Sean Lyngaas – Page 36 – WindowsTechs.com

In Brazil, scammers see the coronavirus as a serious money-making opportunity

Posted on July 8, 2020 by Sean Lyngaas

Brazilian President Jair Bolsonaro’s critics say he hasn’t taken the impact of the coronavirus seriously. The same can’t be said for Brazil’s cybercriminals. As deaths from the virus have surged past 66,000 in Brazil, scammers have set up new infrastructure to dupe people who are desperate for relief, and have set up bank accounts in their names. At a time when even more people in South America’s biggest country are glued to their phones or computers, Brazil’s already-flourishing cybercriminal economy has been busy. “Scam operations have been highly effective in Brazil, from the first announcement of the government assistance program,” Jefferson Macedo, managing consultant on IBM’s X-Force security team, told CyberScoop. IBM has uncovered nearly 700 malicious websites related to COVID-19, the disease caused by the virus, in recent months. The crooks are impersonating government apps used to sign up for financial relief and sending people a flurry of text […]

The post In Brazil, scammers see the coronavirus as a serious money-making opportunity appeared first on CyberScoop.

Continue reading In Brazil, scammers see the coronavirus as a serious money-making opportunity→

New round of bugs found in Citrix software, but this time a patch is ready

Posted on July 7, 2020 by Sean Lyngaas

Six months ago, a critical vulnerability found in software made by Citrix set off an uncomfortable few weeks for the virtual private networking vendor and the Fortune 500 companies that rely on its products. It took Citrix a month to release a software fix, well after researchers were warning that malicious hackers were actively exploiting the vulnerability. Even with a fix available, Chinese spies conducted a sweeping operation that took advantage of the software flaw in critical infrastructure sectors. On Tuesday, Citrix revealed 11 new vulnerabilities in those same cloud-based and remote access products. This time, the Florida-based VPN service provider is hoping to head off attacks by having patches available immediately. The vulnerabilities, under certain conditions, could allow an attacker to inject malicious code into a network running Citrix software, or conduct a denial-of service attack on virtual servers. Citrix urged customers to install the fixes. There haven’t been […]

The post New round of bugs found in Citrix software, but this time a patch is ready appeared first on CyberScoop.

Continue reading New round of bugs found in Citrix software, but this time a patch is ready→

Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption

Posted on July 2, 2020 by Sean Lyngaas

The Senate Judiciary Committee on Thursday unanimously advanced a bill that would combat child pornography, but which technologists say risks weakening encryption for average internet users by exposing tech companies to lawsuits. The Eliminating Abusive and Rampant Neglect of Interactive Technologies Act (EARN IT Act) would remove liability protections for companies like Facebook when users share child pornography on their platforms. The bill is the latest front in a long-running struggle between lawmakers who see end-to-end encryption as shielding criminality, and civil liberties advocates and technologists who say weakening encryption could make swaths of the internet less secure. Lawmakers responded to criticism of earlier versions of the bill by making the standards that tech companies have to meet to receive liability protection voluntary. The bill also now states that tech providers won’t be targeted under federal law simply for providing encryption technology, thanks to an amendment from Sen. Patrick Leahy, D-Vt. […]

The post Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption appeared first on CyberScoop.

Continue reading Senate panel advances bill to combat child exploitation, but critics fear it could weaken encryption→

European police crack encrypted phone network, arrest hundreds of alleged criminals

Posted on July 2, 2020 by Sean Lyngaas

Law enforcement agencies in France, the Netherlands and the United Kingdom on Thursday announced hundreds of arrests of alleged drug dealers and other criminals in a major bust made possible by cracking an encrypted phone network. European police officials said they broke into the platform of EncroChat, a bespoke encrypted messaging service, in April and had been quietly reading the messages ever since. They did not reveal the technique they used to breach EncroChat. The operation is nonetheless a significant breakthrough for law enforcement agencies that often say encrypted messaging apps stymie criminal and national security investigations. Andy Kraag, head of the Netherlands’ National Criminal Investigation Service, said investigators exploited “state-of-the-art cyber technology” to break EncroChat’s encryption, taking advantage of the alleged criminals’ trust in the encrypted platform. French authorities were involved in cracking EncroChat’s network and deployed a monitoring tool, Vice News reported. The Dutch police claimed they were […]

The post European police crack encrypted phone network, arrest hundreds of alleged criminals appeared first on CyberScoop.

Continue reading European police crack encrypted phone network, arrest hundreds of alleged criminals→

Ransomware gangs are doing their homework before encrypting corporate data

Posted on July 1, 2020 by Sean Lyngaas

The lengthy amount of time that criminal hackers are sitting undetected on the networks of U.S. businesses is giving them powerful leverage to extort their victims, according to a Department of Homeland Security cybersecurity official. Going unnoticed on corporate networks allows ransomware gangs to size up their victims and funnel out data before ransom negotiations even begin, said Matt Travis, deputy director of DHS’s Cybersecurity and Infrastructure Security Agency. “They’re not just going into networks and seizing data,” Travis said Wednesday at IBM’s Think Gov Digital event, produced by FedScoop. “They’re snooping around” for balance sheets and other financial data to “gain intelligence on how much of a ransom they think they can get.” In the last three months, the criminal hackers behind the Maze ransomware have attacked two big IT service providers, one of which is a Fortune 500 company. Other ransomware gangs have hit big corporate targets, and […]

The post Ransomware gangs are doing their homework before encrypting corporate data appeared first on CyberScoop.

