Author Archives: Sean Lyngaas

As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology

Posted on by

Bluetooth came to the fore in the fight against the novel coronavirus this month when Apple and Google announced a project to use the wireless technology to trace people infected with the virus. The ambitious program to build interoperable software for iPhone and Android devices inspired hope in some and privacy concerns in others. New research highlights the potential security implications of using Bluetooth to track smartphone users. Jan Ruge, a researcher at the TU Darmstadt, a university in Germany, has shown how a hacker in close proximity to an Android device could use Bluetooth to execute code on it. The mobile device’s user wouldn’t need to click on anything to be compromised — the attacker would only need the Bluetooth address of the device and a software exploit. Ruge used the exploit on a Samsung Galaxy S10e, but it would work in theory on other phone models running unpatched versions of the Android 8.0-9.0 operating systems. […]

The post As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology appeared first on CyberScoop.

Continue reading As contact tracing gains attention, a researcher pokes a hole in Bluetooth technology

A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency

Posted on by

Cybersecurity researchers on Thursday said they had helped disrupt the infrastructure behind a botnet being powered by tens of thousands of devices in Peru. For months, the botnet — an army of compromised computers controlled by an attacker — had grown in strength by quietly infecting devices using USB drives, allowing the attackers to mine thousands of dollars in cryptocurrency. The infections reached the Peruvian public sector and financial institutions, adding urgency to the effort to defang it. Now, Slovakian anti-virus company ESET says it helped “sinkhole” — or render innocuous — about a quarter of the malicious subdomains used by the botnet. That means the infected machines will continue to mine cryptocurrency, but they won’t be able to receive more malicious instructions — such as injecting code onto devices— from whoever is controlling the botnet. (ESET said it had no indication that those code injections would happen.) It’s an example of how the fight […]

The post A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency appeared first on CyberScoop.

Continue reading A 35,000-device botnet in Peru is wounded, but still mining cryptocurrency

Zoom bolsters software security in latest move to reassure users

Posted on by

Zoom, the videoconferencing service whose popularity has soared during the coronavirus pandemic, on Wednesday said it was adding security measures to its software following scrutiny from independent researchers. The next version of Zoom, to be released this week, will have stronger encryption for data sent between participants in a meeting to prevent tampering, the Silicon Valley-based company said. The software will also allow Zoom account administrators to choose which parts of the world they route their data through. The upgrade follows a report from the University of Toronto’s Citizen Lab that found Zoom routed some meeting encryption keys through China. The updates are an effort to adapt to the unprecedented amount of people using Zoom as they work from home during the COVID-19 pandemic. Some 200 million people used the software on a daily basis in March, and the Silicon Valley company at first appeared unprepared for the privacy and […]

The post Zoom bolsters software security in latest move to reassure users appeared first on CyberScoop.

Continue reading Zoom bolsters software security in latest move to reassure users

How one security researcher used radio signals to hop an air gap

Posted on by

For years, researchers and spies have devised ways of getting malware to computers that are “air-gapped,” or physically isolated from external network connections. Attacks like Stuxnet, the computer worm deployed against an Iranian nuclear facility a decade ago, shattered the myth that air-gapped systems are impenetrable fortresses. In that case, suspected U.S. and Israeli intelligence operatives crossed an air gap with malware that ultimately sabotaged centrifuges at a uranium enrichment plant. They also planted an idea in the head of Mikhail Davidov, an ethical hacker: Getting malicious code into an air-gapped computer is one thing, but how do you retrieve data from the network? One possibility, it turns out, is in the radio spectrum. With a radio, antenna, and his own computer script, Davidov figured out how to use a signal emitted by an air-gapped computer’s graphics processing unit (GPU) to exfiltrate data. Davidov, the lead security researcher at Duo […]

The post How one security researcher used radio signals to hop an air gap appeared first on CyberScoop.

Continue reading How one security researcher used radio signals to hop an air gap

Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations

Posted on by

A volunteer group of cybersecurity professionals formed to protect computer networks during the coronavirus pandemic says it has helped dismantle nearly 3,000 malicious internet domains and identified more than a 2,000 software vulnerabilities in health care institutions around the world. “The threats are coming in like a firehose; as fast as we can take things down, there are new [threats] there,” said Marc Rogers, who is an executive with cybersecurity company Okta and one of the founders of the volunteer group. Known as the Cyber Threat Intelligence (CTI) League, the group’s membership has soared from a few dozen since its founding last month to some 1,400 people in 76 countries today. Security specialists from technology giants like Microsoft are members, and the group says it has formed close connections with law enforcement agencies. Their services are in high demand as health care organizations strain to deal with COVID-19, which has killed more […]

The post Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations appeared first on CyberScoop.

