Sean Lyngaas – Page 57 – WindowsTechs.com

A malicious Tor browser is helping scammers steal bitcoin, researchers say

Posted on October 18, 2019 by Sean Lyngaas

Thieves are using malware that masquerades as Tor, the anonymizing internet browser, to steal money from Russian-speaking people on the dark web, researchers said Friday. The operation uncovered by researchers at Slovakian cybersecurity company ESET has netted the unidentified attackers some $40,000 in bitcoin so far, but the amount could be larger. “They likely stole more in Qiwi,” said Robert Lipovsky, a senior malware researcher at ESET, referring to a Russian payment service. The insidious attack is a reminder that hackers can upend the privacy and security users expect from software by tricking them into downloading malicious code. Tor is used by everyone from human rights defenders and journalists to criminals trying to hide activities like drug sales and child pornography from law enforcement. This effort, only the latest malicious operation exploiting users who rely on the software, comes as the Tor Project is seeking to spread awareness about Tor, and increase trust […]

The post A malicious Tor browser is helping scammers steal bitcoin, researchers say appeared first on CyberScoop.

Continue reading A malicious Tor browser is helping scammers steal bitcoin, researchers say→

Samsung, Google acknowledge flaws in phone-unlocking biometric tools

Posted on October 17, 2019 by Sean Lyngaas

Tech giants Samsung and Google are grappling with separate flaws in the biometric technology the companies give users to secure their mobile phones. Samsung said Thursday that it was working on a patch for an issue discovered by a British couple that allows any fingerprint to unlock a Galaxy S10 or Note 10 phone with a certain screen protector on it. After buying a screen protector for her Galaxy S10, Lisa Neilson found both her thumbprints could unlock the phone, as could those of her husband and sister, according to The Sun newspaper. “We are investigating this issue and will be deploying a software patch soon,” a Samsung spokesperson told CyberScoop. “We encourage any customers with questions or who need support downloading the latest software to contact us directly at 1-800-SAMSUNG.” Google, meanwhile, has acknowledged to the BBC that the facial recognition system used on its Pixel 4 phone will […]

The post Samsung, Google acknowledge flaws in phone-unlocking biometric tools appeared first on CyberScoop.

Continue reading Samsung, Google acknowledge flaws in phone-unlocking biometric tools→

‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity

Posted on October 16, 2019 by Sean Lyngaas

A politician-turned-defense official who is trying to shake up the acquisition bureaucracy in the U.S. Department of Defense told contractors they need to better prioritize security in order to do business with the Pentagon, and stifle foreign theft of defense secrets. “This is a change of culture,” Katie Arrington, chief information security officer of the Pentagon’s acquisition policy office, said Wednesday. “It’s going to take time, it’s going to be painful, and it’s going to cost money.” Arrington, who joined the Office of the Undersecretary of Defense for Acquisition and Sustainment in January, is spearheading the development of new cybersecurity standards for contractors. Last month, defense officials unveiled a draft of the guidelines, known as the Cybersecurity Maturity Model Certification. The standards will require contractors of all sizes to have a baseline level of cybersecurity practices in order to, for example, prevent adversaries from exfiltrating their intellectual property. Companies holding more sensitive defense data will need to […]

The post ‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity appeared first on CyberScoop.

Continue reading ‘It’s going to be painful’: Pentagon official urges contractors to improve cybersecurity→

Lawmakers offer Illinois election work as blueprint to secure 2020

Posted on October 15, 2019 by Sean Lyngaas

U.S. lawmakers on Tuesday heard from Illinois officials who were on the front lines of Russia’s interference in the 2016 election in a hearing that held the state up as a model for election security. Since Russian hackers breached Illinois’ voter registration database in 2016, Illinois officials have set up an internal computer network to better protect voter data, established a “Cyber Navigator” program that embeds IT specialists in local election offices, and used the Illinois National Guard to protect the 2018 midterm vote. “It’s my hope that programs such as this can serve as models for other states,” said Rep. Lauren Underwood, D-Illinois, vice chairwoman of the House Homeland Security Committee, which held the hearing. She was referring to the Cyber Navigator program, to which Illinois has dedicated roughly $6.9 million, the great majority of it federal grant money. To build on progress in Illinois and elsewhere, election security experts have called for larger […]

The post Lawmakers offer Illinois election work as blueprint to secure 2020 appeared first on CyberScoop.