Continue reading Ransomware gangs are doing their homework before encrypting corporate data→

Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say

Posted on July 1, 2020 by Sean Lyngaas

A newly revealed set of mobile hacking tools adds to the extensive picture of Chinese government surveillance aimed at the country’s Uighur minority. Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery. Some of the hacking tools have been in use for more than five years, but Lookout pieced them together into a vast spying effort tied to the Chinese government, underscoring the pervasive nature of the surveillance and the challenges of uncovering all of it. “Our research found that there are eight malware families meant to stealthily spy on this ethnic minority at the minimum, with some of them expanding even more broadly in their targeting,” said Kristin Del Rosso, Lookout’s senior security intelligence engineer. One of those malware families was cover in a 2013 report from the […]

The post Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say appeared first on CyberScoop.

Continue reading Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say→

Operators of Android hacking kit impersonate postal services in US and Europe

Posted on July 1, 2020 by Sean Lyngaas

Two years ago, when researchers at antivirus company Trend Micro reported on a new mobile data-stealing kit known as FakeSpy, they warned there could be more to come from the hackers. Directing the Android-focused malware at users outside of South Korea and Japan, where it was discovered, would simply be a matter of reconfiguring the code, the researchers said. That’s exactly what happened. On Wednesday, another set of researchers, from security company Cybereason, revealed how FakeSpy’s operators have been impersonating various postal services in attacks on users in the U.S., China and Europe in the last several weeks. The hackers have taken aim at thousands of users with the help of phony text messages that, if clicked, install code capable of siphoning off financial data from mobile applications. The findings show how, with an effective mobile malware kit written, hackers can tweak the code to target different parts of the world and see […]

The post Operators of Android hacking kit impersonate postal services in US and Europe appeared first on CyberScoop.

Continue reading Operators of Android hacking kit impersonate postal services in US and Europe→

Senate Democrats push feds to stand up disinformation ‘response center’ ordered in NDAA

Posted on June 29, 2020 by Sean Lyngaas

With the presidential election just four months away, 15 Senate Democrats have asked national security agencies to step up their efforts to counter foreign disinformation aimed at undermining the vote. The Trump administration should ensure that political candidates and the public are promptly notified of foreign efforts to interfere in U.S. politics — and set up a congressionally mandated federal office for countering foreign influence, the senators wrote in a letter Friday to the heads of the Department of Defense, Homeland Security, the FBI, the National Security Agency and the Office of the Director of National Intelligence. “[W]e urge you to take additional measures to fight influence campaigns aimed at disenfranchising voters, especially voters of color,” wrote the senators, including Amy Klobuchar of Minnesota and Cory Booker of New Jersey. After the sweeping Russian effort to interfere in the 2016 elections, U.S. officials have tried to do more to combat foreign […]

The post Senate Democrats push feds to stand up disinformation ‘response center’ ordered in NDAA appeared first on CyberScoop.

Continue reading Senate Democrats push feds to stand up disinformation ‘response center’ ordered in NDAA→

Russian national pleads guilty to being part of $568 million fraud ring

Posted on June 26, 2020 by Sean Lyngaas

A 33-year-old Russian man has pleaded guilty to being part of a cybercriminal enterprise that caused more than $568 million in losses through identity theft and stolen payment cards, the U.S. Justice Department announced Friday. Sergey Medvedev is accused of being a leader of the Infraud Organization, an online forum that trafficked in stolen financial data, malware “and other contraband,” the department said in a press release. Medvedev, also known as “Stells,” “segmed” and “serjbear,” pleaded guilty to RICO conspiracy in federal court in Nevada, U.S. officials said. Infraud was founded a decade ago by a Ukrainian national who wanted to make it the internet’s top spot for “carding,” or buying things with stolen credit card data, according to the indictment. Infraud members routed interested buyers to the automated sites of members, which offered malware and stolen financial and personal data, according to prosecutors. The organization’s slogan was, “In Fraud We Trust,” prosecutors […]

The post Russian national pleads guilty to being part of $568 million fraud ring appeared first on CyberScoop.

Continue reading Russian national pleads guilty to being part of $568 million fraud ring→

Lawmakers call for cyber leadership as they introduce bill that would create White House post

Posted on June 25, 2020 by Sean Lyngaas

After then-national security adviser John Bolton eliminated the position of White House cybersecurity coordinator in the spring of 2018, Democratic lawmakers quickly introduced a bill to restore the position, arguing that it was crucial for the White House to show leadership on the issue. The bill never went anywhere. But two years later, the push for creating a top White House cybersecurity post is gaining fresh traction, with support from Republicans. A bipartisan group of House members on Thursday introduced new legislation that would create a “national cyber director” at the White House. The director would serve a similar role to the coordinator, but have more authority to examine cybersecurity budgets and oversee national incident response. Instituting a national cyber director was a key recommendation put forth by the congressionally mandated Cyberspace Solarium Commission, which released a report in March arguing for big changes to U.S. cybersecurity policy. Two leading members […]

The post Lawmakers call for cyber leadership as they introduce bill that would create White House post appeared first on CyberScoop.

Continue reading Lawmakers call for cyber leadership as they introduce bill that would create White House post→