Sean Lyngaas – Page 14 – WindowsTechs.com

No signs yet of Exchange Server compromises at federal agencies, CISA says

Posted on March 10, 2021 by Sean Lyngaas

U.S. officials have yet to find any signs that federal civilian agencies have been breached in recent widespread exploitation of Microsoft software, a senior Department of Homeland Security official told lawmakers Wednesday. The “vast majority” of civilian agencies have addressed vulnerabilities in the Exchange Server email software following an emergency directive from DHS’s Cybersecurity and Infrastructure Security Agency (CISA), said Eric Goldstein, the agency’s executive assistant director for cybersecurity. But Goldstein cautioned in testimony before a House Appropriations subcommittee that the malicious cyber activity is “an evolving campaign, with new information coming in by the hour.” The news is a welcome reprieve for federal officials who have been consumed with responding to the critical Exchange Server flaws amid reports that tens of thousands of U.S. state and local government organizations and small businesses could be affected. Microsoft disclosed the vulnerabilities on March 2 while accusing a Chinese government-linked hacking group […]

The post No signs yet of Exchange Server compromises at federal agencies, CISA says appeared first on CyberScoop.

Continue reading No signs yet of Exchange Server compromises at federal agencies, CISA says→

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns

Posted on March 10, 2021 by Sean Lyngaas

Critical vulnerabilities in Microsoft software have turned into a feeding frenzy for state-linked hackers. At least 10 such hacking groups have exploited the flaws in the Exchange Server email program in recent days in operations around the world, anti-virus firm ESET said Wednesday. Many of the groups have well-documented links to China. The surge in hacking suggests multiple sets of espionage groups had access to the software exploit before Microsoft released fixes for it on March 2. It also compounds the challenges facing incident responders who are rushing to deal with the breaches, and bracing for additional exploitation of the bugs by criminal hackers. “It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later,” ESET researchers wrote in a blog post Wednesday. The intrusions by advanced persistent threat […]

The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.

Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns→

At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns

Posted on March 10, 2021 by Sean Lyngaas

The post At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns appeared first on CyberScoop.

Continue reading At least 10 APT hacking groups have exploited Exchange Server bugs, ESET warns→

South Korean cops arrest GandCrab suspect

Posted on March 9, 2021 by Sean Lyngaas

South Korea’s National Police Agency said Tuesday that it had arrested a suspect involved in the distribution of thousands of emails laced with GandCrab, a once-prolific strain of ransomware. The suspect, whom South Korean authorities did not name, is accused of setting up internet domains to distribute the malicious code and netting some $10,500 from the ransomware attacks. The police statement described an investigation spanning two years and 10 countries, culminating in the suspect’s arrest on Feb. 25. Those police resources overcame the suspect’s efforts to cover their tracks by using IP addresses from different countries, police said. The investigation began when South Korean officials spotted malicious emails impersonating the police to distribute the ransomware. South Korean outlet Yonhap News reported that the suspect was 20 years old. At its height, GandCrab was one of the most commonly used strains of ransomware, infecting over a half a million victims from […]

The post South Korean cops arrest GandCrab suspect appeared first on CyberScoop.

Continue reading South Korean cops arrest GandCrab suspect→

Spanish labor agency suffers ransomware attack, union says

Posted on March 9, 2021 by Sean Lyngaas

A ransomware attack has affected IT systems at a Spanish government agency that manages unemployment benefits, disrupting “hundreds of thousands” of appointments at the agency, a Spanish labor union said Tuesday. The cyberattack on Spain’s State Public Employment Service (SEPE) affected the agency’s offices around the country, forcing employees to use pen and paper to take appointments, according to the Central Independent Trade Union and Civil Servants. The union alleged that the SEPE had aging IT systems that the agency had not upgraded. SEPE plays an integral part in distributing unemployment benefits in a country where the coronavirus pandemic has hammered the economy. The number of jobless people in Spain is now 4 million, its highest rate in five years, according to official data. But SEPE Director Gerardo Gutiérrez said an interview with Spanish broadcaster RNE that the incident had not affected unemployment benefits, and that it has not led […]

The post Spanish labor agency suffers ransomware attack, union says appeared first on CyberScoop.

Continue reading Spanish labor agency suffers ransomware attack, union says→

China-linked hackers exploited SolarWinds software in 2020 breach, researchers say

Posted on March 8, 2021 by Sean Lyngaas

Suspected Chinese spies exploited popular enterprise software built by SolarWinds in a hacking operation last year, Dell-owned Secureworks said Monday, a conclusion that follows news that Russian hackers also leveraged SolarWinds technology. The suspected Chinese attackers had access to an unnamed private sector organization as early as 2018. Upon being evicted by incident responders, the hackers broke back into the organization in November 2020 by exploiting SolarWinds software, according to Secureworks. The findings underscore the premium that multiple sets of foreign operatives have apparently put on accessing valuable organizational data held by the SolarWinds Orion network monitoring software. The disclosure comes as U.S. organizations are also coping with another suspected Chinese spying operation that exploits Microsoft Exchange Server software to steal organizations’ emails. In both the suspected Russian and Chinese schemes involving SolarWinds, the attackers wrote malicious code tailored to exploit the Orion platform and sift through data stored on […]

The post China-linked hackers exploited SolarWinds software in 2020 breach, researchers say appeared first on CyberScoop.

