Sean Lyngaas – Page 16 – WindowsTechs.com

Bad patching practices are a breeding ground for zero-day exploits, Google warns

Posted on February 3, 2021 by Sean Lyngaas

Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability. The clients expect that software update to keep attackers from stealing sensitive information. But new data from Google’s elite hacking team, Project Zero, suggests that assumption is misplaced. One in four “zero-day,” or previously unknown, software exploits that the Google team tracked in 2020 might have been avoided “if a more thorough investigation and patching effort were explored,” Project Zero researcher Maddie Stone said Wednesday. In some cases, the attackers only changed a line or two of code to turn their old exploit into a new one. Many of the zero-day exploits were for popular internet browsers like Chrome, Firefox or Safari, exposing an array of users around the world. Project Zero’s sample size is modest, covering just 24 exploits in all. But the data points to a need for greater […]

The post Bad patching practices are a breeding ground for zero-day exploits, Google warns appeared first on CyberScoop.

Continue reading Bad patching practices are a breeding ground for zero-day exploits, Google warns→

SolarWinds issues patches for two new critical bugs found in Orion software

Posted on February 3, 2021 by Sean Lyngaas

Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies. One of the bugs could offer an attacker a similar level of control over the software made by federal contractor SolarWinds that the alleged Russians enjoyed, the researchers said. The analysis of SolarWinds’ Orion software platform — which is used by numerous Fortune 500 firms — illustrates the greater scrutiny the firm is under since disclosing the supply-chain hack. But it also shows the security benefits of having more outside researchers sift through Orion’s code. “As people were patching against the implant backdoor [used in the espionage campaign], this would provide the ability to get back into those systems, even though the backdoor had been removed,” Trustwave’s Karl Sigler said of one of the vulnerabilities, which could allow an attacker to remotely execute […]

The post SolarWinds issues patches for two new critical bugs found in Orion software appeared first on CyberScoop.

Continue reading SolarWinds issues patches for two new critical bugs found in Orion software→

Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary

Posted on February 2, 2021 by Sean Lyngaas

The Senate on Tuesday voted to confirm Alejandro Mayorkas as Homeland Security secretary, a post crucial to the U.S. response to a suspected Russian hacking campaign that has roiled Washington. A former No. 2 Department of Homeland Security official in the Obama administration, Mayorkas flatly told lawmakers last month that U.S. government defenses against hacking were out of step with the urgency of the threats. “The cybersecurity of our nation [will be] one of my highest priorities,” he said during a Senate confirmation hearing. Mayorkas has pledged to strengthen DHS’s cybersecurity work, including by reviewing two big-budget department programs that did not thwart the alleged Russian hack. The spying campaign has exploited software made by SolarWinds and other IT providers, and infiltrated multiple U.S. agencies. Mayorkas, who fled Cuba’s Castro regime as a child, now leads a vast DHS bureaucracy whose charges include defending civilian federal agencies from state-backed hackers and […]

The post Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary appeared first on CyberScoop.

Continue reading Senate confirms cybersecurity-focused Alejandro Mayorkas as DHS secretary→

China could add new sets of genome data to espionage treasure trove, US officials warn

Posted on February 2, 2021 by Sean Lyngaas

With coronavirus testing offering new avenues for collecting sensitive health data, U.S. intelligence officials have issued a fresh warning about Chinese government operatives’ alleged longstanding practice of using medical information for espionage. The public advisory released Monday by the U.S. National Counterintelligence and Security Center cautions that Beijing could pair DNA datasets with the millions of records thought to be in the hands of Chinese spies from the 2015 hacks of health insurer Anthem and the Office of Personnel Management, and the 2017 breach of credit-monitoring firm Equifax. (Beijing has repeatedly denied using hacking to steal sensitive data.) The concern is that Chinese authorities could use the data trove to extort or manipulate U.S. government officials or corporate executives. For example, the NCSC worries that Beijing could use knowledge of someone’s genetic vulnerability to addiction or past bouts with mental illness to coerce them into handing over U.S. government secrets. […]

The post China could add new sets of genome data to espionage treasure trove, US officials warn appeared first on CyberScoop.

Continue reading China could add new sets of genome data to espionage treasure trove, US officials warn→

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

Posted on January 29, 2021 by Sean Lyngaas

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed. Lawmakers are […]

The post After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case appeared first on CyberScoop.

