Sean Lyngaas – Page 47 – WindowsTechs.com

State Department pledges $8 million more in cybersecurity aid to Ukraine

Posted on March 3, 2020 by Sean Lyngaas

U.S. military assistance to Ukraine sparked an impeachment inquiry, but U.S. cybersecurity aid to the Eastern European country continues to flow, unimpeded and under the radar. The State Department on Tuesday announced an additional $8 million in cybersecurity funding for Ukraine, whose electric utilities sector has twice been struck by Russia-linked hackers in recent years. One of those cyberattacks, in 2015, plunged a a quarter of a million Ukrainians into darkness. Ever since then, Washington has tried to ramp up Ukraine’s cyberdefenses with funding and strategic advice, including through a project to help Ukraine develop a national cybersecurity strategy. Some of the new funding will be used for building out Kyiv’s legal and regulatory framework for improving cyberdefenses, the State Department said. The new money is on top of the $10 million in cybersecurity aid the U.S. previously pledged to Ukraine. MITRE Corp., a federally funded not-for-profit, has been contracted […]

The post State Department pledges $8 million more in cybersecurity aid to Ukraine appeared first on CyberScoop.

Continue reading State Department pledges $8 million more in cybersecurity aid to Ukraine→

Walgreens app exposes customer prescription data

Posted on March 2, 2020 by Sean Lyngaas

Pharmacy chain Walgreens is alerting customers that their prescription data and other information may have been exposed thanks to a flaw in the company’s messaging app. An “error” in the messaging feature of the Walgreens app that customers use to track prescriptions left some of their personal information exposed to other customers between Jan. 9 and Jan. 15, according to Rina Shah, vice president of pharmacy operations. A “small percentage” of customers were affected, she said. Exposed data included customers’ names, prescription numbers, drug names and, in some cases, shipping addresses. It did not include financial data, Shah said in a letter posted last week to the California attorney general’s website. California law requires companies to report data breaches affecting state residents. It was unclear precisely how many people were affected by the breach. A Walgreens spokesperson did not immediately respond to a request for comment. The company advised customers to monitor their prescriptions […]

The post Walgreens app exposes customer prescription data appeared first on CyberScoop.

Continue reading Walgreens app exposes customer prescription data→

A psychiatrist fights the cyber industry’s mental health stigma — and appeals for help

Posted on March 2, 2020 by Sean Lyngaas

Beyond the spotlight of the cybersecurity industry’s IPO-fueled paydays and reputation-making research lives the slow burn of daily anxiety. In just about every industry, mental health is overlooked and under-appreciated. But in cybersecurity, “it’s even more stigmatized,” according to psychiatrist Ryan Louie. “Nobody wants their security clearances or career advancements somehow impacted because of perceptions about mental health,” he told CyberScoop. And so Louie, who works at a 30-bed psychiatric ward in San Francisco, took to the 2020 RSA Conference, one of the biggest cybersecurity conferences in the world, to start a conversation about mental health. “We want to get more people [from] all different industries to start thinking about this,” Louie said after his presentation at the conference on Friday. Alert and bespectacled on stage, Louie explained why, as a psychiatrist who treats patients of all stripes, he became interested in cybersecurity. “Fundamentally, I’ve always felt that the most […]

The post A psychiatrist fights the cyber industry’s mental health stigma — and appeals for help appeared first on CyberScoop.

Continue reading A psychiatrist fights the cyber industry’s mental health stigma — and appeals for help→

New WiFi chip bug affects everything from Amazon’s Echo to home routers

Posted on February 26, 2020 by Sean Lyngaas

A large swath of internet-of-things devices are affected by a new vulnerability that could let a criminal or spy decrypt data sent over wireless connections, researchers said Wednesday. The flaw in widely used WiFi chips made by Broadcom and Cypress essentially disables the encryption key used to secure communications over popular wireless standards. Everything from certain classes of the iPhone to Amazon’s Echo could be vulnerable to attacks tested by researchers at antivirus company ESET, who discovered the vulnerability. One billion devices are affected, ESET estimated. ESET hasn’t seen any attacks in the wild exploiting this vulnerability. Yet it’s the latest reminder that, while governments in the U.S., the U.K., and elsewhere are urging IoT vendors to build more security into their products, they are up against a market that often prioritizes low costs, and convenience. “These consumer IoT devices are expanding the attack surface for enterprises,” said Robert Lipovsky, senior malware researcher at ESET, […]

The post New WiFi chip bug affects everything from Amazon’s Echo to home routers appeared first on CyberScoop.

Continue reading New WiFi chip bug affects everything from Amazon’s Echo to home routers→

Equifax indictment shows Chinese hackers can’t hide, DOJ official says

Posted on February 25, 2020 by Sean Lyngaas

Chinese hackers took pains to cover their fingerprints in allegedly hacking credit monitoring agency Equifax in 2017, but a senior Department of Justice official says an indictment unsealed earlier this month shows the smokescreen didn’t work. “They’re always going to try to make our job harder,” John Demers, the assistant attorney general for national security, said Monday at San Francisco CyberTalks presented by CyberScoop. “And they’re also going to try to give themselves a basis to deny what it is I think that we’re proving in these cases.” The charges against four officials in China’s People’s Liberation Army for allegedly stealing data on some 145 million Americans from Equifax show just how determined the hackers were in infiltrating a U.S. company (China’s foreign ministry rejected the allegations). The hackers routed their internet traffic through servers in nearly 20 countries, wiping the computer logs along the way in a bid to […]

The post Equifax indictment shows Chinese hackers can’t hide, DOJ official says appeared first on CyberScoop.

