Sean Lyngaas – Page 15 – WindowsTechs.com

CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers

Posted on March 3, 2021 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity division on Wednesday ordered federal civilian agencies to address flaws in a popular email software program at the center of a suspected Chinese spying campaign. The “emergency directive” from DHS’s Cybersecurity and Infrastructure Security Agency requires agencies to either apply security fixes for the vulnerabilities in the Microsoft Exchange Server software, or, if a compromise is found, to disconnect the program until it can be securely reconfigured. The CISA order comes a day after Microsoft revealed that China-based hackers were using the previously unknown software bugs to steal data from select targets. The hacking group, called Hafnium, has previously tried to breach U.S.-based infectious disease researchers, defense contractors and educational institutions, Microsoft said. The suspected Chinese hackers used one of the vulnerabilities to “steal the full contents of several user mailboxes,” according to Volexity, a cybersecurity firm that investigated the breaches. Exchange Server is used in […]

The post CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers appeared first on CyberScoop.

Continue reading CISA orders US agencies to address Microsoft flaws exploited by suspected Chinese hackers→

Microsoft warns of state-sponsored Chinese hackers exploiting multiple zero-days

Posted on March 2, 2021 by Sean Lyngaas

A Chinese government-backed hacking group has been using previously unknown software exploits in “limited and targeted” data-stealing attacks on organizations that use a popular email software program, Microsoft warned Tuesday. The culprit, Microsoft said, is a group of China-based hackers dubbed Hafnium that the technology giant is discussing publicly for the first time. Hafnium has previously tried to hack U.S.-based infectious disease researchers, defense contractors and educational institutions. Microsoft said the group’s latest campaign has gone after similar targets. The attackers have exploited multiple so-called “zero day” bugs in the Microsoft Exchange Server software in an apparent espionage campaign, Microsoft said. Zero day flaws are so-named because security staffers were likely unaware of the issue, and thus have had zero days to create a fix. Breaking into Exchange Server could offer the attackers access to any sensitive communications that a business has conducted by email. “We strongly encourage all Exchange […]

The post Microsoft warns of state-sponsored Chinese hackers exploiting multiple zero-days appeared first on CyberScoop.

Continue reading Microsoft warns of state-sponsored Chinese hackers exploiting multiple zero-days→

Universal Health Services reports $67 million in losses after apparent ransomware attack

Posted on March 1, 2021 by Sean Lyngaas

An apparent ransomware attack last fall caused $67 million in pre-tax losses at Universal Health Services, the U.S. health care provider has revealed, illustrating the sharp financial toll that criminal hackers have caused the sector during the pandemic. The Sept. 27 breach at Universal Health Services (UHS) was widely reported to be a ransomware attack, with some analysts saying it involved the Ryuk strain of malicious code. It came amid a wave of suspected Ryuk incidents at the computer networks of various U.S. hospitals that federal authorities scrambled to address. UHS, which oversees 400 hospitals and calls itself one of the biggest health care providers in the country, now says the cost of the breach included lost revenue because ambulances were diverted to competitor facilities. The incident also delayed billing procedures for more than two months, and forced UHS to spend big on labor costs to restore connectivity, the company […]

The post Universal Health Services reports $67 million in losses after apparent ransomware attack appeared first on CyberScoop.

Continue reading Universal Health Services reports $67 million in losses after apparent ransomware attack→

Ransomware hackers turn to virtual machine software to boost extortion schemes

Posted on February 26, 2021 by Sean Lyngaas

Ransomware gangs that target big corporations for extortion have long designed their code to execute on Microsoft Windows systems because of the popularity of the operating software. Now, though, crooks are increasingly applying that tactic to the “hypervisor” computer servers that organizations use to manage virtual machines as a way of maximizing their extortion schemes, security firm CrowdStrike said Friday. Ransomware hackers have targeted hospitals and schools throughout the pandemic, a security challenge that the Biden administration has vowed to address. Alejandro Mayorkas, the newly installed Homeland Security secretary, on Thursday called ransomware attacks on U.S. public and private organizations an “epidemic” while pledging more government resources to fight the problem. Breaching a hypervisor is an efficient way for the scammers to encrypt all of the virtual machines running on that software system without having to individually infect each machine. The goal is to up the pressure on big […]

The post Ransomware hackers turn to virtual machine software to boost extortion schemes appeared first on CyberScoop.

Continue reading Ransomware hackers turn to virtual machine software to boost extortion schemes→

Florida hack highlights security shortages in US water sector

Posted on February 10, 2021 by Sean Lyngaas

A hack that apparently affected a Florida water facility’s chemical setting is emblematic of a water sector that’s short on money, cybersecurity personnel and often reliant on the practices of vendors, experts say. The Feb. 5 incident in Oldsmar, a Florida town of 15,000 people, involved a still-unidentified hacker infiltrating the local water treatment facility’s computer system and trying to increase the amount of sodium hydroxide to a potentially dangerous level, local authorities said. The substance is used in the water purification process but can be toxic at higher levels. No harm was done to public health — the facility had safety checks in place — but the level of access obtained by the attacker has prompted calls for tighter security in the sector. The breach is an uncomfortable reminder that water facilities struggle to invest as much money in effective security as other industrial organizations, even as they face “an […]

The post Florida hack highlights security shortages in US water sector appeared first on CyberScoop.

