Sean Lyngaas – Page 48 – WindowsTechs.com

DHS’s cyber wing responds to ransomware attack on pipeline operator

Posted on February 18, 2020 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity agency recently responded to a ransomware attack on a natural gas compression facility that led the organization to shut down its operations for two days, the agency said Tuesday. The hackers were able to encrypt data on the organization’s IT and “operational technology” network, a broad term for a network that oversees industrial processes. No longer able to read data coming from across its enterprise, the facility shut down its various assets, including its pipelines, for two days. The incident serves as a warning for industrial companies of the ways that ransomware can impact operations. “Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations,” says the advisory from DHS’s Cybersecurity and Infrastructure Security Agency. The unnamed gas facility is back up and running, but CISA said it was releasing […]

The post DHS’s cyber wing responds to ransomware attack on pipeline operator appeared first on CyberScoop.

Continue reading DHS’s cyber wing responds to ransomware attack on pipeline operator→

Facebook must unblock NSO Group employee’s account, Israeli court rules

Posted on February 18, 2020 by Sean Lyngaas

An Israeli court has ordered Facebook to unblock the account of an employee of NSO Group after a complaint from the software surveillance vendor, according to officials at both companies. It is the latest twist in a broader, high-stakes legal battle between Facebook and NSO Group, an Israeli company that sells hacking tools to governments. In a lawsuit last year, Facebook accused NSO Group, through its custom malware, of being complicit in a hack last year of 1,400 mobile devices running WhatsApp, the Facebook-owned messaging platform. NSO Group has denied the allegations. NSO Group employees had filed a petition in November asking an Israeli court to lift a block that Facebook had placed on their accounts. The NSO Group personnel accused Facebook of retaliating against them after Facebook‘s suit, which alleged that NSO Group had violated U.S. anti-hacking laws. Facebook said disabling certain NSO Group accounts was warranted for security reasons. A Facebook spokesperson said Tuesday the company […]

The post Facebook must unblock NSO Group employee’s account, Israeli court rules appeared first on CyberScoop.

Continue reading Facebook must unblock NSO Group employee’s account, Israeli court rules→

Iran-linked hackers use VPN exploits in far-flung spying campaign

Posted on February 18, 2020 by Sean Lyngaas

When security researchers began warning about gaping vulnerabilities in virtual private network products months ago, they were hoping to head off the type of sweeping, data-stealing campaigns that could come from state-sponsored hacking groups. The VPN software, made by companies like Palo Alto Networks and Pulse Secure, and used by corporations around the world, offers an invaluable foothold into corporate networks for hackers able to breach the software. Iran-linked hackers are showing what happens when those warnings go unheeded. They are using the unpatched vulnerabilities as a tip of the spear in their long-running effort to spy on companies in the aviation, oil and gas, and telecommunications sectors, Israeli company ClearSky CyberSecurity said in research released Sunday. Companies in Israel, Saudi Arabia and the United States are among the targets. The report connects three years of activity from various hacking groups that researchers say appear to be operating on behalf of […]

The post Iran-linked hackers use VPN exploits in far-flung spying campaign appeared first on CyberScoop.

Continue reading Iran-linked hackers use VPN exploits in far-flung spying campaign→

Mobile phishing scam hits customers at big North American banks

Posted on February 14, 2020 by Sean Lyngaas

Nearly 4,000 customers of banks in North America and elsewhere have fallen victim to a mobile phishing scam that steals login credentials, researchers said Friday. Customers at big banks like Chase, the Royal Bank of Canada, and London-based HSBC are among the victims. The hackers are exploiting how accustomed users are to receiving text messages from their banks, said analysts at Lookout, a San Francisco-based security company. “This appears to be a phishing kit that could be easily acquired or purchased from a third party, allowing even less tech-savvy persons to easily set up and operate their own phishing campaign,” Kristin Del Rosso, security intelligence engineer at Lookout, told CyberScoop. It is unclear what the hackers are doing with the stolen information. Crooks often cash in on pilfered credentials by selling them in underground forums. Lookout said it didn’t know if any money had been stolen from the targeted banks. […]

The post Mobile phishing scam hits customers at big North American banks appeared first on CyberScoop.

Continue reading Mobile phishing scam hits customers at big North American banks→

Energy Department shakes up cyber leadership with appointment of ex-NSA official

Posted on February 14, 2020 by Sean Lyngaas

Department of Energy officials have tapped a veteran of the National Security Agency to be the department’s top cyber official and lead an office that helps protect U.S. industry from hacking threats. In a message to department staff Thursday reviewed by CyberScoop, Secretary of Energy Dan Brouillette said Alexander Gates’ decades of experience in signals intelligence and cyber operations would be critical in running the department’s Office of Cybersecurity, Energy Security and Emergency Response. Gates replaces Karen Evans, a former Office of Management and Budget official and DOE chief information officer, who was sworn in as assistant secretary of Energy for cybersecurity, energy security and emergency response in September 2018. Gates will have “delegated authority” to lead the cybersecurity office, meaning he can do so without being a Senate-confirmed assistant secretary. Then-Secretary of Energy Rick Perry established the cybersecurity office two years ago as part of a push by the department […]

The post Energy Department shakes up cyber leadership with appointment of ex-NSA official appeared first on CyberScoop.

