Sean Lyngaas – Page 29 – WindowsTechs.com

Twitter bolsters security for political accounts as election looms

Posted on September 18, 2020 by Sean Lyngaas

Just weeks away from the U.S. presidential election, Twitter says it is taking extra steps to secure high-profile accounts, such as political campaigns and major news outlets, whose compromise could impact voter perceptions. Twitter began rolling out the new security features, such as strong password requirements, on Thursday to the election-related accounts, including secretaries of state overseeing the vote and federal agencies and lawmakers. Accounts will be “strongly encouraged” to use two-factor authentication to prevent hacking, the social media platform said. In the weeks ahead, Twitter said it would implement “more sophisticated detections and alerts” to keep hackers from breaking into accounts. The eleventh-hour move to heighten account security reflects what Twitter executives described as the “unique sensitivities of the election period.” Four years ago, Russian bots and trolls spread disinformation on Twitter in a bid to damage Hillary Clinton’s campaign and boost Donald Trump. This year, U.S. intelligence agencies […]

The post Twitter bolsters security for political accounts as election looms appeared first on CyberScoop.

Continue reading Twitter bolsters security for political accounts as election looms→

US charges alleged Iranian hackers with stealing aerospace, satellite data

Posted on September 17, 2020 by Sean Lyngaas

The Department of Justice on Thursday unsealed an indictment charging three Iranian men in connection with a scheme to steal critical data from U.S. aerospace and satellite companies — the latest in a string of U.S. charges against suspected Iranian hackers. U.S. prosecutors accused the three men of “engaging in a coordinated campaign of identity theft and hacking” on behalf of Iran’s Islamic Revolutionary Guard Corps. The scheme allegedly spanned more than three years, and a targeted list of over 1,8000 online accounts comprising aerospace and satellite companies and government organizations, from the U.S. to the United Kingdom to Israel. The charges followed sanctions from the U.S. Treasury Department on Thursday against dozens of Iranians, including alleged members of hacking group known as APT39, for allegedly targeting Iranian dissidents and journalists. It’s the latest update in an aggressive crackdown on Iranian hacking this week that has been a coordinated effort across multiple U.S. […]

The post US charges alleged Iranian hackers with stealing aerospace, satellite data appeared first on CyberScoop.

Continue reading US charges alleged Iranian hackers with stealing aerospace, satellite data→

The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks

Posted on September 17, 2020 by Sean Lyngaas

While multibillion-dollar companies hire expensive outside experts to conduct elaborate mock-raids on their networks, federal agencies tend to rely on their inspectors general for that. But a new report from the Department of Interior’s watchdog would make any crack team of corporate security-testers proud. To test the hundreds of wireless security networks at the DOI, inspector general (IG) investigators surreptitiously used cheap hacking tools from publicly accessible areas to intercept and decrypt communications in multiple bureaus at the sprawling department. They found systematic weakness in the department’s security that a malicious hacker could have exploited to steal data. “The department’s failure to securely configure wireless networks has put its wireless and internal networks at high risk of compromise,” IG investigators said in a report published Wednesday. The IG’s mock attacks — which weren’t noticed by either physical security guards or IT staff — were “highly successful,” the watchdog said. In one instance, […]

The post The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks appeared first on CyberScoop.

Continue reading The Interior Department OIG clearly had some fun hacking the agency’s Wi-Fi networks→

Senior Department of Energy cyber official to step down

Posted on September 16, 2020 by Sean Lyngaas

Bruce Walker, who has served as a senior Department of Energy official focused on cybersecurity since 2017, is leaving his post later this month to work at a security nonprofit, CyberScoop has learned. As an assistant Energy secretary, Walker has been a key player in the department’s efforts to protect U.S. utilities from state-sponsored hacking threats. He also has helped implement a White House executive order in May that keeps federal agencies and companies from installing risky foreign-owned equipment in the electric sector. Walker confirmed to CyberScoop that he will continue some of this work in the nonprofit sector by joining a new resiliency organization — dubbed the Analysis & Resilience Center — that helps financial and energy companies protect themselves from cyberthreats. Walker previous spent nearly two decades at New York utility Con Edison. At the Department of Energy, Walker has worked closely with Alexander Gates, a National Security Agency veteran who was […]

The post Senior Department of Energy cyber official to step down appeared first on CyberScoop.

Continue reading Senior Department of Energy cyber official to step down→

Networking firm Sandvine cancels Belarus contract, citing ‘custom code’ that aided censorship

Posted on September 16, 2020 by Sean Lyngaas

Sandvine, an internet routing and networking company, said Tuesday it would stop doing business with Belarus after realizing that government was using its products to suppress information during a bloody crackdown on protesters. “Sadly, preliminary results of our investigation indicate that custom code was developed and inserted into Sandvine’s products to thwart the free flow of information during the Belarus election,” the company said in a statement, which was first reported by Bloomberg News. “This is a human rights violation and it has triggered the automatic termination of our end user license agreement.” Belarus has been in a state of turmoil following an August election marred by allegations of fraud in which President Alexander Lukashenko, who has held power for a quarter-century, claimed victory. State security forces have arrested thousands of people and subjected hundreds to torture, according to Human Rights Watch. Sandvine was founded in Canada and is backed by a […]

The post Networking firm Sandvine cancels Belarus contract, citing ‘custom code’ that aided censorship appeared first on CyberScoop.