Continue reading Florida hack highlights security shortages in US water sector→

New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing

Posted on February 9, 2021 by Sean Lyngaas

In one of his regular sweeps for new malicious software targeting Android phones, security researcher Vitor Ventura came across what looked like a run-of-the mill hacking tool. Like so many pieces of code before it, the malware was capable of stealing information from a mobile device and sending it back to a command and control server. But when Ventura dug deeper, he found that the remote access trojan (or RAT, as the tool is commonly known) was capable of surreptitiously recording conversations and taking screenshots. Spying, rather than immediately making money off of the illicit access, was the apparent goal. On Tuesday, Ventura and his colleagues at Talos, Cisco’s threat intelligence unit, publicly connected the new Android tool to the malware developers behind a multi-year effort to spy on people from South America to Bangladesh. Much about the people behind the hacking campaign is a mystery. Ventura and his colleagues […]

The post New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing appeared first on CyberScoop.

Continue reading New hacking tool targeting Bangladesh Android users blurs lines between spying and stealing→

Hacker breached Florida water facility to alter sodium hydroxide level, police say

Posted on February 8, 2021 by Sean Lyngaas

An unidentified hacker on Feb. 5 broke into the computer system of a water treatment plant for a town outside of Tampa, Florida, and temporarily changed the plant’s sodium hydroxide setting to a potentially dangerous level, local authorities said Monday. The attacker changed the level of sodium hydroxide in the water treatment plant in the town of Oldsmar from about 100 parts per million to 11,100 parts per million, said Bob Gualtieri, the sheriff of Pinellas County, Florida. Treatment plants use sodium hydroxide to make water drinkable, but it can be unsafe for people in large quantities. The breach did not cause any harm to public health, but it is a stark reminder of the risks that come with increasingly digitized critical infrastructure. “This is somebody that is trying, at least it appears on the surface, to do something bad … It’s a bad actor,” Gualtieri said at a press […]

The post Hacker breached Florida water facility to alter sodium hydroxide level, police say appeared first on CyberScoop.

Continue reading Hacker breached Florida water facility to alter sodium hydroxide level, police say→

FBI leaned on Dutch cops’ hacking in Emotet disruption

Posted on February 5, 2021 by Sean Lyngaas

U.S. and European law enforcement agencies last week conducted an extraordinary crackdown on Emotet, a botnet of infected computers that has defrauded victims of millions. The operation involved officials from nine governments, but one move was decisive: Dutch police used their cyber authorities to infiltrate Emotet infrastructure. They slipped a software update onto the servers that cut off communications between infected computers and the botnet, halting its spread. For the FBI, it was a lesson in how its foreign allies are sometimes better positioned than the bureau to make an arrest or even deploy offensive cyber capabilities. The bureau had tracked Emotet since 2017, when it caused more than $1.4 million to a North Carolina school’s computer systems. The Department of Homeland Security has estimated that it cost an average of $1 million to clean up after each Emotet incident, though officials were not more specific in how they came […]

The post FBI leaned on Dutch cops’ hacking in Emotet disruption appeared first on CyberScoop.

Continue reading FBI leaned on Dutch cops’ hacking in Emotet disruption→

Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign

Posted on February 4, 2021 by Sean Lyngaas

President Joe Biden on Thursday said the days of the U.S. “rolling over in the face of Russia’s aggressive actions” in cyberspace were over as he pledged to make the U.S. government more resilient in the face of hacking. “We’re launching an urgent initiative to improve our capability, readiness and resilience in cyberspace,” Biden said in his first major foreign policy address as president. “We’ve elevated the status of cyber issues within our government,” Biden added, citing his appointment of National Security Agency veteran Anne Neuberger as deputy national security adviser for cyber and emerging technology. Biden has made responding to a suspected Russian hacking operation against multiple U.S. government agencies a priority in the early days of his presidency. He has tasked U.S. intelligence agencies with assessing the damage from computer intrusions in which suspected Russian attackers exploited key technology providers to breach numerous Fortune 500 firms and […]

The post Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign appeared first on CyberScoop.

Continue reading Biden says US will ‘raise the cost’ for Russian hackers after espionage campaign→

Meet Babuk, a ransomware attacker blamed for the Serco breach

Posted on February 4, 2021 by Sean Lyngaas

It began with a laughable offer. Someone calling themselves “biba99” on a popular criminal forum claimed on Jan. 5 to provide “non-malicious” software to help organizations identify “security issues.” The author struggled to explain, in halting English, “why we are not … criminals” while assuring readers that the group would not hack hospitals or schools. A month later, the attacker behind what appeared to be a bumbling forum post is reportedly claiming responsibility for a ransomware attack on the multibillion-dollar outsourcing firm Serco. The ransomware gang, dubbed Babuk after the strain of code it uses, is a case study in how quickly crooks can learn the basics of digital extortion — and how that breeds ambition for big corporate scalps. It shows how even relatively unsophisticated criminals can bedevil major corporations. After claiming to only target companies that earn less than $4 million, the Babuk attacker went after Serco, Sky News […]

The post Meet Babuk, a ransomware attacker blamed for the Serco breach appeared first on CyberScoop.

Continue reading Meet Babuk, a ransomware attacker blamed for the Serco breach→