Collaborate Disseminate
The U.S. government has broadened its criminal case against Julian Assange in an indictment unsealed Wednesday that accuses the WikiLeaks founder of collaborating with hackers affiliated with the Anonymous and LulzSec hacking groups
The new superseding… Continue reading Julian Assange accused of conspiring with Anonymous and LulzSec in superseding US indictment
The expansion of voting by mail during the coronavirus pandemic makes it all the more important that election officials secure voter registration databases from hacking, according to a senior Department of Homeland Security official. The greater amount of absentee voting and mail-in ballots “shifts the risk towards voter registration data security,” Matt Masterson, senior adviser at DHS’s Cybersecurity and Infrastructure Security Agency, said Wednesday during a virtual conference. People voting by mail generally won’t have access to the same provisional-balloting process that those voting in person can use if they’ve been left off of voter rolls due to an administrative error. That makes the integrity of voter registration data all the more important in the era of COVID-19, Masterson said. The novel coronavirus, which has killed more than 120,000 people in the U.S., has forced many states to postpone presidential primaries and ramp up voting-by-mail options. Forty-six states currently offer all of their voters some form […]
The post Securing voter registration databases takes on added importance in pandemic, DHS official says appeared first on CyberScoop.
In early March, as the novel coronavirus swept through the U.S., the Department of Homeland Security’s cybersecurity wing quietly began an initiative that would single out the critical government and private-sector organizations that needed protection from spies and criminals during the pandemic. The list of essential organizations would include U.S. labs working on a vaccine, pharmaceutical firms researching virus treatments and a constellation of equipment suppliers with global supply chains. The initiative turned into something U.S. officials call Project Taken — a multi-agency effort to protect U.S. vaccine research and other data from hacking and infiltration. “We really need to identify the parts of the United States government and industry that are going to get us through this COVID crisis,” recalled Bryan S. Ware, assistant director at DHS’s Cybersecurity and Infrastructure Security Agency. “And we need to prioritize … our capabilities and our outreach to those entities.” While other parts of the […]
The post US cyber officials try to channel Liam Neeson in responding to coronavirus threats appeared first on CyberScoop.
Continue reading US cyber officials try to channel Liam Neeson in responding to coronavirus threats
The Trump administration is urging domain operators to include an extra layer of security on federal websites in an attempt to reduce the risk that hackers will spy on site visitors. The goal, which officials said could take “a few years” to achieve, is to get all websites with the .gov internet domain to use a standard that always encrypts a user’s connection to that site. Using that encryption by default is a way for agencies to boost security for a swath of public data being routed through internet domains they control. The security benefits of doing that “are meaningful and necessary to continue meeting the public’s expectation of safety on .gov services,” the General Services Administration, which oversees top-level domains for the U.S. government, said in a blog post published Sunday. The initiative builds on use of the HTTPS, a security protocol that internet users have come to expect from websites. HTTPS is meant to ensure that websites are legitimate, and protects […]
The post Feds aim to bolster data encryption practices for .gov websites appeared first on CyberScoop.
Continue reading Feds aim to bolster data encryption practices for .gov websites
A “malware attack” has hit computer systems at Crozer-Keystone Health System, a large health care provider in the Philadelphia suburbs, a spokesman for the organization said Friday. “After quickly identifying a recent malware attack, the Crozer-Keystone information technology team took immediate action and began remediating impacted systems,” Crozer-Keystone’s Rich Leonowitz said in an email statement. Crozer-Keystone owns four hospitals and four outpatient centers in and around Delaware County, Pennsylvania, according to its website. It was not immediately clear how, if at all, the cybersecurity incident impacted those facilities. Leonowitz declined to answer questions on the matter. “Having isolated the intrusion, we took necessary systems offline to prevent further risk,” Leonowitz’s statement continued. “We completed this work in collaboration with cybersecurity professionals across our health care system and are currently conducting a full investigation of the issue.” A set of hackers behind the NetWalker ransomware claimed responsibility for the attack. On their victim-shaming website, […]
The post Philadelphia-area health system says it ‘isolated’ a malware attack appeared first on CyberScoop.