Continue reading Energy Department shakes up cyber leadership with appointment of ex-NSA official→

U.S. charges Huawei with conspiracy to steal trade secrets, racketeering

Posted on February 13, 2020 by Sean Lyngaas

Chinese telecommunication giant Huawei and a number of its subsidiaries were charged with conspiracy to steal trade secrets and racketeering in a federal indictment made public Thursday. The charges, filed by prosecutors in the Eastern District of New York, build on a prior indictment, announced a year ago, alleging that the Shenzhen-based company had engaged in a pattern of criminal behavior that included the theft of trade secrets from U.S. firms including T-Mobile. The superseding indictment unsealed Thursday comes amid a years-long argument from U.S. officials that Huawei, as a Chinese company, presents a national security threat. Now, Huawei, the world’s largest manufacturer of telecommunication equipment, also is accused of stealing source code and manuals from other vendors’ internet routers, robot-testing technology, and antenna technology, then using its subsidiaries to reinvest money made from this alleged racketeering activity. The charges also accuse the company of flouting U.S. sanctions by operating subsidiaries in North Korea and Iran. The government in Tehran […]

The post U.S. charges Huawei with conspiracy to steal trade secrets, racketeering appeared first on CyberScoop.

Continue reading U.S. charges Huawei with conspiracy to steal trade secrets, racketeering→

Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say

Posted on February 13, 2020 by Sean Lyngaas

Hackers associated with Hamas, the Islamist militant group that rules the Gaza Strip, are combining new malware with a timeless trick in an espionage campaign against Palestinian officials, private-sector researchers said Thursday. Like many attackers before them, they’re sending emails on enticing topics, ranging from the U.S. killing of Iranian general Qassem Soleimani to the Trump administration’s Middle East peace proposal. The messages come with malicious PDF files that contain a new remote access trojan (RAT), code that gives them a foothold onto a computer, according to Boston-based security company Cybereason. The hackers have in recent weeks attempted to breach carefully selected targets associated with the Palestinian government in the West Bank, the researchers said. Many of the malware samples analyzed by Cybereason appear to have targeted Fatah, the ruling party in the West Bank and a longtime rival of Hamas. It is unclear how the group was using the information it […]

The post Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say appeared first on CyberScoop.

Continue reading Hamas-linked hackers exploit current events to spy on rival Palestinian officials, researchers say→

U.S. must increase defenses against Iranian information operations, report says

Posted on February 12, 2020 by Sean Lyngaas

As social media platforms battle Iranian bots and trolls, the U.S. government needs to step up its own fight against Tehran’s digital influence operations, a new study says. With the 2020 election approaching, Washington should do more to attribute Iranian and other foreign influence operations and warn the public about them, scholars at the Atlantic Council think tank argue. “Iran has invested significant resources and accumulated vast experience in the conduct of digital influence efforts,” the report says. It calls on the Department of Homeland Security to create an intergovernmental agency to alert U.S. officials and the public of foreign influence operations. U.S. intelligence agencies need to work closely with social media companies to pinpoint foreign influence operations, the Atlantic Council scholars Emerson Brooking and Suzanne Kianpour’s advise. That collaboration is a work in progress. While the Russian government’s use of digital influence operations received the most attention from Western […]

The post U.S. must increase defenses against Iranian information operations, report says appeared first on CyberScoop.

Continue reading U.S. must increase defenses against Iranian information operations, report says→

U.S. indicts 4 Chinese military officials for role in Equifax hack

Posted on February 10, 2020 by Sean Lyngaas

The U.S. Department of Justice on Monday announced charges against four members of China’s People’s Liberation Army for allegedly hacking into credit reporting agency Equifax and stealing personal information that affected some 145 million Americans. The charges mark an escalation in the U.S. government’s long-running pressure campaign to hold alleged Chinese state-sponsored hacking to account. “The scale of the theft was staggering,” Attorney General William Barr said Monday, adding that the Chinese hackers, “invaded the privacy of many millions of Americans,” stealing credit card information and Social Security Numbers. The four officials — Wu Zhiyong, Wang Qian, Xu Ke, and Lieu Lei — are said to work for the PLA’s 54th Research Institute, which is part of Chinese military. The defendants allegedly exploited a vulnerability in the Apache Struts software to gain persistent access to Equifax’s network. The 2017 breach of Equifax, and the company’s lax security measures, infuriated members of Congress […]

The post U.S. indicts 4 Chinese military officials for role in Equifax hack appeared first on CyberScoop.

Continue reading U.S. indicts 4 Chinese military officials for role in Equifax hack→

China-linked hackers have targeted Malaysian government, officials warn

Posted on February 6, 2020 by Sean Lyngaas

A hacking group that private researchers have linked with Chinese interests has successfully targeted Malaysian government officials in an apparent data-stealing espionage campaign, cybersecurity officials in the Southeast Asian nation said this week. The Malaysian Computer Emergency Response Team, a government-backed organization, said it had “observed an increase in [the] number of artifacts and victims involving a campaign against Malaysian government officials.” The hackers have tended to target government-backed projects in an effort to steal reams of data on proposal and shipping information, the Malaysian officials said. To do that, the attackers have exploited a pair of old vulnerabilities, one dating back to 2014, in Microsoft products to compromise their targets. The advisory did not explicitly name the hacking group responsible. But the data it cited, including private-sector reports, point to a state-sponsored group known as APT40 or Leviathan. Active since at least 2013, APT40 has conducted hacking operations in […]

The post China-linked hackers have targeted Malaysian government, officials warn appeared first on CyberScoop.

Continue reading China-linked hackers have targeted Malaysian government, officials warn→