Sean Lyngaas – Page 34 – WindowsTechs.com

Security professionals lose ‘central watering hole’ with demise of Peerlyst

Posted on July 28, 2020 by Sean Lyngaas

For years, the Peerlyst social network has been a resource for software developers looking for a job or cybersecurity enthusiasts wanting to host meet-ups across the world. But on Aug. 27, the website will shut down, Peerlyst founder Limor Elbaz said Monday, citing financial pressure. “[W]e are realizing that we would not be able to grow [the website] as a VC-backed business without making huge compromises on quality,” Elbaz wrote, encouraging users of the platform to save a copy of their collaborations. Cybersecurity professionals lamented the end of the platform. “I took the news hard,” said J. Wolfgang Goerlich, an advisory CISO at Duo Security who has posted nearly 700 times on Peerlyst. “With the Peerlyst going away, we’re losing a central watering hole. The conversations may continue over LinkedIn and Facebook groups. But the loss of a dedicated security social media site will be felt for some time.” The site […]

The post Security professionals lose ‘central watering hole’ with demise of Peerlyst appeared first on CyberScoop.

Continue reading Security professionals lose ‘central watering hole’ with demise of Peerlyst→

New VPN flaws highlight proven pathway for hackers into industrial organizations

Posted on July 28, 2020 by Sean Lyngaas

Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application led to a compromise of the organization’s administrative network accounts. It culminated in a data-wiping attack on Dec. 29 that hit most of the machines on the organization’s IT network. A forensic report on the attack produced by Saudi cybersecurity officials warns industrial companies to secure VPN connections, which employees use for remote connectivity, lest they become a valuable foothold for hackers in search of sensitive data. Seven months later, with the rise in remote work during the coronavirus pandemic, that advice is even more critical. On Tuesday, researchers from cybersecurity company Claroty drove the point home by publishing data on multiple remote-connectivity products popular in the oil, gas and other industrial […]

The post New VPN flaws highlight proven pathway for hackers into industrial organizations appeared first on CyberScoop.

Continue reading New VPN flaws highlight proven pathway for hackers into industrial organizations→

Burglars expose Walgreens customer data in a different kind of breach

Posted on July 27, 2020 by Sean Lyngaas

Groups of unidentified thieves broke into multiple Walgreens stores in late May and early June and stole prescription information and other data on some 70,000 customers, a spokesman for the pharmacy chain said Monday. The assailants forced their way behind pharmacy counters and stole drug prescriptions, and also took a “very limited number of hard drives attached to stolen cash registers,” according to a letter Walgreens sent affected customers. Customers’ health insurance and vaccination information may have been swept up in the breach, Walgreens said, but credit card data and Social Security numbers were not affected. “Like many retailers, pharmacies and local businesses across the country, Walgreens recently had a number of its stores sustain varying degrees of damage as a result of vandalism and theft,” Walgreens spokesman Jim Cohn said. “Protecting our customers’ personal information is a top priority and something we take very seriously. We’ve worked with local law enforcement, and are continuing to take […]

The post Burglars expose Walgreens customer data in a different kind of breach appeared first on CyberScoop.

Continue reading Burglars expose Walgreens customer data in a different kind of breach→

CISA confirms hackers are exploiting F5 flaw on federal and private networks

Posted on July 24, 2020 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity division said Friday it had responded to at least two hacking incidents at U.S. government and private-sector organizations that exploited a critical vulnerability in enterprise software to take control of the victim’s computer systems. DHS’s Cybersecurity and Infrastructure Security Agency said the unidentified malicious hackers had for weeks been scanning federal agencies’ networks for a flaw in a popular software made by F5 Networks, which was revealed earlier this month. CISA said it was working with multiple sectors to investigate possible breaches related to the vulnerability, with two compromises confirmed as of Friday. The vulnerability allows hackers to execute code remotely on target systems, opening up a pathway to deleting files or disabling services. Hackers will continue to exploit the bug, CISA warned. The agency “strongly urg[ed] users and administrators to upgrade their software to the fixed versions.” The disclosure shows how, once a […]

The post CISA confirms hackers are exploiting F5 flaw on federal and private networks appeared first on CyberScoop.

Continue reading CISA confirms hackers are exploiting F5 flaw on federal and private networks→

Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands

Posted on July 24, 2020 by Sean Lyngaas

The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […]

The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop.

Continue reading Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands→

After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities

Posted on July 23, 2020 by Sean Lyngaas

As one of the most popular soccer leagues on the planet, the English Premier League rakes in billions of dollars every year, in part by attracting star players through a cutthroat transfer market. The multimillion-dollar negotiations can make or break a season. Suffice to say that sending more than a $1 million to a fake team for a player they don’t have would be a setback. That’s nearly what happened to one of the league’s teams, though, after scammers hacked into the email account of the club’s managing director, according to a report released Thursday by the U.K.’s National Cyber Security Centre. The only thing that stopped the money transfer from going through was a fraud marker on the crooks’ bank account. Government officials did not specify which team was targeted. It is one of a handful of security incidents in a report that U.K. cybersecurity experts are using to highlight how various […]

The post After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities appeared first on CyberScoop.

