Sean Lyngaas – Page 19 – WindowsTechs.com

US investigators say SolarWinds hack is ‘likely Russian in origin’

Posted on January 5, 2021 by Sean Lyngaas

U.S. government agencies investigating a sophisticated espionage operation that uses tampered software made by SolarWinds said for the first time Tuesday that the hacking is “likely Russian in origin,” calling it “a serious compromise that will require a sustained and dedicated effort to remediate.” The statement from multiple federal agencies — one of the most detailed official comments yet from investigators — also indicated that the espionage operation was targeted. While the malicious software update went to 18,000 government and private-sector customers, U.S. officials said “a much smaller number have been compromised by follow-on activity on their systems.” That includes “fewer than” 10 U.S. government agencies, said the statement from the FBI, the Cybersecurity and Infrastructure Security Agency, Office of the Director of National Intelligence and the National Security Agency. The alleged Russian hacking operation has roiled Washington, prompting investigations on Capitol Hill and federal cybersecurity officials to work over the […]

The post US investigators say SolarWinds hack is ‘likely Russian in origin’ appeared first on CyberScoop.

Continue reading US investigators say SolarWinds hack is ‘likely Russian in origin’→

Singapore says COVID tracing app data is fair game for criminal investigations

Posted on January 4, 2021 by Sean Lyngaas

Police in Singapore are authorized to use data collected by an application for tracking exposure to the coronavirus for criminal prosecutions, a Singaporean government official said Monday in a move that could draw criticism from civil liberties groups over potential privacy violations. “Singapore Police Force is empowered under the criminal procedure court to obtain any data and that includes the Trace Together [TT] data, for criminal investigations,” Desmond Tan, Singapore’s minister of state for home affairs, told members of parliament on Monday. “The government is the custodian of the TT data submitted by the individuals and stringent measures are put in place to safeguard this personal data.” Government officials tried to use the Trace Together website to assure Singaporeans that the data submitted throughout the contract-tracing app is limited and protected. A website update on Monday nonetheless informed users that police may request data for criminal investigations. Singapore, an island […]

The post Singapore says COVID tracing app data is fair game for criminal investigations appeared first on CyberScoop.

Continue reading Singapore says COVID tracing app data is fair game for criminal investigations→

Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are

Posted on December 23, 2020 by Sean Lyngaas

The North American electric grid regulator has asked utilities to report how exposed they are to SolarWinds software that is at the center of a suspected Russian hacking operation, and the regulator advised utilities that the vulnerability “poses a potential threat” to parts of the power sector. The North American Electric Reliability Corp. (NERC), a not-for-profit regulatory authority backed by the U.S. and Canadian governments, said in a Dec. 22 advisory to electric utilities that there was no evidence indicating that the malicious tampering of SolarWinds software had impacted power systems. But the fact that software made by Texas-based firm SolarWinds is used in the electric sector has made vigilance important, according to NERC. “At this time, NERC is not aware of any known impacts to bulk power system (BPS) reliability or system outages related to the SolarWinds compromise,” reads the advisory, which CyberScoop obtained. “However, the presence of SolarWinds […]

The post Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are appeared first on CyberScoop.

Continue reading Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are→

DHS warns US businesses of China’s data-collection practices

Posted on December 23, 2020 by Sean Lyngaas

As Washington is absorbed with the fallout of a suspected Russian hacking operation against U.S. organizations, the Department of Homeland Security is warning American companies not to be complacent when it comes to cyberthreats from China. A 15-page “business advisory” released Tuesday by DHS cautions that Chinese intelligence services could collect and exploit data held by U.S. firms doing business in China, highlighting longstanding concerns from U.S. officials. Beijing has denied allegations of economic espionage. The advisory is an acknowledgement that, despite efforts by both the Trump and Obama administrations to curb China’s alleged theft of intellectual property, it is still a rampant problem for U.S. officials. It comes after the top U.S. counterintelligence official said this month that China had increased its influence operations targeting incoming Biden administration personnel and their associates. Chinese law requires Chinese businesses and citizens, including in academia, to “take actions related to the collection, […]

The post DHS warns US businesses of China’s data-collection practices appeared first on CyberScoop.