Continue reading Volunteer cybersecurity pros say they’ve stymied hacks against health care organizations

A malicious Android app is trying to scam Brazilian bank customers

Posted on by

Brazil’s financial sector, which has long grappled with cybercrime, has a new foe. An insidious Android application is trying to steal users’ login credentials, and their money, by impersonating Brazilian banks, researchers from IBM Security said Tuesday. The malicious code is designed to steal the text messages that people use as a secondary security measure to log into their bank accounts. While focused on Brazil, the code could be repurposed to target banking sectors elsewhere, the researchers warned. It is the latest hacking tool to be aimed at Brazil’s financial sector, which has had to contend with cybercrime for years. “Malware of this type is extremely simple to redirect to other regions by changing the target list and embedded screens, thereby modifying its attack turf and potential targets,” IBM researchers Ben Wagner and Limor Kessem wrote in a blog post. Some of the Brazilian banks targeted operate in Spain, Portugal and across Latin […]

The post A malicious Android app is trying to scam Brazilian bank customers appeared first on CyberScoop.

Continue reading A malicious Android app is trying to scam Brazilian bank customers

IT services firm Cognizant hit with Maze ransomware

Posted on by

Cognizant, a multibillion-dollar IT services company with clients in the banking and oil and gas industries, said Saturday its computer systems had been disrupted by Maze ransomware, a strain of malicious code that has been used in cyberattacks in the U.S. and Europe in recent months. “Our internal security teams, supplemented by leading cyber defense firms, are actively taking steps to contain this incident,” the New Jersey-based company said in a statement. “Cognizant has also engaged with the appropriate law enforcement authorities.” A Fortune 500 company with over a quarter of a million employees worldwide, Cognizant possesses a wealth of data that would make it a target of hackers. Cognizant’s software and consulting services are used by major pharmaceutical firms and restaurant chains, according to its website. Earlier this week, the company had notified clients of the incident and shared  “indicators of compromise” — forensic data such as IP addresses […]

The post IT services firm Cognizant hit with Maze ransomware appeared first on CyberScoop.

Continue reading IT services firm Cognizant hit with Maze ransomware

Czech cyber officials warn of serious threat to health care sector

Posted on by

Cybersecurity authorities in the Czech Republic on Thursday warned the public about the threat of an “extensive campaign of cyberattacks” on IT systems and health care facilities that could be carried out in the coming days. The Czech government’s main cybersecurity agency said a recent spearphishing campaign could indicate that “the preparatory phase of the attacks is already in progress.” “The information available to us leads to a reasonable fear of the real threat of serious cyberattacks on major targets in the Czech Republic, but especially on healthcare systems, ” said Karel Řehka, director of the Czech National Cyber and Information Security Agency. Under Czech law, the advisory issued by the cyber agency requires operators of critical infrastructure and major IT systems to heed the warning and take defensive measures. The agency is telling organizations to immediately create offline backups for their data and block remote internet access to systems […]

The post Czech cyber officials warn of serious threat to health care sector appeared first on CyberScoop.

Continue reading Czech cyber officials warn of serious threat to health care sector

What fools these mortals be: ‘Shakespearean’ hackers hit Azerbaijani government and energy sectors

Posted on by

A mysterious set of hackers has in recent months launched data-stealing attacks against Azerbaijan government officials and companies in the country’s wind industry, researchers from Cisco Talos said Thursday. The attackers are using a new hacking tool, whose code is littered with references to English playwright William Shakespeare, to try to gain remote access to target computers and exfiltrate data automatically. The allusion to Shakespeare is an enigma, as is the culprit. What is clear is that Azerbaijan faced a concerted effort to steal data from sensitive assets in and out of government. The hackers mimicked the Azerbaijani government’s email infrastructure in a likely attempt to pluck login credentials from officials. “The actor monitored specific directories, signaling they wanted to exfiltrate certain information on the victims,” Talos researchers said in a blog post. The hackers have also shown an “interest” in the control systems, known as Supervisory Control and Data Acquisition (SCADA) systems, used in […]

The post What fools these mortals be: ‘Shakespearean’ hackers hit Azerbaijani government and energy sectors appeared first on CyberScoop.

Continue reading What fools these mortals be: ‘Shakespearean’ hackers hit Azerbaijani government and energy sectors

In search of a B.S. filter for software bugs

Posted on by

An organization can’t — and shouldn’t — care about each of the thousands of software vulnerabilities that are made public each year. A bug in a public-facing web browser probably won’t matter a lick for the control systems at an energy plant; an accounting firm can ignore a vulnerability in industrial computers it doesn’t use. Yet for some organizations, it’s an ongoing struggle to understand how a software bug might impact their business. On Wednesday, cybersecurity company Rapid7 took a stab at the issue by going public with a project that uses crowd-sourced feedback to rate vulnerabilities. The company invited security professionals of all stripes to use a web platform, known as Attacker Knowledge Base (KB), to assess the impact of a vulnerability to an organization, starting with a simple question: What could a malicious hacker do with the bug? The answers rate how easy it would be for a hacker to weaponize a vulnerability or what level of […]

The post In search of a B.S. filter for software bugs appeared first on CyberScoop.

Continue reading In search of a B.S. filter for software bugs