000 by taking over the Twitter accounts of numerous public figures and then blasted out tweets promoting cryptocurrency, according to prosecutors in Hillsborough County, Fla. More than 100 high profile people, from Microsoft founder Bill Gates to former president Barack Obama, had their accounts targeted in an incident that exposed glaring vulnerabilities in Twitter’s security protocols. Clark was 17 when he was arrested, and prosecutors touted the plea deal as a chance for him to mend his ways. The agreement includes three years of supervised release. Clark pleaded guilty to obtaining unauthorized access to a computer, and to numerous counts […]

The post Twitter hacker pleads guilty, sentenced to 3 years appeared first on CyberScoop.

Continue reading Twitter hacker pleads guilty, sentenced to 3 years

Foreign operatives were active in 2020 but did not alter vote, US officials say

Posted on by

Russian, Chinese and Iranian government-linked operatives were active in advance of the 2020 U.S. presidential election, but their intrusions into U.S. organizations did not compromise the integrity of the vote, U.S. officials said Tuesday. The report released Tuesday by the departments of Homeland Security and Justice points to growing interest by an array of foreign actors to influence U.S. voters, but “found no evidence that any foreign government-affiliated actor manipulated election results or otherwise compromised the integrity” of the 2020 vote. “The playbook of Russia in 2016 is out there,” Geoffrey Hale, head of CISA’s Election Security Initiative, said in an interview. “Even in a very secure election, there are incidents, and in this cycle, you saw multiple nation-states involved.” In a separate finding made public Tuesday, the U.S. intelligence community said Russia and Iran had conducted multi-faceted operations to try to influence the vote, and that China had “considered, […]

The post Foreign operatives were active in 2020 but did not alter vote, US officials say appeared first on CyberScoop.

Continue reading Foreign operatives were active in 2020 but did not alter vote, US officials say

Another Mirai variant used in attempted hacks on routers, switches

Posted on by

Four years after being used in one of the most powerful distributed denial-of-service attacks on record, the so-called Mirai malware continues to haunt the internet. Researchers on Monday evening revealed that attackers used a new variant of the malicious software in a string of ongoing hacking attempts against devices like routers and switches. The attackers are using no less than eight flaws in popular networking gear to try to remotely commandeer the devices, according to Palo Alto Networks’ Unit 42, the research outfit that made the discovery. After breaking into a device, the attackers try to download malicious code to deploy Mirai variants, Unit 42 said. The concern is that they could use that access to steal data from the device, or conscript it into a botnet, a horde of infected computers used for spamming or distributed denial-of-service (DDoS) attacks, which stifle connectivity by flooding a network with phony traffic. […]

The post Another Mirai variant used in attempted hacks on routers, switches appeared first on CyberScoop.

Continue reading Another Mirai variant used in attempted hacks on routers, switches

Google rushes out fix for another Chrome zero-day flaw

Posted on by

Google has released an urgent software update for a flaw in the popular Chrome browser amid reports that an exploit for the bug is already available.  The vulnerability is in Blink, the feature that Chrome uses to convert HTML code to web pages, and could allow an attacker to execute code remotely or conduct a denial-of-service attack on a machine, according to IBM. An anonymous researcher reported the issue to Google on March 9, and the company released a fix for the bug on March 12. It’s the third so-called zero-day, or previously unknown, vulnerability that Chrome has addressed this year. It’s an example of the high-stakes cat-and-mouse game between attackers searching for holes in popular software and vendors moving to plug them. In a blog post, Google Chrome’s Prudhvikumar Bommana did not offer additional details on the bug. “Access to bug details and links may be kept restricted until […]

The post Google rushes out fix for another Chrome zero-day flaw appeared first on CyberScoop.

Continue reading Google rushes out fix for another Chrome zero-day flaw

DHS cyber official Rick Driggers heads to the private sector

Posted on by

Rick Driggers, a longtime cybersecurity official at the Department of Homeland Security, is leaving government for the private sector in May, CyberScoop has learned. Since September, Driggers has led CISA’s Integrated Operations Division, which houses the agency’s center for sharing cyberthreat information with American companies and oversees the agency’s field offices across the country. His work has included co-chairing a working group with critical infrastructure firms on the security of industrial control systems  — a field that the agency has pledged to invest greater resources in. An Air Force veteran turned civil servant, Driggers has been at DHS for most of the last 17 years, rising in the ranks to serve as key official in the department’s two-year-old Cybersecurity and Infrastructure Security Agency. Driggers is one of many career civil servants who stuck with the agency through the turmoil of the Trump years, and after the White House purged CISA’s […]

The post DHS cyber official Rick Driggers heads to the private sector appeared first on CyberScoop.

Continue reading DHS cyber official Rick Driggers heads to the private sector

Alleged Verkada hacker says police raided their home in Switzerland

Posted on by

One of the hackers who claimed responsibility for breaking into the networks of camera surveillance firm Verkada says police have raided their home in Switzerland. Tillie Kottman said in a social media post that the raid occurred Friday morning in the Swiss city of Lucerne and resulted in the confiscation of their electronic devices. Kottman has claimed to be part of a group of hackers the broke into the networks of Silicon Valley-based Verkada, and reportedly accessed live feeds of 150,00 cameras in hospitals, prisons and other organizations. The raid was part of a criminal case against Kottmann that U.S. prosecutors are pursuing out of the Western District of Washington, according to Bloomberg News, which was first to report on the raid. Kottmann is accused of identity theft, fraud and breaking into protect computers, Bloomberg reported. A Justice Department spokesperson did not respond for a request for comment on Friday. Police […]

The post Alleged Verkada hacker says police raided their home in Switzerland appeared first on CyberScoop.

Continue reading Alleged Verkada hacker says police raided their home in Switzerland

Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

Posted on by

The floodgates appear to be open on critical bugs in Microsoft software as a predictable bevy of scammers — from a ransomware actor to cryptocurrency conmen — have flocked to vulnerable email servers. The new incidents make clear that what started as a reported China-linked spying operation to steal data from the Microsoft email program has devolved into an opportunistic romp for criminals. The number of attempts to exploit the email software program, known as Exchange Server, doubled every two to three hours over the course of 24 hours, Israeli security firm Check Point said Thursday. Government organizations, along with manufacturing and financial firms, were the top sectors targeted. The researchers cautioned however, that they have yet to see intrusions that successfully string all of the vulnerabilities together. At least one ransomware actor has now entered the fray. Microsoft said late Thursday that crooks were using a new family of […]

The post Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs appeared first on CyberScoop.

Continue reading Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

GitHub removes researcher’s Exchange Server exploit, sparking industry debate

Posted on by

Microsoft-owned GitHub has removed a security researcher’s proof-of-concept exploit for vulnerabilities in Microsoft software that are at the center of widespread malicious cyber activity. The decision immediately touched off debate in the cybersecurity industry over when researchers should refrain from releasing software exploits and how software repositories like GitHub should govern their users. It’s an unusually sensitive situation: A slew of Chinese state-linked hackers have already exploited the flaws in Exchange Server, a popular email software, and analysts fear cybercriminals could be not far behind in abusing the bugs. And now the concern for some security analysts is that researcher Nguyen Jang’s release of a proof-of-concept exploit could enable additional malicious attackers to exploit the flaws. Nguyen defended the decision by saying it would prompt organizations to patch. A GitHub spokesperson said it removed the code because it violated the platform’s policy against uploading “active” software exploits. “We understand that […]

The post GitHub removes researcher’s Exchange Server exploit, sparking industry debate appeared first on CyberScoop.

Continue reading GitHub removes researcher’s Exchange Server exploit, sparking industry debate