Continue reading DHS warns US businesses of China’s data-collection practices→

US agencies conclude Iran is likely behind website aimed at stoking violence against election officials

Posted on December 23, 2020 by Sean Lyngaas

The FBI and the Department of Homeland Security have concluded that Iran is very likely behind a website apparently aimed at inciting violence against election officials as well as the FBI director, according to two people with direct knowledge of the matter. The website, titled Enemies of the People, posted photos and purported addresses of state election officials and employees of a voting equipment vendor, as well as information on FBI Director Christopher Wray and Chris Krebs, the former head of DHS’s Cybersecurity and Infrastructure Security Agency. The website, which is now inactive, falsely blamed the officials for the electoral loss of President Donald Trump, and featured a bull’s eye target over the officials’ photos. The revelation shows the extent to which Iran has tried to sow discord in the U.S. before and after the presidential election, which Trump has repeatedly and baselessly claimed was tainted by fraud. Before Election […]

The post US agencies conclude Iran is likely behind website aimed at stoking violence against election officials appeared first on CyberScoop.

Continue reading US agencies conclude Iran is likely behind website aimed at stoking violence against election officials→

Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts

Posted on December 22, 2020 by Sean Lyngaas

The fallout from a sweeping hacking campaign by suspected Russian operatives continued Monday as Sen. Ron Wyden said that the hackers had breached “dozens of email accounts” of officials at the Treasury Department. The hackers “broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” Wyden said after Treasury officials briefed the Senate Finance Committee, where the Oregon Democrat serves as ranking member. “Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.” Multiple federal agencies, including the departments of Commerce and Homeland Security, are investigating breaches in the apparent espionage campaign, which has used tampered software made by federal contractor SolarWinds, but also has other vectors for breaking into systems. The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency […]

The post Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts appeared first on CyberScoop.

Continue reading Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts→

Bill Barr: No, we won’t be seizing voting machines

Posted on December 21, 2020 by Sean Lyngaas

Attorney General William Barr declined to endorse a desperate effort by President Donald Trump’s personal lawyer, Rudy Giuliani, to overturn Trump’s electoral defeat by seizing voting machines. Barr said at a press conference Monday that he had not seen evidence of widespread fraud that could change the result of the election, and that there was “no basis now for seizing machines by the federal government.” He also rejected the idea of naming a special counsel to investigate voter fraud allegations. States have certified their results in the election, which saw Joe Biden win by more than 7 million in the popular vote. Election security officials have declared the election secure. Claims of widespread voting irregularities made by Trump’s lawyers have been roundly rejected in court. Giuliani nonetheless last week pushed Ken Cuccinelli, a senior Department of Homeland Security official, to confiscate voting machines, the New York Times and Wall Street […]

The post Bill Barr: No, we won’t be seizing voting machines appeared first on CyberScoop.

Continue reading Bill Barr: No, we won’t be seizing voting machines→

Microsoft identifies second hacking group affecting SolarWinds software

Posted on December 21, 2020 by Sean Lyngaas

Microsoft revealed that a second hacking group had deployed malicious code that affects software made by SolarWinds, the federal contractor at the center of a suspected Russian espionage campaign against multiple U.S. government agencies. “[T]he investigation of the whole SolarWinds compromise led to the discovery of an additional malware that also affects the SolarWinds Orion product but has been determined to be likely unrelated to this compromise and used by a different threat actor,” a Microsoft research team said in a blog post on Friday. The discovery underscores the extent to which Texas-based SolarWinds, whose software is used throughout Fortune 500 companies, is a valuable target for hackers. The newly revealed malware, known to researchers as Supernova, differs from the alleged Russian tampering because it does not appear to involve a compromise of the supply chain, Microsoft said. The Supernova code does, however, allow an attacker to send and execute […]

The post Microsoft identifies second hacking group affecting SolarWinds software appeared first on CyberScoop.

Continue reading Microsoft identifies second hacking group affecting SolarWinds software→

US officials shut down scam websites impersonating Moderna, Regeneron

Posted on December 18, 2020 by Sean Lyngaas

U.S. Justice Department officials on Friday said they had seized two internet domains purporting to belong to biotechnology firms developing treatments for the coronavirus, but which really were used to collect visitors’ personal data as part of a scam. The scammers appeared to impersonate pharmaceutical giants Moderna and Regeneron, and collected information that could be used for fraud, or to steal users’ credentials and deploy malicious software, the U.S. Attorney for the District of Maryland said. It wasn’t immediately clear how much personal data was stolen, or how it was used, if at all. But the domain seizures are a reminder of the staggering amount of coronavirus-related fraud that has occurred this year, as crooks all over the world have exploited the pandemic to sell counterfeit pills and conduct ransomware attacks. Americans have reported more than $211 million in losses from COVID-19-related fraud, according to the Federal Trade Commission. In […]

The post US officials shut down scam websites impersonating Moderna, Regeneron appeared first on CyberScoop.

Continue reading US officials shut down scam websites impersonating Moderna, Regeneron→

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

Posted on December 18, 2020 by Sean Lyngaas

While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […]

The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop.

Continue reading When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work→