Continue reading Equifax indictment shows Chinese hackers can’t hide, DOJ official says→

Feds charge California man for 2018 DDoS attacks on congressional campaign

Posted on February 21, 2020 by Sean Lyngaas

Federal law enforcement officials have charged a California man for conducting cyberattacks on the website of California congressional candidate in 2018. Arthur Dam is accused of intentionally damaging a protected computer by carrying out distributed denial-of-service attacks (DDoS) that temporarily disrupted the Democratic primary in California’s 25th district. He was arrested Friday, according to local news reports. The complaint says Dam’s wife, identified only as “K.O.” worked for one of the victim’s opponents in the primary race. The Intercept identified Dam’s wife as Kelsey O’Hara, a fundraiser for candidate Katie Hill. Hill went on to win the congressional race in November 2018, but resigned the following year. The FBI connected Dam to the cyberattacks through “subscriber information, IP addresses, geolocation history, and open sources,” according to an affidavit. Investigators traced the attacks to an Amazon Web Services account that Dam allegedly used at home and at work. Neither Dam nor his […]

The post Feds charge California man for 2018 DDoS attacks on congressional campaign appeared first on CyberScoop.

Continue reading Feds charge California man for 2018 DDoS attacks on congressional campaign→

Big health care analytics firm infected with ransomware

Posted on February 21, 2020 by Sean Lyngaas

NRC Health, which sells software to some of the country’s largest health care organizations, shut down its computer systems last week following a ransomware attack, the company said in a statement Thursday. Nebraska-based NRC Health, whose clients include big health care providers like the University of Missouri Health System, collects data on patient habits that could be a prime target for cybercriminals. Asked by CyberScoop if his company had paid a ransom to regain access to its data, Chief Information Officer Paul Cooper would only say that NRC Health had “considered all options to restore systems as quickly as possible for our customers.” The FBI and an unnamed cybersecurity company hired by NRC Health are investigating, he said in an email. It is just the latest ransomware incident in the health care sector, where sensitive personal data abounds but the resources to secure it are stretched thin. Many of the […]

The post Big health care analytics firm infected with ransomware appeared first on CyberScoop.

Continue reading Big health care analytics firm infected with ransomware→

Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out

Posted on February 20, 2020 by Sean Lyngaas

The Eastern European hacking group FIN7 has stolen an estimated $1 billion in recent years by sweeping up payment card data processed by hotels and other organizations. The fortune amassed by FIN7, despite the arrest of some of its senior members, has made it one of the most potent criminal threats to organizations around the world. Changes the group has made to its hacking tools in recent months have meant more breaches, and likely more money, for FIN7. Now, a U.S. government-funded organization is trying to put a dent in FIN7 hacks by evaluating the group’s attack techniques against widely used cybersecurity software. Vendors will be assessed on their ability to block FIN7-like intrusions and, with the results made public next year, hopefully improve their products. While FIN7 is the subject of the evaluation, the attack techniques tested will “be applicable across a broad spectrum of adversaries,” said Frank Duff, […]

The post Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out appeared first on CyberScoop.

Continue reading Can software vendors block a notorious criminal group’s attacks? MITRE wants to find out→

Pentagon’s tech agency reveals potential breach involving personal data

Posted on February 20, 2020 by Sean Lyngaas

The agency that secures the U.S. military’s IT infrastructure across the globe says sensitive personal data, including Social Security numbers, hosted on its network may have been compromised in a breach between May and July 2019. The Defense Information Systems Agency notified potential victims of the breach in a letter this month, saying it had tightened protocols for protecting personally identification information (PII) because of the incident. “We take this potential data compromise very seriously,” DISA Chief Information Officer Roger Greenwell said in the letter seen by CyberScoop. There is no evidence that compromised PII has been used maliciously, he said, adding that potential victims will have access to free credit monitoring. Personal data about U.S. government personnel and contractors could be valuable to foreign intelligence agencies and financially-motivated criminals alike. “DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network,” an agency spokesperson […]

The post Pentagon’s tech agency reveals potential breach involving personal data appeared first on CyberScoop.

Continue reading Pentagon’s tech agency reveals potential breach involving personal data→

Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts

Posted on February 19, 2020 by Sean Lyngaas

A stealthy hacking technique that could make it possible for attackers to access different components inside PCs made by the likes of Dell, HP and Lenovo still exists, five years after researchers first warned of it. Security researchers from Eclypsium, in findings published Tuesday, demonstrated how much of the firmware inside modern computers, such as webcams, USB hubs, trackpads and other internal hardware could be updated with “unsigned” code that’s not designed by the device vendor. That firmware, left unprotected, could provide outsiders with a gateway into more sensitive computer networks, all while PC customers implicitly trust their machine to safeguard their data. (The company only pointed to theoretical attacks, rather than an active, ongoing campaign against these devices.) “Firmware is meant to be invisible to the user, and so it’s not surprising that most people don’t pay attention to it,” said Eclypsium CEO Yuriy Bulgin. “However, these components make up […]

The post Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts appeared first on CyberScoop.

Continue reading Hackable firmware lurks inside Dell, HP and Lenovo computers amid supply chain security efforts→