Continue reading After hackers nearly stole $1M from soccer team, UK agency warns of sporting sector’s vulnerabilities→

European police bust Polish gang suspected of hacking and stealing cars

Posted on July 22, 2020 by Sean Lyngaas

German and Polish police agencies announced Wednesday they had dismantled a Polish criminal network accused of stealing dozens of cars by breaching the keyless systems used to start the vehicles. The alleged thieves had racked up at least 34 vehicles worth $1.6 million by the time investigators raided their properties in Poland last week, according to Europol, the European Union’s law enforcement agency. The alleged Polish criminal network appears to be reeling. Seven of its suspected members were arrested last year, and two more in recent months, Europol said. It is unclear exactly how the hacking went down; Europol would only say that the suspects used “technical equipment” to crack the “Keyless Go” systems that allow a driver to unlock and start a car electronically. A Europol spokesperson did not immediately respond to a request for comment. “This is a known issue that has kept car companies up at night […]

The post European police bust Polish gang suspected of hacking and stealing cars appeared first on CyberScoop.

Continue reading European police bust Polish gang suspected of hacking and stealing cars→

CISA turns to security experts with street cred to protect health sector

Posted on July 22, 2020 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity agency is ramping up its efforts to protect medical organizations from hacking during the coronavirus pandemic by hiring multiple security specialists with strong ties to the health care sector, CyberScoop has learned. As the race for a vaccine intensifies, DHS’s Cybersecurity and Infrastructure Security Agency is turning to Josh Corman, who has long evangelized for medical-device security, to help expand the agency’s attempts to secure private-sector networks during the pandemic. Rob Arnold, a former private executive focused on small business’ cybersecurity, is also joining CISA to advise on how COVID-19 has changed cyber risk for critical infrastructure companies. Corman, a former security specialist at IBM, has joined CISA as a visiting researcher and will play a key role in the agency’s COVID-19 response with security advice on health care infrastructure, the agency is expected to announce later Wednesday. Beau Woods, who previously worked on cybersecurity at the U.S. Food and Drug Administration, is also expected […]

The post CISA turns to security experts with street cred to protect health sector appeared first on CyberScoop.

Continue reading CISA turns to security experts with street cred to protect health sector→

Dem lawmakers want FBI briefing on foreign interference efforts in 2020 election

Posted on July 20, 2020 by Sean Lyngaas

Four senior Democratic lawmakers have asked the FBI to brief all members of Congress on foreign efforts to interfere in the 2020 presidential election, citing an ongoing disinformation campaign. “We are gravely concerned, in particular, that Congress appears to be the target of a concerted foreign interference campaign, which seeks to launder and amplify disinformation in order to influence congressional activity, public debate and the presidential election in November,” wrote Speaker of the House Rep. Nancy Pelosi and Senate Minority Leader Charles Schumer in a letter to FBI Director Christopher Wray last week. Rep. Adam Schiff, D-Calif., chairman of the House Intelligence Committee, and Sen. Mark Warner, D-Va., vice chairman of the Senate Intelligence Committee, also signed the letter. The four lawmakers did not elaborate on the nature of the foreign interference campaign targeting Congress, but they did include a classified addendum to the letter that draws on the Trump administration’s […]

The post Dem lawmakers want FBI briefing on foreign interference efforts in 2020 election appeared first on CyberScoop.

Continue reading Dem lawmakers want FBI briefing on foreign interference efforts in 2020 election→

CISA issues emergency order requiring agencies to patch critical Windows bug

Posted on July 16, 2020 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity division on Thursday ordered federal civilian agencies to apply a security fix for a newly revealed Microsoft Windows vulnerability, citing the “unacceptable significant risk” posed by the flaw to agencies’ security. The emergency order — only the third ever issued by DHS’s Cybersecurity and Infrastructure Security Agency — gave agencies roughly 24 hours to either patch Windows servers used for domain name system purposes or apply another mitigation. Organizations with affected servers that aren’t for DNS have until July 24 to patch. The urgency of the directive is “based on the likelihood of the vulnerability being exploited, the widespread use of the affected software across the federal enterprise, the high potential for a compromise of agency information systems, and the grave impact of a successful compromise,” CISA said in its directive. The agency said it wasn’t aware of any active exploitation of the vulnerability — yet. “[I]t […]

The post CISA issues emergency order requiring agencies to patch critical Windows bug appeared first on CyberScoop.

Continue reading CISA issues emergency order requiring agencies to patch critical Windows bug→