Continue reading China-linked hackers exploited SolarWinds software in 2020 breach, researchers say→

Federal officials scramble to assess widening Microsoft Exchange Server fallout

Posted on March 6, 2021 by Sean Lyngaas

The fallout from critical Microsoft software bugs exploited by suspected Chinese hackers deepened on Saturday as incident responders warned that state and local organizations across the U.S. could be exposed to the vulnerabilities. Federal officials rushed to get a better sense of the potential impact of the hacking amid multiple media reports that tens of thousands of organizations could be impacted by vulnerabilities as other hacking groups, in addition to the alleged Chinese, moved to exploit bugs in widely used Microsoft technology. Officials at the Department of Homeland Security’s cybersecurity agency held phone briefings with state and local officials Friday and Saturday to assess the scope of the compromises, and the White House National Security Council urged vulnerable organizations to “take immediate measures” to determine if they were affected. Two DHS officials said the agency was still gathering data on how many organizations might be breached. The malicious activity […]

The post Federal officials scramble to assess widening Microsoft Exchange Server fallout appeared first on CyberScoop.

Continue reading Federal officials scramble to assess widening Microsoft Exchange Server fallout→

After SolarWinds breach, White House preps executive order on software security

Posted on March 5, 2021 by Sean Lyngaas

The White House is moving forward with an executive order to encourage software developers to build more security into their products as the investigation of a suspected Russian supply chain compromise continues, a top security official said Friday. The upcoming directive “will focus on building in standards for software, particularly software that’s used in critical areas,” Anne Neuberger, the deputy national security adviser for cyber and emerging technology, said at the SANS Institute’s ICS Security Summit. “The level of trust we have in our systems has to be directly proportional to the visibility we have. And the level of visibility has to match the consequences of the failure of those systems.” Neuberger said the directive would be one of the Biden administration’s multiple responses to the alleged Russian spying operation that has exploited software made by federal contractor SolarWinds, among other vendors, and breached nine federal agencies and 100 companies. […]

The post After SolarWinds breach, White House preps executive order on software security appeared first on CyberScoop.

Continue reading After SolarWinds breach, White House preps executive order on software security→

BEC scammer infects own device, giving researchers a front-row seat to operations

Posted on March 4, 2021 by Sean Lyngaas

In some media portrayals, criminal and state-backed hackers are invariably depicted as cunning and sophisticated, gliding inexorably toward their latest data heist. Reality is murkier. These digital operatives are, of course, human and prone to mistakes that expose their activity. A North Korean man accused of hacking Sony Pictures Entertainment in 2014, for example, mixed his real identity with his alias in registering online accounts, making it easier for U.S. investigators to track him. The most recent example of bumbling digital behavior occurred when a scammer infected their own device, offering researchers a front-row seat to the attacker’s scheme and lessons in how to defend against it. “This is a big failure in their operational security as it gives us direct insight into some of the attacker’s tactics and operation,” said Luke Leal, a researcher at web security firm Sucuri, which made the discovery. The attacker was trying to carry […]

The post BEC scammer infects own device, giving researchers a front-row seat to operations appeared first on CyberScoop.

Continue reading BEC scammer infects own device, giving researchers a front-row seat to operations→

Cloud security firm Qualys reportedly victimized by prolific scammers

Posted on March 3, 2021 by Sean Lyngaas

A set of cybercriminals behind a string of recent hacks involving Accellion-made software is now claiming responsibility for a breach of Qualys, a major cloud computing security vendor. As proof of the access to data, an extortion site maintained by hackers has leaked documents claiming to contain information on Qualys customers. Attackers affiliated with the extortion site have previously been linked to the Clop ransomware, a file-locking malware that emerged two years ago. This month, thieves claimed responsibility for a series of incidents that have relied on data leaks, rather than ransomware, as an extortion tactic, according to security firm FireEye. With some 19,000 clients, including major financial firms like Capital One and Experian, Qualys represents an attractive target for extortionists keen on making sensitive data public. It was not immediately clear Wednesday how, if at all, the reported breach affected Qualys’ customers, or if ransomware was deployed. The […]

The post Cloud security firm Qualys reportedly victimized by prolific scammers appeared first on CyberScoop.

Continue reading Cloud security firm Qualys reportedly victimized by prolific scammers→