Continue reading After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case→

US arrests Twitter troll accused of spreading election disinformation in 2016

Posted on January 27, 2021 by Sean Lyngaas

U.S. law enforcement officials say they’ve arrested an infamous far-right troll for allegedly using social media to spread disinformation in support of Donald Trump in the 2016 election. Douglass Mackey, a 31-year-old Florida man, is accused of using Twitter and other platforms to disenfranchise voters by encouraging them to vote via text or social media, which are invalid voting methods. Law enforcement officials arrested Mackey, who was better known as Ricky Vaughn on social media, on Wednesday, the Justice Department said in a statement. The arrest shows how investigations into electoral interference can take years, and is a reminder of the din of domestic disinformation that still challenges U.S. democracy. While the Russian effort to sow disinformation among U.S. voters in 2016 gained widespread attention, U.S.-based propagandists were also active. Mackey and other unnamed associates allegedly flooded social media for two months prior to Election Day in 2016, urging people to […]

The post US arrests Twitter troll accused of spreading election disinformation in 2016 appeared first on CyberScoop.

Continue reading US arrests Twitter troll accused of spreading election disinformation in 2016→

US, European police say they’ve disrupted the notorious Emotet botnet

Posted on January 27, 2021 by Sean Lyngaas

U.S. and European law enforcement agencies said Wednesday they had seized control of the computing infrastructure used by Emotet, a botnet of infected machines that has been one of the most pervasive cybercrime threats over the last six years. Through the police and the courts, investigators from Ukraine to Germany to the U.S. took aim at the hundreds of computer servers that Emotet has used globally to defraud victims of millions through extortion and data theft. The investigators “gained control of the infrastructure and took it down from the inside,” Europol, the European Union’s law enforcement agency, said in a statement. “The infected machines of victims have been redirected towards this law enforcement-controlled infrastructure. A video posted by Ukrainian police shows officers raiding an apartment and confiscating computer equipment as part of the Emotet bust. It’s a big blow to a botnet that has haunted the internet for years. […]

The post US, European police say they’ve disrupted the notorious Emotet botnet appeared first on CyberScoop.

Continue reading US, European police say they’ve disrupted the notorious Emotet botnet→

Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials

Posted on January 26, 2021 by Sean Lyngaas

Email security firm Mimecast on Tuesday confirmed that the hackers behind the SolarWinds espionage campaign compromised a software certificate the firm uses to secure connections to Microsoft cloud services. The revelation underscores how deeply embedded the suspected Russian hackers have been in major technology companies as part of a campaign that has also breached multiple U.S. federal agencies. The hackers may have exfiltrated “certain encrypted service account credentials created by customers hosted” in the U.S. and the U.K., the new Mimecast statement reveals. The company said it wasn’t aware of the hackers decrypting or abusing any of the stolen credentials. But it still told its U.S. and U.K.-hosted customers to reset their credentials as a precaution. Mimecast, which says it has 39,000 customers around the world, offers an attractive target for spies looking to burrow into high-value organizations. A stolen software certificate of this type could allow an intruder to […]

The post Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials appeared first on CyberScoop.

Continue reading Mimecast confirms SolarWinds attackers breached security certificate, ‘potentially exfiltrated’ credentials→

Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO

Posted on January 26, 2021 by Sean Lyngaas

The former top cybersecurity official on Joe Biden’s presidential campaign said late Monday that he is now in charge of helping protect the federal government’s sprawling bureaucracy from hackers. Chris DeRusha, also a former White House cybersecurity official in the Obama administration, announced his appointment as the federal government’s new chief information security officer on LinkedIn. Maria Roat, the acting Federal CIO, confirmed DeRusha’s appointment early Tuesday. As Federal CISO, DeRusha will be responsible for coordinating cybersecurity policy across the federal bureaucracy and prodding agencies to fortify their networks in the wake of a suspected Russian hacking campaign that has infiltrated the departments of Justice, Energy and others. DeRusha is returning to familiar territory, having served as a White House cybersecurity adviser when Biden was vice president. DeRusha is also well-versed in election security issues, having worked as Michigan’s chief security officer before the Biden campaign hired him to prevent a repeat […]

The post Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO appeared first on CyberScoop.

Continue reading Chris DeRusha, who protected Biden campaign from hackers, says he is the Federal CISO→

Cyberattack disrupts services at crane manufacturer Palfinger

Posted on January 25, 2021 by Sean Lyngaas

Palfinger, an Austrian firm that makes cranes and other machinery, said Monday that an “ongoing global cyberattack” had disrupted the company’s ability to process orders and shipments of its equipment. Email services across the company were down in an incident that was causing “massive effects on its IT infrastructure,” Palfinger said in a statement greeting visitors to its website. The possible suspects, the malicious software used and the possible length of the recovery process all remained unclear at the time of publication. Palfinger has much at stake in keeping the IT supporting its logistics functioning. The company has 33 manufacturing and assembly sites in Asia, Europe and North and South America, according to its website, and reported more than $2 billion in revenue in 2019. “In the manufacturing business, time is money, so the disruption of Palfinger’s IT services, as well as order processing and shipment delays, translates to lost […]

The post Cyberattack disrupts services at crane manufacturer Palfinger appeared first on CyberScoop.

Continue reading Cyberattack disrupts services at crane manufacturer Palfinger→