Sean Lyngaas – Page 50 – WindowsTechs.com

Idaho National Lab researcher shines a light on the market for ICS zero-days

Posted on January 22, 2020 by Sean Lyngaas

The market for previously unknown, or zero-day, software exploits has come out of the shadows in recent years as exploit brokers openly advertise million-dollar payouts. But while zero-day brokers like Zerodium and Crowdfense sometimes outline the types of exploits they buy — whether for mobile or desktop devices — much less has been said about the market for exploits that affect industrial control systems (ICS), which support critical infrastructure sectors like energy and transportation. Sarah Freeman, an analyst at the Department of Energy’s Idaho National Laboratory, is trying to help fill that void in data and, in the process, show how the ICS exploit market can be a bellwether for threats. Freeman’s hypothesis was that “if you track these bounties, you can use them as precursors or tripwires for future adversary activity.” She argues that current tallies of zero-day exploits with ICS implications are undercounted. In the first quarter of 2019, […]

The post Idaho National Lab researcher shines a light on the market for ICS zero-days appeared first on CyberScoop.

Continue reading Idaho National Lab researcher shines a light on the market for ICS zero-days→

Researchers set up a mock factory network — and watched the criminals rush in

Posted on January 22, 2020 by Sean Lyngaas

The 2017 WannaCry-fueled shutdown of a car facility and other high-profile infections make ransomware too big to ignore for the manufacturing sector. But while factory operators reckon with their security weaknesses, they sometimes lack information on how and why their networks attract the interest of digital thieves. In search of those answers, researchers at cybersecurity company Trend Micro ran a simulated factory network for seven months that invited all sorts of digital miscreants into the fray. Different attackers used the mock network, or honeypot, to mine cryptocurrency and infected it with two strains of a ransomware known as CrySIS. “These are career ransomware actors that are doing these things,” Trend Micro senior threat researcher Stephen Hilt told CyberScoop, reflecting on how professionalized and sector-agnostic ransomware attacks have become. In both cases, the attackers were able to lock up files on the network by breaching the faux factory’s robotics workstation, which […]

The post Researchers set up a mock factory network — and watched the criminals rush in appeared first on CyberScoop.

Continue reading Researchers set up a mock factory network — and watched the criminals rush in→

Children’s apparel company Hanna Andersson discloses data breach

Posted on January 21, 2020 by Sean Lyngaas

Hanna Andersson, a children’s clothing company with stores across the country, has told customers that their card payment data may have been compromised in a security breach last year. For nearly two months from mid-September to mid-November, an “unauthorized third party” had access to card payment information that certain customers entered as they were checking out at Hanna Andersson’s website, Mike Edwards, the company’s CEO, said in a Jan. 15 letter to customers viewed by CyberScoop. The exposed data included payment card numbers, expiration dates, and CVV codes, along with customers’ names, billing addresses, and shipping addresses. Law enforcement officials recently told executives at Portland, Oregon-based Hanna Andersson that there was evidence of a breach, Edwards said. It is unclear how many customers were affected by the incident. While it doesn’t appear that every customer who visited the website during the two month period was victimized, Edwards said, the company […]

The post Children’s apparel company Hanna Andersson discloses data breach appeared first on CyberScoop.

Continue reading Children’s apparel company Hanna Andersson discloses data breach→

Citrix issues first of several patches for critical bug

Posted on January 21, 2020 by Sean Lyngaas

With hackers actively exploiting a critical vulnerability in its products, corporate virtual private network provider Citrix on Sunday issued the first of several patches for that flaw, and accelerated the timeline for releasing other fixes. In a statement, Citrix chief information security officer Fermin J. Serna urged customers to apply the latest patches, and said that the company had increased staffing should customers need help installing the new software. Experts say that successful exploitation of this bug could allow a hacker to burrow into the many Fortune 500 company networks that rely on the software, creating an opportunity for data theft. A flaw in VPN services, in particular, could result in the exposure of sensitive corporate information that victims incorrectly believe is protected behind an additional layer of security. The Department of Homeland Security’s cybersecurity division on Monday advised Citrix customers to “upgrade their vulnerable appliances as soon as possible.” The patches released Sunday cover certain versions of […]

The post Citrix issues first of several patches for critical bug appeared first on CyberScoop.

Continue reading Citrix issues first of several patches for critical bug→

Americans still vulnerable to hack-and-leak tactics, DOJ official says

Posted on January 17, 2020 by Sean Lyngaas

As the 2020 election campaigning kicks into high gear, a senior Department of Justice official says he worries that Americans are still vulnerable to foreign hack-and-leak operations that are intended to disrupt democratic processes. “One of the things that I am concerned about is the hacking-and-dumping activity that occurred in 2016,” John Demers, the assistant attorney general for national security, said Friday. He was referring to Russian military officers’ hacking of email servers used by Democratic political organizations, and the selective leaking of those emails to the public. Despite a lot of progress on election security since Russian interference in 2016, the personal email accounts used by political campaigns are still a weak link, Demers said at the Wilson Center in Washington, D.C. “It really is dependent on their cyber hygiene practices…and not clicking on that wrong email,” Demers said. “What the Russians did in 2016 in terms of the […]

The post Americans still vulnerable to hack-and-leak tactics, DOJ official says appeared first on CyberScoop.

