Sean Lyngaas – Page 45 – WindowsTechs.com

Marriott discloses data breach affecting 5.2 million guests

Posted on March 31, 2020 by Sean Lyngaas

Marriott International on Tuesday revealed a data breach affecting an estimated 5.2 million hotel guests, the second significant security incident to hit the hospitality giant in the last 16 months. The breach exposed guests’ personal information such as names, addresses, employer, and loyalty account numbers, the company said in a statement. The login credentials of two Marriott employees were used to access guest information in activity that began in mid-January, the statement said. Marriott said it detected the compromise at the end of February and confirmed the credentials had been disabled. “[W]e currently have no reason to believe that the information involved included Marriott Bonvoy account passwords or PINs, payment card information, passport information, national IDs, or driver’s license numbers,” Marriott said. An investigation is ongoing. Hotel chains are a natural target for both criminals looking to sell guests’ personal information and spies looking to track government officials. In November […]

The post Marriott discloses data breach affecting 5.2 million guests appeared first on CyberScoop.

Continue reading Marriott discloses data breach affecting 5.2 million guests→

Zoom hit with class-action lawsuit for sharing user data with Facebook

Posted on March 31, 2020 by Sean Lyngaas

A California man on Monday filed a class-action lawsuit against Zoom, alleging the video conferencing service illegally shared user data with Facebook. With its popularity surging during the novel coronavirus pandemic, Zoom “has failed to properly safeguard the personal information of the increasingly millions of users” that use the app, the lawsuit alleges. The complaint accuses Zoom of violating the California Consumer Privacy Act, which requires companies to give consumers notice when they collect and use their personal information. Zoom did not immediately respond to a request for comment. The lawsuit cites a report last week from Vice News, which found that Zoom’s iOS app had been using a Facebook login feature to send the social media giant details on Zoom users. Those details included the model of a user’s device, their phone carrier, and what time zone they were in, the report said. After the Vice story was published, […]

The post Zoom hit with class-action lawsuit for sharing user data with Facebook appeared first on CyberScoop.

Continue reading Zoom hit with class-action lawsuit for sharing user data with Facebook→

HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers

Posted on March 30, 2020 by Sean Lyngaas

HackerOne, a company that pairs ethical hackers with organizations to fix software flaws, has kicked mobile voting vendor Voatz off its platform, citing the vendor’s hostile interactions with security researchers. It is the first time in its eight-year existence that HackerOne, which works with companies from AT&T to Uber, has expelled an organization from its security program. The decision comes after Voatz assailed the motives of MIT researchers who found flaws in the company’s voting app. “After evaluating Voatz’s pattern of interactions with the research community, we decided to terminate the program on the HackerOne platform,” a HackerOne spokesperson told CyberScoop. “We partner with organizations that prioritize acting in good faith towards the security researcher community and providing adequate access to researchers for testing.” It is the latest security-related setback for Voatz, which is trying to make inroads in a market dominated by traditional voting machine manufacturers. In the last […]

The post HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers appeared first on CyberScoop.

Continue reading HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers→

Malware from notorious FIN7 group is being delivered by snail mail

Posted on March 27, 2020 by Sean Lyngaas

While hackers all over the world rely on emails and text messages to breach networks, one infamous criminal group appears to be turning to the mailman to deliver their malicious code. Malware authored by FIN7, which researchers say has stolen over $1 billion in recent years, has been delivered by the U.S. Postal Service to multiple organizations in recent months, according to security company FireEye. The code comes on USB sticks that, once inserted into a computer, install a “backdoor,” called Griffon, capable of stealing sensitive information. The malicious code, which multiple security companies have attributed to FIN7, burrows into the target computer and beacons back to the group for further instructions. How many of the USB deliveries led to network breaches remains unclear. The hacking attempts raise questions about how a group thought to be based in Eastern Europe, and one that U.S. officials have hunted for years, has been […]

The post Malware from notorious FIN7 group is being delivered by snail mail appeared first on CyberScoop.

Continue reading Malware from notorious FIN7 group is being delivered by snail mail→

Hackers target mobile users in Italy in Spain, taking advantage of coronavirus hot spots

Posted on March 26, 2020 by Sean Lyngaas

Coronavirus-themed scams show no signs of letting up as hackers try to breach mobile phone users in Italy and Spain, the two countries with the most deaths from the virus. Attackers laced mobile apps with malware to try to steal data from Italian and Spanish residents looking for updates on the pandemic, according to Slovakian antivirus firm ESET. The phony apps pose as legitimate ones offering updates on the spread of the novel coronavirus and how to assess your risk of infection. “Because of the current situation, many [hacking] campaigns are either migrating to a COVID-19 theme or new campaigns are created with a COVID-19 theme,” said Lukas Stefanko, an Android security specialist at ESET. The apps were available for download for a couple days. It is unclear how many people downloaded them. It is a reminder of the cruel opportunism with which many cybercriminals approach the crisis. When people turn to their phones for information on the deadly virus, hackers see […]

The post Hackers target mobile users in Italy in Spain, taking advantage of coronavirus hot spots appeared first on CyberScoop.