Continue reading Networking firm Sandvine cancels Belarus contract, citing ‘custom code’ that aided censorship→

US indicts two hackers for retaliating for Soleimani’s killing; more Iran-related charges expected soon

Posted on September 15, 2020 by Sean Lyngaas

U.S. prosecutors have indicted two hackers, including an Iranian national, for allegedly defacing a slew of websites in retaliation for the U.S. killing of a top Iranian general in January. The indictment returned by a federal grand jury in Massachusetts accuses Behzad Mohammadzadeh, an Iranian thought to be 19, and Marwan Abusrour, a 25-year-old Palestinian, of attacking U.S. websites and planting messages such as “Down with America.” Mohammadzadeh is a “self-described spammer” who allegedly traffics in stolen credit cards, the Department of Justice said. Such defacement attacks do not require much skill, and are not the retaliatory cyberattacks that officials feared after the U.S. military killed Qassem Soleimani, Iran’s top general. The FBI had warned companies that Iranian hackers had stepped up their reconnaissance in the immediate aftermath of the Soleimani killing. The indictment unsealed Tuesday is one of multiple indictments that U.S. prosecutors are expected to announce this week related to Iranian hacking, according to two people familiar with the matter. It […]

The post US indicts two hackers for retaliating for Soleimani’s killing; more Iran-related charges expected soon appeared first on CyberScoop.

Continue reading US indicts two hackers for retaliating for Soleimani’s killing; more Iran-related charges expected soon→

After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

Posted on September 15, 2020 by Sean Lyngaas

Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency. That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users and updated passwords within a domain. The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.” Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound […]

The post After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later appeared first on CyberScoop.

Continue reading After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later→

Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

Posted on September 14, 2020 by Sean Lyngaas

A group of high-profile cybersecurity specialists doesn’t want mobile voting firm Voatz to have the last word before the Supreme Court takes up a case with major implications for computer research. The security practitioners, including computer scientists and vulnerability disclosure experts, on Monday criticized Voatz’s argument that a federal anti-hacking law should only authorize researchers with clear permission to probe computer systems for vulnerabilities. An amicus brief filed by Voatz earlier this month, the security specialists charged, “fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure.” At issue is the Computer Fraud and Abuse Act (CFAA), a more than 30-year-old law that legal experts say could be abused to target good-faith researchers who break systems while trying to them more secure. The Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA when it resumes in October. Legal experts and technologists see the […]

The post Security researchers slam Voatz brief to the Supreme Court on anti-hacking law appeared first on CyberScoop.

Continue reading Security researchers slam Voatz brief to the Supreme Court on anti-hacking law→

Postal Service left vulnerable IT applications unaddressed for years, inspector general finds

Posted on September 11, 2020 by Sean Lyngaas

Officials at the U.S. Postal Service let multiple vulnerable applications languish on the agency’s IT network for years — flaws that could have been exploited by hackers to steal sensitive data, an inspector general audit has found. The inspector general investigation, distributed to Postal Service leadership in July, faults IT officials at the agency for not keeping a slew of applications up to date. Six of the IT applications were left on the Postal Service network for up to seven years with things like incomplete certification and accreditation from technology executives, according to the IG memo. A dozen vulnerabilities were deemed “catastrophic” by the USPS’s Corporate Information Security Office, the watchdog said, meaning they exposed the agency to big financial damages. “These are common, well-known vulnerabilities that have been present for three years that could be exploited by an attacker utilizing publicly available methods,” the memo reads. Simply put, the Postal […]

The post Postal Service left vulnerable IT applications unaddressed for years, inspector general finds appeared first on CyberScoop.

Continue reading Postal Service left vulnerable IT applications unaddressed for years, inspector general finds→

State-backed hackers targeted Biden and Trump campaign associates, Microsoft says

Posted on September 10, 2020 by Sean Lyngaas

Hackers linked with the Chinese government tried to breach associates of the Joe Biden campaign, while hackers with reported connections to the Iranian government targeted President Donald Trump’s reelection campaign, Microsoft warned Thursday. In addition, the same Russian military hackers that interfered in the 2016 election targeted a range of political and policy consultants in the U.S. and Europe, the software giant said. The hacking attempts against the Biden and Trump campaigns were unsuccessful, Microsoft said, but they offered another example of foreign espionage efforts weeks before the presidential election. “We have directly notified those who were targeted or compromised so they can take action to protect themselves,” Tom Burt, a Microsoft corporate vice president, wrote in a blog post. “The activity we are announcing today makes clear that foreign activity groups have stepped up their efforts targeting the 2020 election as had been anticipated, and is consistent with what the U.S. government and others […]

The post State-backed hackers targeted Biden and Trump campaign associates, Microsoft says appeared first on CyberScoop.

Continue reading State-backed hackers targeted Biden and Trump campaign associates, Microsoft says→