Sean Lyngaas – Page 49 – WindowsTechs.com

Feds are lining up more indictments related to Chinese cyber-activity, officials say

Posted on February 6, 2020 by Sean Lyngaas

U.S. prosecutors are preparing to issue new charges against Chinese nationals related to alleged hacking and insider threats at U.S. organizations, senior Department of Justice officials said Thursday. “Chinese theft by hacking has been prominent,” Attorney General William Barr said in a speech at the Center for Strategic and International Studies in Washington, D.C. “Those actions by China are continuing, and you should expect more indictments and prosecutions in the future.” It is unclear when prosecutors will issue the next indictment related to Chinese activity. Asked when that would happen, John Demers, the assistant attorney general for national security, would only say “soon.” “I think you’ll see more cyber-related indictments and you’ll see more of the insider indictments that, more recently, have actually … dominated the number of indictments we’ve brought,” Demers told reporters, referring to cases in which an employee of a U.S. company is coopted into stealing sensitive data. The Chinese […]

The post Feds are lining up more indictments related to Chinese cyber-activity, officials say appeared first on CyberScoop.

Continue reading Feds are lining up more indictments related to Chinese cyber-activity, officials say→

5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft

Posted on February 5, 2020 by Sean Lyngaas

A protocol that underpins widely used equipment made by telecommunications giant Cisco is vulnerable to multiple data-stealing attacks, researchers warned Wednesday. The five previously unreported vulnerabilities in implementations of the Cisco protocol — found by Armis Security, a California-based company — show the enduring challenge of keeping one insecure device from being a gateway to another for a hacker. The zero-day bugs affect the many voice-over-IP phones, routers, and switches at corporations around the world that use the protocol for communications. A hacker with enough skill and motivation to exploit the vulnerabilities could gain access to a company’s network and then, for example, take over the VOIP phones on the network to steal data or eavesdrop on calls. The routers and switches that are susceptible to the vulnerabilities form “the backbone of [an enterprise] network,” said Ben Seri, Armis’s vice president of research, who wrote a proof-of-concept for an attack on […]

The post 5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft appeared first on CyberScoop.

Continue reading 5 new vulnerabilities expose the ‘backbone’ of an enterprise network to data theft→

Twitter discloses API vulnerability that allowed snoops to tie phone numbers to accounts

Posted on February 3, 2020 by Sean Lyngaas

Twitter says it has beefed up security after a “large network of fake accounts” was able to match phone numbers to Twitter accounts using a vulnerability in the platform’s application programming. The vulnerability in Twitter’s application programming interface (API), a set of protocols that govern how data interacts with a particular website, allowed someone to upload a slew of phone numbers and correlate them with user accounts. In a statement Monday, Twitter said it became aware of the issue on Dec. 24, the day that news site TechCrunch reported on how a security researcher had matched 17 million phone numbers by exploiting Twitter’s API. After investigating the issue, Twitter said it found other accounts that were exploiting the API endpoint. Accounts in several countries were abusing the API, but there was a particularly high volume of abuse coming from IP addresses in Iran, Israel, and Malaysia, the social media giant said. […]

The post Twitter discloses API vulnerability that allowed snoops to tie phone numbers to accounts appeared first on CyberScoop.

Continue reading Twitter discloses API vulnerability that allowed snoops to tie phone numbers to accounts→

Bug hunter unveils Cisco zero-days at ShmooCon

Posted on February 3, 2020 by Sean Lyngaas

Looks can be deceiving when a security researcher first studies a piece of code. What might seem mundane or straightforward on the surface — an insecure log-in page, for example — can lead to unexpected results when a security practitioner digs deeper. Without humans scanning for vulnerabilities, bugs are left to fester, and can be exploited to cause real issues if they fall into the wrong hands. That lesson lingers in Ken Pyle’s mind. During a security test for a client last year, Pyle, a partner at the security company DFDR Consulting, examined a networking switch made by Cisco. The equipment is popular with small businesses, including the managed service providers that handle remote connections, because it allows organizations to administer multiple devices across a network. What started as a simple web application vulnerability, upon closer inspection, turned out to be two previously-unreported flaws affecting hundreds of thousands of devices, […]

The post Bug hunter unveils Cisco zero-days at ShmooCon appeared first on CyberScoop.

Continue reading Bug hunter unveils Cisco zero-days at ShmooCon→

As Iowa caucuses loom, states drill with feds to protect 2020 elections

Posted on January 31, 2020 by Sean Lyngaas

With the Iowa caucuses just days away, state election officials from around the country gathered this week in Washington, D.C., to drill for cyberattacks, study ransomware and learn how to work with ethical hackers. The level of collaboration was unthinkable four years ago, when Russia-backed hackers and trolls interfered to the electoral process. Then, it took many months for federal officials to notify states that their systems had been targeted, and states bristled at the Department of Homeland Security’s 2017 designation of election systems as critical infrastructure. Now, federal and state officials are mapping out how a foreign adversary might try to undermine the democratic process, and practicing how they would thwart those attacks. “We’re light years ahead today from where we were [in the aftermath of 2016]” Mac Warner, the secretary of state of West Virginia, said Thursday at the National Association of Secretaries of State conference. Warner said […]

The post As Iowa caucuses loom, states drill with feds to protect 2020 elections appeared first on CyberScoop.

