Sean Lyngaas – Page 35 – WindowsTechs.com

Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say

Posted on July 16, 2020 by Sean Lyngaas

Allison Wikoff has spent years tracking suspected Iranian hackers, sifting through data they’ve left behind and analyzing their techniques. But in May, when her colleague stumbled upon a server with 40 gigabytes of the hackers’ training videos and online personas, Wikoff knew she had struck gold. “[When] we started combing through all the data and video files we couldn’t believe what we were seeing,” said Wikoff, a cyber threat analyst on IBM’s X-Force security team. “This discovery brought a whole new meaning to observing ‘hands-on keyboard activity.’” The nearly five hours of videos found on the server, which IBM reported publicly on Thursday, include evidence of a suspected Iranian hacker stealing data from the personal email and social media accounts of an enlisted member of the U.S. Navy and a Greek naval officer. The attacker managed to exfiltrate files on the military unit of the U.S. Navy member and their […]

The post Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say appeared first on CyberScoop.

Continue reading Iran-linked hackers steal sensitive data from U.S. Navy member, researchers say→

Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency

Posted on July 15, 2020 by Sean Lyngaas

Hackers on Wednesday took over a series of high-profile Twitter accounts — including those of presumptive Democratic presidential nominee Joe Biden and Microsoft co-founder Bill Gates — to promote cryptocurrency scams in a remarkable security breach. The cause of the breach was not immediately clear. But a series of similarly-worded tweets promoting bitcoin, a type of cryptocurrency, began appearing from the compromised accounts around the same time on Wednesday. The Twitter account of cryptocurrency exchange Gemini appeared to be swept up in the scam, as was Apple’s official Twitter account. pic.twitter.com/QqPq27m7d1 — Jᵾlien Genestoux (@julien51) July 15, 2020 Twitter said it was investigating and addressing the incident. We are aware of a security incident impacting accounts on Twitter. We are investigating and taking steps to fix it. We will update everyone shortly. — Twitter Support (@TwitterSupport) July 15, 2020 Among other accounts compromised were those belonging to musical artist Kanye West, Tesla founder Elon Musk and former president […]

The post Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency appeared first on CyberScoop.

Continue reading Scammers hijack Twitter accounts of Joe Biden, Bill Gates and others to promote cryptocurrency→

Credit union’s lawsuit against Fiserv is a test for cybersecurity liability

Posted on July 15, 2020 by Sean Lyngaas

After more than a year of legal wrangling and bureaucratic delays, a major lawsuit is moving forward against a fintech giant for its allegedly lax cybersecurity practices. A Pennsylvania credit union is taking on Fiserv, a Fortune 500 company that claims clients in over 100 countries, in a case that is a test of the legal obligations big financial firms have to protect client data. Bessemer System Federal Credit Union’s (FCU) originally sued Fiserv in April 2019. After moving to federal court, the case took on new life Tuesday when a judge in the Western District of Pennsylvania ruled that the court would hear some of the credit union’s claims against Fiserv. The credit union accuses Fiserv, one of three companies that provide the majority of digital infrastructure used by small banks, of taking cybersecurity for granted. “Rather than addressing the problems by updating its security, Fiserv continued to use […]

The post Credit union’s lawsuit against Fiserv is a test for cybersecurity liability appeared first on CyberScoop.

Continue reading Credit union’s lawsuit against Fiserv is a test for cybersecurity liability→

In about-face, UK bans Huawei from 5G networks

Posted on July 14, 2020 by Sean Lyngaas

The United Kingdom on Tuesday said it was banning Huawei equipment from the country’s high-speed 5G networks in a dramatic reversal and a blow to the Chinese technology giant. Starting in January 2021, U.K. telecommunications operators will be barred from buying Huawei 5G technology, and all Huawei equipment will be removed from 5G networks by the end of 2027, said Digital, Culture, Media and Sport Secretary Oliver Dowden. Citing both security concerns with Huawei and supply-chain restrictions from recent U.S. sanctions on the Chinese company, Dowden told British lawmakers that in the coming years, Britain “will have implemented in law an irreversible path for the complete removal of Huawei equipment from our 5G networks.” The decision is a victory for the Trump administration, which has for years pressured U.S. allies to abandon Huawei, one of the world’s top suppliers of 5G equipment. U.S. officials charge that the Chinese government could […]

The post In about-face, UK bans Huawei from 5G networks appeared first on CyberScoop.

Continue reading In about-face, UK bans Huawei from 5G networks→

US cyber officials urge patching of bug affecting up to 40K SAP customers

Posted on July 14, 2020 by Sean Lyngaas

A critical vulnerability in applications made by software giant SAP could affect up to 40,000 SAP customers, offering a pathway for hackers to remotely steal or alter data, researchers warned Tuesday. At least 2,500 SAP systems with the vulnerability are exposed to the internet, making life easier for anyone who would want to exploit the bug, said researchers from Boston-based security company Onapsis. Exploiting the vulnerability could give a hacker administrative access to SAP software housing business and financial data, they said. The scope of the affected organizations and the importance of the SAP software to businesses prompted the Department of Homeland Security’s cybersecurity arm to issue an alert late Monday urging organizations to address the issue. “Due to the criticality of this vulnerability, the attack surface this vulnerability represents, and the importance of SAP’s business applications, the Cybersecurity and Infrastructure Security Agency strongly recommends organizations immediately apply patches,” CISA told affected […]

The post US cyber officials urge patching of bug affecting up to 40K SAP customers appeared first on CyberScoop.