Continue reading Americans still vulnerable to hack-and-leak tactics, DOJ official says→

Hackers are racing to exploit a Citrix bug that the company hasn’t patched yet

Posted on January 17, 2020 by Sean Lyngaas

Over the course of a week, the security implications have grown more dire for a critical vulnerability in two popular products made by Citrix, a corporate virtual private network service provider used at many Fortune 500 companies. The flaw exists in a Citrix cloud-based application delivery tool, as well as in a product that allows remote access to the company’s applications. Experts say that successful exploitation of the bug could allow a hacker to burrow into the many enterprise networks that use the software. The result could be the exposure or theft of corporate information from Citrix clients who otherwise trust technology provided by the $2.5 billion company. First, experts said that attackers would soon begin exploiting the flaw. Citrix then issued an advisory assuring that its recommended stop-gap security measures would help address the issue. But as researchers warned that hackers had begun exploiting the vulnerability, Citrix updated its advisory to say that, in certain […]

The post Hackers are racing to exploit a Citrix bug that the company hasn’t patched yet appeared first on CyberScoop.

Continue reading Hackers are racing to exploit a Citrix bug that the company hasn’t patched yet→

Airbus researcher explores ‘Stuxnet-type attack’ for security training

Posted on January 16, 2020 by Sean Lyngaas

Stuxnet, the potent malware reportedly deployed by the U.S. and Israel to disrupt an Iranian nuclear facility a decade ago, helped change the way that many energy-infrastructure operators think about cybersecurity. The computer worm drove home the idea that well-resourced hackers could sabotage industrial plant operations, and it marked a new era of state-sponsored cyber-operations against critical infrastructure. Years later, industrial cybersecurity experts are still learning from the destructive potential of Stuxnet’s code and how it was deployed. While Stuxnet was an extraordinary situation — an intensive operation designed to hinder Iran’s nuclear program — it holds lessons for the wider world in securing industrial equipment that moves machinery. In a new study to improve security, a researcher at the cybersecurity subsidiary of European planemaker Airbus describes how he designed a program to execute code in a “Stuxnet-type attack” on a programmable logic controller (PLC), the ruggedized computers that monitor and control industrial systems like pumps, circuit […]

The post Airbus researcher explores ‘Stuxnet-type attack’ for security training appeared first on CyberScoop.

Continue reading Airbus researcher explores ‘Stuxnet-type attack’ for security training→

Senators to Trump administration: Protect small businesses from Iranian hacking threat

Posted on January 15, 2020 by Sean Lyngaas

The federal agency charged with supporting small U.S. businesses should take “immediate action” to ensure that such firms are adequately protected from cyberthreats emanating from Iran, a bipartisan pair of senators said Wednesday. “We are concerned that small businesses may not have the information and tools necessary” to implement cybersecurity practices recommended by the Department of Homeland Security in the wake of the U.S. killing of Iran’s top general, Sens. Marco Rubio, R-Fla., and Ben Cardin, D-Md., wrote in a letter to the Small Business Administration. The advisory from DHS’s Cybersecurity and Infrastructure Security Agency warned of Iran’s history of “disruptive and destructive cyber operations against strategic targets” and advised U.S. organizations to consider whether they make an attractive target for the Iranians. According to the FBI, those potential private-sector targets include cleared defense contractors. Security experts have also advised organizations not to overreact to potential cyberthreats from Iran. Ned […]

The post Senators to Trump administration: Protect small businesses from Iranian hacking threat appeared first on CyberScoop.

Continue reading Senators to Trump administration: Protect small businesses from Iranian hacking threat→

Intel pushes for hardware-specific additions to vulnerability taxonomy

Posted on January 15, 2020 by Sean Lyngaas

The professionals who work to uncover security vulnerabilities in hardware must find a “common language” for categorizing them in order to make important strides in securing those systems, according to chipmaking giant Intel Corp. Hardware researchers “do not have the same standard taxonomy that would enable them to share information and techniques with one another,” Intel researchers Arun Kanuparthi and Hareesh Khattri argued in an op-ed published this week on Help Net Security, an information security website. “If we expect hardware vendors and their partners to collectively deliver more secure solutions, we must have a common language for discussing hardware security vulnerabilities,” Kanuparthi and Khattri wrote. At issue is the Common Weakness Enumeration (CWE) system, a list that is used as a yardstick on which to map Common Vulnerabilities and Exposures (CVE). CVEs are more familiar to security researchers as signposts for potential threats, and they’re a notch in the belt […]

The post Intel pushes for hardware-specific additions to vulnerability taxonomy appeared first on CyberScoop.

Continue reading Intel pushes for hardware-specific additions to vulnerability taxonomy→

State election officials will get fresh intelligence briefing after Iran tensions

Posted on January 14, 2020 by Sean Lyngaas

In the wake of the U.S.-Iran standoff and just weeks before the first Democratic primary, the intelligence community’s lead official for election security will brief state officials on the top cyberthreats to the U.S. electoral process. Shelby Pierson, the intelligence community’s election threats executive, said that the briefing this Thursday will cover full gamut of digital threats to U.S. elections, including those emanating from Iran. Asked if Iran is more likely to interfere in the 2020 election after the U.S. military killed Tehran’s top general earlier this month, Pierson told reporters Tuesday that “it certainly is something that we’re prepared for.” “Our adversaries look to the political climate … it wouldn’t surprise me at all that this is part of the calculus,” she added. Pierson, who assumed her post last July, used a speech at the National Press Club in Washington, D.C., to raise awareness about digital threats facing the […]

The post State election officials will get fresh intelligence briefing after Iran tensions appeared first on CyberScoop.

Continue reading State election officials will get fresh intelligence briefing after Iran tensions→