Continue reading As Iowa caucuses loom, states drill with feds to protect 2020 elections→

Anti-virus firm Avast shuts down its data-selling subsidiary

Posted on January 30, 2020 by Sean Lyngaas

Anti-virus company Avast said this week it will stop collecting and selling user data through a subsidiary following media reports and criticism from privacy advocates. The “data collection business is not in line with our privacy priorities as a company in 2020 and beyond,” said Ondrej Vlcek, CEO of Avast, which boasts 435 million users worldwide. Avast had been collecting users’ web browser data and, through its subsidiary Jumpshot, using that data to sell analytics products to big multinational companies, according to a joint investigation from Vice’s Motherboard and PCMag. The investigation prompted U.S. senators to question Avast and the Federal Trade Commission over the program. It also reinforced broader concerns about the ability of big tech firms to collect and monetize user data. Founded in 2015, Jumpshot advertised its ability to closely track consumer habits across over more than 150 websites like Amazon and Netlflix. “I realize the recent […]

The post Anti-virus firm Avast shuts down its data-selling subsidiary appeared first on CyberScoop.

Continue reading Anti-virus firm Avast shuts down its data-selling subsidiary→

Why direct-memory attacks on laptops just won’t go away

Posted on January 30, 2020 by Sean Lyngaas

A dizzying array of organizations can be involved in the production of a laptop. One body puts out the specifications for the firmware, another vendor writes it and sells it to the manufacturer, and then another company makes sure it works with the device’s operating system. While there are exceptions — Apple controls more of these processes in producing Macs — the overall complexity of the laptop industry’s supply chain makes security harder. One vendor builds protections into a laptop, but if another firm doesn’t configure them properly, the chance that the machine is vulnerable to hacking grows considerably. New research from hardware security company Eclypsium shows why this challenge is so enduring. Eclypsium’s team of former white-hat hackers at Intel Corp. found two vulnerabilities in memory features of modern, “enterprise-class” HP and Dell laptops that could allow a skilled hacker to take control of the kernel, the computer’s core functionality, […]

The post Why direct-memory attacks on laptops just won’t go away appeared first on CyberScoop.

Continue reading Why direct-memory attacks on laptops just won’t go away→

What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords

Posted on January 28, 2020 by Sean Lyngaas

A website that informs users if their email address has been swept up in a data breach isn’t just popular with vigilant business owners or private security sleuths. The man charged with protecting the Department of Homeland Security’s systems from hackers also maintains an account on the “Have I been Pwned?” website, and it regularly reminds him of the risks passwords pose. “I get emails from this website on a monthly or basis,” DHS CISO Paul Beckman said Tuesday at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. “That’s how often my username and password is getting compromised.” Beckman said he registered both his personal and DHS emails on the website. The good news for him is that he uses a “second factor” — something like a SMS message or an authentication app — to log into his accounts and keep hackers out of […]

The post What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords appeared first on CyberScoop.

Continue reading What ‘Have I been Pwned?’ taught DHS’s internal cyber chief about passwords→

Berlin’s high court should rebuild computer system after Emotet infection, report finds

Posted on January 27, 2020 by Sean Lyngaas

Berlin’s highest court should completely rebuild its computer infrastructure after hackers ran roughshod through the network and likely stole data in the process, according to a forensic report released Monday. Poor security controls allowed the attackers to install two types of information-stealing malware last fall, said the study conducted by an IT subsidiary of Deutsche Telekom and released by German lawmakers investigating the incident. “A motivated attacker would have been able to use this network structure to infect almost every device,” the report states. The court, known as the Kammergericht in German, is the highest court for the city-state of Berlin. It handles criminal and terrorism cases with sensitive witness lists, which could be valuable data in the hands of a profit-seeking attacker. Sven Herpig, a cybersecurity expert with the German think tank SNV, pointed out that attackers are increasingly using data exfiltration as a means of holding victims hostage. […]

The post Berlin’s high court should rebuild computer system after Emotet infection, report finds appeared first on CyberScoop.

Continue reading Berlin’s high court should rebuild computer system after Emotet infection, report finds→

Why one researcher mimicked Russian hackers in breaking into a European utility

Posted on January 23, 2020 by Sean Lyngaas

Jason Larsen was tired of hearing about the skills of Russian-linked hackers, particularly those who cut power in parts of Ukraine in 2015 and 2016. These were groundbreaking and worrying attacks, he thought to himself, but giving the attackers too much credit makes defending against them more complicated than it needs to be. So Larsen, a researcher at cybersecurity company IOActive, broke into the substation network of a European electric utility using one of the Russian hackers’ techniques. The first segment of the attack — gaining root access on some firmware— took him 14 hours. He took notes by the hour and shared them with the distribution utility, one of his clients, to improve their defenses. “We’ve embodied them with all of these god-like abilities,” Larsen said of Sandworm, the group said to be responsible for the attacks and which many believe to work on behalf of Russia’s military intelligence agency. The group turned the lights […]

The post Why one researcher mimicked Russian hackers in breaking into a European utility appeared first on CyberScoop.

Continue reading Why one researcher mimicked Russian hackers in breaking into a European utility→