Continue reading Philadelphia-area health system says it ‘isolated’ a malware attack
Federal agents have arrested a 29-year-old Michigan man for allegedly hacking into a medical center in 2014, stealing data on more than 65,000 people and then selling it on the dark web, the Department of Justice announced Thursday. A 43-count indictment charges Justin Sean Johnson with wire fraud, aggravated identity theft and conspiracy for the hack of a database at University of Pittsburgh Medical Center, Pennsylvania’s largest health care system. Johnson’s sale of medical center employees’ Social Security numbers and addresses led other alleged criminals to claim hundreds of thousands of dollars in fake IRS tax refunds, prosecutors said. “The health care sector has become an attractive target of cyber criminals looking to update personal information for use in fraud,” Timothy Burke, special agent in charge for the U.S. Secret Service in Pittsburgh, said in a statement. The indictment also alleges that from 2014 to 2017 Johnson sold other personally identifiable information […]
The post Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people appeared first on CyberScoop.
Continue reading Michigan man accused in 2014 hack of medical center, sale of data on 65,000 people
A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months, researchers at California-based Awake Security said Thursday. The researchers believe the unidentified hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users in sectors such as oil and gas, finance and health care. The hackers “were very effective in reaching a large number of industries and subverting controls that were in place,” said Gary Golomb, Awake Security’s cofounder and chief scientist. U.S. government contractors were among those targeted, Golomb said. He declined to identify the victims. The discovery exposes another gap in web browser security despite pledges from Google and other vendors to proactively block malicious code from appearing in their official download stores. After being tipped off by Golomb’s team, Google removed […]
The post How hackers used malicious Chrome extensions in a mass spying campaign appeared first on CyberScoop.
Continue reading How hackers used malicious Chrome extensions in a mass spying campaign
A newly discovered software vulnerability could allow hackers to remotely exploit home internet routers, offering a foothold for breaking into the devices running on those networks. Researchers say the flaw in routers made by Netgear — revealed this week by cybersecurity company GRIMM and Trend Micro’s Zero Day Initiative (ZDI) — underscores the long-running challenge of improving security in a market that prizes affordable and functional networking equipment. Netgear told CyberScoop on Wednesday that it was close to releasing a patch for the vulnerability. The flaw affects how Netgear devices handle incoming data and could let hackers who manage to connect to the router to bypass its authentication process using a software exploit. The router could then be a pathway to other devices, such as a laptop housing sensitive work information. (Breaking into the laptop would likely require an additional exploit.) The findings show how the potential impact of a bug can grow as investigations proceed. Researchers initially singled out […]
The post Netgear moves to plug vulnerability in routers after researchers find zero-day appeared first on CyberScoop.
Continue reading Netgear moves to plug vulnerability in routers after researchers find zero-day
Election officials and nonprofit security advocates on Wednesday announced a pilot program for testing and verifying voter registration databases, election night reporting and other systems meant to support voting. The pilot program will focus on making the software that’s used in election systems more secure as it is developed, and before it is deployed. The aim is to close a gap in security testing for the broad set of election infrastructure outside of voting machines, which are already the subject of voluntary federal security guidelines. “There is no standard process for verifying that non-voting election technology is secure, reliable, and usable,” said the nonprofit Center for Internet Security, which is spearheading the pilot program. “Existing election technology verification processes are costly, slow, and disincentivize updating products at the same pace as technology changes and security threats.” Under the pilot program, election systems vendors will submit their products to CIS for testing. […]
The post Feds, states unveil pilot program meant to secure voter databases and other election systems appeared first on CyberScoop.
For LinkedIn users, receiving unsolicited messages from pushy job recruiters comes with the territory. It’s an annoyance for some, a welcome path toward a new gig for others. What the experience isn’t supposed to entail is the theft of sensitive data from the defense company that employs you. That’s what happened to employees at two European aerospace and defense firms from September to December 2019, according to research published Wednesday. The culprit was an as-yet-unidentified advanced persistent threat (APT) group — hackers that are usually associated with governments. Their methods were relentless, even clumsy at times. The operatives “targeted a large array of employees at both organizations, across different divisions, relentlessly trying to get a foothold in their target’s network,” said Jean-Ian Boutin, head of threat research at ESET, the anti-virus firm that exposed the hacking campaign. At the end of the operation, the hackers tried to bilk one of the European […]
The post How spies used LinkedIn to hack European defense companies appeared first on CyberScoop.
Continue reading How spies used LinkedIn to hack European defense companies