Continue reading US cyber officials urge patching of bug affecting up to 40K SAP customers→

Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs

Posted on July 13, 2020 by Sean Lyngaas

Multiple Department of Energy research labs lack adequate security controls to safeguard devices like printers and USB drives, leaving the facilities susceptible to data theft, according to an inspector general investigation. “[T]he confidentiality, integrity and availability of systems and data could be directly impacted by the vulnerabilities discovered by our test work,” the DOE inspector general said in a memo released last week. The watchdog did not name the four DOE field sites it reviewed, but said they were part of DOE’s Office of Science. That office spans at least 10 research labs that are doing sensitive research on everything from supercomputing to the supply chain of health equipment to combat the coronavirus. An official at one DOE site complained that the department’s security standards were “technically not feasible or extremely difficult to implement,” according to the inspector general. In another case, site officials said that following the standards would cost too much, […]

The post Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs appeared first on CyberScoop.

Continue reading Energy Department watchdog finds research labs fail to secure ‘peripheral’ devices like USBs→

DNC issues another warning on TikTok, citing data security risks

Posted on July 12, 2020 by Sean Lyngaas

The Democratic National Committee on Friday reiterated a warning to Democratic campaigns, state parties and committees about the security risks of using the video-sharing app TikTok, which is owned by Chinese tech company ByteDance. “Because of the amount of data it tracks, we continue to advise campaign staff to refrain from using TikTok on personal devices,” a DNC official told CyberScoop. “[I]f campaigns are using TikTok for campaign work, we recommend they use a separate phone and account.” The fresh warning, which DNC officials have been making for months, is the latest move by the political party to protect its data from compromise following the Russian hack of the DNC in 2016. It comes as TikTok faces greater scrutiny for its security practices from both U.S. government agencies and corporations. CNN was first to report on the DNC guidance. The video-sharing app is wildly popular. TikTok has been downloaded more than 2 billion […]

The post DNC issues another warning on TikTok, citing data security risks appeared first on CyberScoop.

Continue reading DNC issues another warning on TikTok, citing data security risks→

Biden campaign hires ex-White House official Chris DeRusha as CISO

Posted on July 10, 2020 by Sean Lyngaas

Joe Biden, the presumptive Democratic nominee for president, has turned to a former White House cybersecurity official to protect the campaign’s networks from hackers. Biden’s campaign said Friday it had hired Chris DeRusha, who served as a White House cybersecurity adviser when Biden was vice president, as the campaign’s chief information security officer. DeRusha, who has also held cybersecurity positions with the State of Michigan, the Department of Homeland Security and Ford Motor Co., will be charged with safeguarding the campaign’s digital assets in an election that U.S. officials expect to draw continued foreign interference. The Biden campaign has also hired software engineer Jacky Chang as its chief technology officer. Chang worked as a technologist for the Democratic National Committee and for Hillary Clinton’s 2016 presidential campaign. “Biden for President takes cybersecurity seriously and is proud to have hired high quality personnel with a diverse breadth of experience, knowledge and […]

The post Biden campaign hires ex-White House official Chris DeRusha as CISO appeared first on CyberScoop.

Continue reading Biden campaign hires ex-White House official Chris DeRusha as CISO→

Zero-day flaw found in Zoom for Windows 7

Posted on July 9, 2020 by Sean Lyngaas

A previously unknown flaw in the videoconferencing software Zoom could allow a hacker to remotely commandeer computers running old versions of the Microsoft Windows operating system, security researchers said Thursday. A hacker who successfully exploits the vulnerability could access files on the vulnerable computer, said Mitja Kolsek, chief executive of ACROS Security, the Slovenian cybersecurity firm that highlighted the issue. “If the user is a local administrator, the attacker could completely take over the computer,” Kolsek told CyberScoop. The “zero-day” vulnerability applies to Zoom software running on Windows 7, or even older operating systems. Microsoft has tried to phase technical support out for Windows 7 in an effort to encourage users to upgrade to more secure operating systems. But Windows 7 is still widely used, and some organizations have struggled to move their computers to the latest Windows software en masse. Kolsek said he is holding off on publishing a full […]

The post Zero-day flaw found in Zoom for Windows 7 appeared first on CyberScoop.

Continue reading Zero-day flaw found in Zoom for Windows 7→

Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime

Posted on July 8, 2020 by Sean Lyngaas

As the Supreme Court prepares to consider a controversial federal anti-hacking law, a group of prominent cybersecurity researchers and legal advocates is pleading with the court not to criminalize digital research in the public interest. In a brief filed with the court Wednesday led by digital rights group Electronic Frontier Foundation, the researchers warned that if violations of a company’s “terms of service” are deemed to be illegal, it risks chilling important research into voting systems, medical devices and other key equipment. “Despite widespread agreement about the importance of this work—including by the government itself— researchers face legal threat for engaging in socially beneficial security testing,” wrote the EFF, the nonprofit Center for Democracy & Technology, and cybersecurity companies Bugcrowd, Rapid7, SCYTHE and Tenable. Famous security researchers like Peiter “Mudge” Zatko and Chris Wysopal, who warned Congress of the internet’s insecurities in the 1990s as members of the L0pht hacking collective, […]

The post Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime appeared first on CyberScoop.

Continue reading Researchers to Supreme Court: Terms of service violations shouldn’t be CFAA crime→