Author Archives: Sean Lyngaas

China doesn’t want Trump re-elected; Russia is denigrating Biden, US intel official says

Posted on by

China prefers that President Donald Trump not win a second term, while Russia is working to denigrate presumptive Democratic nominee Joe Biden, a senior U.S. intelligence official said Friday in an unusually direct statement on election interference. The Chinese government has “expanded its influence efforts” ahead of the U.S. presidential election in November, and grown increasingly critical of the Trump administration’s response to the coronavirus and its closure of the Chinese consulate in Houston, said William Evanina, head of the National Counterintelligence and Security Center. Moscow, meanwhile, has used “a range of measures” to try to sully Biden’s candidacy, Evanina said, in line with Russia’s criticism of Biden when he was vice president. “Some Kremlin-linked actors are also seeking to boost President Trump’s candidacy on social media and Russian television,” Evanina said. The Iranian government, for its part, has looked to undermine U.S. institutions and Trump, and sow divisions among […]

The post China doesn’t want Trump re-elected; Russia is denigrating Biden, US intel official says appeared first on CyberScoop.

Continue reading China doesn’t want Trump re-elected; Russia is denigrating Biden, US intel official says

Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

Posted on by

Every Microsoft Windows operating system has a file that manages commands to print documents. It is ubiquitous to the point of going unnoticed. But when researchers from security firm SafeBreach took a closer look at the file, which is called a Print Spooler Service, they noticed that some of the code is two decades old. A denial of service vulnerability the researchers reported earlier this year, which crashes the spooler service, worked not on only Windows 10, the latest operating system, but also on Windows 2000. It’s a glaring example of the old code that is bequeathed to popular software programs we take for granted. But the researchers weren’t done dissecting the spooler service. “We got intrigued, so we continued to dive in,” said Peleg Hadar, senior security researcher at SafeBreach Labs. They found another bug in the spooler service that could allow an attacker to gain system privileges on […]

The post Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler appeared first on CyberScoop.

Continue reading Old vulnerabilities die hard: researchers uncover 20-year-old code in Windows Print Spooler

Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says

Posted on by

Taiwan’s semiconductor industry, a centerpiece of the global supply chain for smartphones and computing equipment, was the focus of a hacking campaign targeting corporate data over the last two years, Taiwan-based security firm CyCraft Technology claimed Thursday. The hackers went after at least seven vendors in the semiconductor industry in 2018 and 2019, quietly scouring networks for source code and chip-related software, CyCraft said. Analysts say the campaign, which reportedly hit a sprawling campus of computing firms in northwest Taiwan, shows how the tech sector’s most prized data is sought out by well-resourced hacking groups. “They’re choosing the victims very precisely,” C.K. Chen, senior researcher at CyCraft, said of the hackers. “They attack the top vendor in a market segment, and then attack their subsidiaries, their competitors, their partners and their supply chain vendors.” It was unclear which companies were targeted; CyCraft declined to name them. It was also unclear who was responsible for the […]

The post Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says appeared first on CyberScoop.

Continue reading Hacking group has hit Taiwan’s prized semiconductor industry, Taiwanese firm says

Top voting vendor ES&S publishes vulnerability disclosure policy

Posted on by

Election Systems & Software, the biggest vendor of U.S. voting equipment, on Wednesday announced a policy to work more closely with security researchers to find software bugs in the company’s IT networks and websites. “Hackers are going to hack, researchers are going to research, whether or not there’s a policy in place,” Chris Wlaschin, ES&S’s vice president of systems security, told CyberScoop. “We think it’s important to have that safe harbor language out there to set expectations.” The policy allows researchers to probe ES&S’s corporate systems and public-facing websites, but not the election systems in place at jurisdictions around the country, which are subject to different testing regimes. The ES&S policy gives the company 90 days to fix vulnerabilities before researchers can report on them publicly — a standard timeline in the research community. For ES&S, the policy marks another step in collaborating with a white-hat hacking community with which it […]

The post Top voting vendor ES&S publishes vulnerability disclosure policy appeared first on CyberScoop.

Continue reading Top voting vendor ES&S publishes vulnerability disclosure policy

There’s a new open-source project to detect cellphone-snooping technology

Posted on by

In October 2016, during popular protests against the Dakota Access Pipeline, a technologist named Cooper Quintin took a red-eye flight from San Francisco to North Dakota and made his way to the Standing Rock Reservation. There had been reports of police surveillance of the protesters, and Quintin suspected that involved a device known as an IMSI catcher or cell-site simulator. The technology, sometimes referred to as a Stingray, spoofs a cellular tower, tricking your phone into revealing its location. From there, data-stealing attacks on the phone are possible. Police and spies use the gear for surveillance. At Standing Rock, Quintin took out his software-defined radio, scanning for abnormal signals, and opened up an Android app known for spotting IMSI catchers. He didn’t get any hits. “I had no idea what I was doing,” said Quintin, a security researcher at the nonprofit Electronic Frontier Foundation. He was using technology designed for […]

The post There’s a new open-source project to detect cellphone-snooping technology appeared first on CyberScoop.