Continue reading Hackers target mobile users in Italy in Spain, taking advantage of coronavirus hot spots→

Security pros helped HHS fix a website flaw that exposed visitors to malware

Posted on March 24, 2020 by Sean Lyngaas

As if the Department of Health and Human Services didn’t have enough to deal with during the coronavirus pandemic, it looks like hackers were trying to redirect people trying to visit a department website to a malicious domain designed to steal their data. By sending phishing messages that sent recipients from a Health and Human Services website to a malicious one, scammers tried compromising people with malicious software capable of capturing credit card data and email credentials. The attempted attack coincided with a surge in attention around the department, as Americans seek guidance amid the COVID-19 outbreak. The malicious “redirect,” as the trick is called, no longer exists after a group of volunteer cybersecurity experts worked with HHS to address it. It is unclear how many devices, if any, were compromised as a result of the activity. It was only the latest effort by digital miscreants to capitalize on international concerns about the pandemic. “The believability that it […]

The post Security pros helped HHS fix a website flaw that exposed visitors to malware appeared first on CyberScoop.

Continue reading Security pros helped HHS fix a website flaw that exposed visitors to malware→

Kaspersky finds a new APT campaign targeting engineers in the Middle East

Posted on March 24, 2020 by Sean Lyngaas

A mysterious set of hackers last year began a targeted campaign to breach industrial organizations in the Middle East, antivirus firm Kaspersky said Tuesday. Attackers have sought to breach engineers, particularly in a single, unnamed Middle Eastern country, adding to a long history of cyber operations in the region. They’re relying on a strain of malicious software that’s tailored for espionage, and does not appear to match any code the researchers have seen before. Exactly who is behind the effort remains unclear. The sensitivity of the targets, and the fact that the activity is ongoing, prompted the researchers to go public with their findings. The Moscow-based company labeled the activity an “advanced persistent threat” (APT), a loose term for well-resourced hackers often linked to government interests. Kaspersky designated the hacking campaign “WildPressure.” “Anytime the industrial sector is being targeted, it’s concerning,” said Kaspersky senior security researcher Denis Legezo. There is no indication that hackers have done anything beyond […]

The post Kaspersky finds a new APT campaign targeting engineers in the Middle East appeared first on CyberScoop.

Continue reading Kaspersky finds a new APT campaign targeting engineers in the Middle East→

All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis

Posted on March 20, 2020 by Sean Lyngaas

Hackers crossed a line last week when they struck the computer network of the Czech Republic’s second largest hospital as it was testing people for the novel coronavirus. Former White House and British intelligence officials condemned the cyberattack. It is the sort of digital depravity that U.S. prosecutors have vowed to crack down on during the COVID-19 pandemic. It was also a tipping point for Ohad Zaidenberg, an Israel-based cyberthreat researcher. “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” he said. And so Zaidenberg stepped up his effort to assemble an ad-hoc group of malware hunters to gather data on COVID-19-related hacking. By day, they are cybersecurity professionals at well-known companies in Israel, Europe, and North America. By night, they are sending threat data to health organizations and those in other sectors enlisting in the fight against the pandemic. It’s still a nascent project: there are […]

The post All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis appeared first on CyberScoop.

Continue reading All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis→

Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map

Posted on March 18, 2020 by Sean Lyngaas

It’s not just opportunistic, financially-motivated criminals who are seizing on the novel coronavirus pandemic to conduct cyberattacks. Operators of spyware are also exploiting the health crisis to boost their surveillance efforts. Mobile security firm Lookout has traced a malicious Android application to what it says is a long-running campaign to spy on people in Libya. The spyware masquerades as the popular map produced by Johns Hopkins University that tracks the spread of COVID-19, the disease caused by the novel coronavirus. The software, called SpyMax, allows the operator to exfiltrate call and text logs, and remotely activate microphones and cameras. “In terms of other mobile malware that has been seen taking advantage of COVID-19 fears, this is the most invasive I’ve seen,” Kristin Del Rosso, Lookout’s security research engineer told CyberScoop. The broader spying campaign has gone on for nearly a year, but its evolution shows how surveillance-minded hackers can exploit the […]

The post Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map appeared first on CyberScoop.

Continue reading Surveillance campaign against Libyans uses fake Johns Hopkins COVID-19-tracking map→

Election commission hires cyber-savvy adviser to support 2020 efforts

Posted on March 17, 2020 by Sean Lyngaas

The U.S. Election Assistance Commission is hiring a senior policy adviser to bolster its cybersecurity work with election officials and voting equipment vendors ahead of the 2020 presidential vote. Maurice Turner is set to join the federal commission at the end of the month as a senior adviser to the executive director, supporting the EAC’s internal operations and programing. Externally, he says he can help the commission with an update to important guidelines for voting systems security, and in supporting states as they set up programs to find and fix software vulnerabilities. “I want election officials to expect that EAC is a place that they can go for this type of information,” Turner told CyberScoop. “Whether it’s about security standards or new methods for election administration.” Turner has spent the last two years working on election security at the nonprofit Center for Democracy & Technology. He was previously a fellow […]

The post Election commission hires cyber-savvy adviser to support 2020 efforts appeared first on CyberScoop.

Continue reading Election commission hires cyber-savvy adviser to support 2020 efforts→