Continue reading There’s a new open-source project to detect cellphone-snooping technology

Researchers uncover vulnerabilities in devices used at industrial facilities

Posted on by

For the three Ukrainian power companies that suspected Russian hackers pried their way into in 2015, the pain wasn’t over when the attackers opened the companies’ circuit breakers and sent 225,000 people into darkness. The intruders also planted malicious code on key equipment at power substations, preventing engineers from remotely closing the circuit breakers and slowing the effort to restore power. The way the hackers blinded the Ukrainian power firms to their own operations is still studied by utilities around the world, and security specialists investigating critical electric equipment. A group of researchers at cybersecurity company Trend Micro on Wednesday added important data to those efforts by revealing multiple vulnerabilities in the same types of devices exploited by the Russians five years ago. By making their findings public, researchers are prompting organizations to further scrutinize the little black boxes that serve as translators on key networks. The research covered vendors in France, […]

The post Researchers uncover vulnerabilities in devices used at industrial facilities appeared first on CyberScoop.

Continue reading Researchers uncover vulnerabilities in devices used at industrial facilities

Another guilty plea in $568 million Infraud crime ring

Posted on by

A Moldovan man on Friday became the second person in as many months to plead guilty to being part of Infraud, a $568 million cybercriminal enterprise that stole payment cards and personal data from around the world, the U.S. Department of Justice said. 30-year-old Valerian Chiochiu, who allegedly trained Infraud members on writing and deploying malware, appeared before a judge in federal court in Nevada, U.S. officials said. Chiochiu’s guilty plea follows that of Sergey Medvedev, a 33-year-old Russian, who is accused of being the group’s co-founder. The pleas are part of the ongoing U.S. effort to prosecute Infraud, which Department of Justice officials say victimized people in all 50 states. At its height, Infraud aspired to be the internet’s top spot for “carding,” or buying things with stolen credit card data. It amassed more than 10,000 members, and claimed to only allow vetted vendors of stolen data to advertise […]

The post Another guilty plea in $568 million Infraud crime ring appeared first on CyberScoop.

Continue reading Another guilty plea in $568 million Infraud crime ring

Lawmakers call for FTC investigation of data brokers enabled by online ad industry

Posted on by

A group of 10 U.S. lawmakers on Friday asked the Federal Trade Commission to investigate companies that sell Americans’ personal data by exploiting online advertising, calling for any lawbreaking firms to be shut down. The lawmakers, including Sens. Ron Wyden, D-Ore., and Bill Cassidy, R-La., decried the data-selling practices as an “outrageous privacy violation,” citing reports that Mobilewalla, a data broker, compiled data from Black Lives Matter protestors for marketing purposes. The broader market for consumers’ personal data is lucrative, and includes a bidding process for online ads that include code for gobbling up information on users’ locations and personal devices. The lawmakers want the FTC to use its investigative power to determine if data brokers have broken a federal law that prohibits “unfair and deceptive” business practices. An FTC spokesperson declined to comment. “[T]here is no effective way to control these tools absent intervention by regulators and Congress,” the lawmakers wrote to FTC Chairman Joseph Simons. “Technological […]

The post Lawmakers call for FTC investigation of data brokers enabled by online ad industry appeared first on CyberScoop.

Continue reading Lawmakers call for FTC investigation of data brokers enabled by online ad industry

For North Korea, phishing with fake job-recruitment emails never gets old

Posted on by

Give someone an undetected software exploit and they’ll have access to a system for a day, the security researcher The Grugq once said, but teach them to phish and they’ll have “access for life.” North Korean hackers have been following that bit of social-engineering wisdom to a T. In recent years, they have consistently posed as job recruiters to try to phish their way into the networks of aerospace and defense firms on multiple continents. The latest activity— a months-long spying campaign against aerospace and defense firms — was revealed this week by researchers from McAfee. Malware from the campaign has been detected in the U.S. and Europe. The suspected North Korean hackers appear to be spearphishing their targets using Microsoft Word documents with job descriptions involving active defense contracts, according to McAfee. Their goal is to use that foothold to plant additional code to gather data on their targets, the researchers said. […]

The post For North Korea, phishing with fake job-recruitment emails never gets old appeared first on CyberScoop.

Continue reading For North Korea, phishing with fake job-recruitment emails never gets old

New bug in PC booting process could take years to fix, researchers say

Posted on by

In June, the antivirus company ESET stumbled across an insidious strain of ransomware that prevents a computer from loading and locks its data. A saving grace was that, in order for the attack to work, a ubiquitous feature known as UEFI Secure Boot, which protects computers from getting malicious code slipped on their systems, would have to be disabled. Now, researchers at hardware security company Eclypsium say they’ve found a vulnerability that, if exploited, would even work on computers that have that Secure Boot feature enabled.  Exploiting the flaw, which researchers say affects just about every Linux-based operating system in existence, would make successful attacks using the ransomware spotted by ESET more likely. It would also open the door to stealthy attacks that compromise a machine’s loading process, where control over the computer is at its highest. “It’s this foundational part of the system, and everything you loaded up on […]

The post New bug in PC booting process could take years to fix, researchers say appeared first on CyberScoop.

Continue reading New bug in PC booting process could take years to fix, researchers say