Continue reading Lawmakers offer Illinois election work as blueprint to secure 2020→

Russian indicted by Mueller for alleged troll-farm activities is released by Belarus

Posted on October 15, 2019 by Sean Lyngaas

Authorities in Belarus have released a Russian national whom former Special Counsel Robert Mueller indicted for interfering in the 2016 U.S. election. Anna Bogacheva allegedly worked for the notorious Internet Research Agency, a propaganda-spouting company with ties to Russian President Vladimir Putin. A February 2018 indictment from the Department of Justice alleges that Bogacheva traveled to the U.S. in 2014 “under false pretenses for the purpose of collecting intelligence” to support the IRA’s disinformation campaigns. Bogacheva was released after being detained in the capital of Minsk, according to multiple media reports quoting Belarus’s prosecutor general’s office. Her detention initially raised the possibility that one of the 13 Russians charged by Mueller might see the inside of the U.S. courtroom. Bogacheva immediately returned to Russia upon being released, The Washington Post reported. Belarusian authorities did not find grounds to detain Bogacheva for extradition, according to reports. A spokesperson for the office could not be […]

The post Russian indicted by Mueller for alleged troll-farm activities is released by Belarus appeared first on CyberScoop.

Continue reading Russian indicted by Mueller for alleged troll-farm activities is released by Belarus→

Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep

Posted on October 15, 2019 by Sean Lyngaas

Of the countless security conferences held across the globe, only one combines craft beer and malware analysis in the National Security Agency’s backyard. Every year, federal contractors and analysts at Beltway cybersecurity companies gather for a day at Jailbreak Brewery’s Laurel, Maryland, headquarters to trade specialized knowledge in digital forensics. “The training is really good; the beers are even better,” said a Department of Justice employee sipping a Lemon Meringue Berliner Weisse. The DOJ employee, who declined to speak on the record, has been coming since the summit’s inception in 2015. “I learn something new every year,” he said, before descending from the bar and taking a seat in front of the presentation stage. That is the comfort zone that Kasey Turner, a former NSA employee, sought to create when he opened the brewery in 2014 with cybersecurity contractor-turned-entrepreneur Justin Bonner. “We wanted this to be everybody’s own jailbreak,” Turner told CyberScoop. […]

The post Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep appeared first on CyberScoop.

Continue reading Binaries and Brews: Jailbreak Security Summit convenes hackers on NSA’s doorstep→

Notorious FIN7 crooks have new malicious code up their sleeves

Posted on October 10, 2019 by Sean Lyngaas

Cybersecurity researchers have discovered two new tools used by a prolific hacking group known as FIN7, highlighting how, despite a law enforcement crackdown, the group appears to be thriving and making a lot of money in the process. The Eastern European hacking crew, which researchers say has stolen over $1 billion from victims in recent years, is using a new “dropper” to deliver its malicious code, as well as a payload that tampers with a remote IT administration tool, cybersecurity company FireEye said Thursday. Mandiant, FireEye’s incident response arm, discovered the new tools while responding to recent FIN7 hacks in the hospitality industry. It appears the attackers are going after their usual targets — payment card processors — to try to steal money. “We have multiple ongoing victims and felt that, especially within the security industry, [this was information] we needed to get out there” to raise awareness, said Regina […]

The post Notorious FIN7 crooks have new malicious code up their sleeves appeared first on CyberScoop.

Continue reading Notorious FIN7 crooks have new malicious code up their sleeves→

Group rumored to be behind campaign hack also going after cybersecurity researchers

Posted on October 8, 2019 by Sean Lyngaas

An Iran-linked hacking group that targeted a U.S. presidential campaign has also been trying to breach the cybersecurity analysts have outed the hacking efforts, new research shows. The hackers recently sent researchers at Israeli company ClearSky Cyber Security malware-laced emails purporting to be from an antivirus company, according to Ohad Zaidenberg, the company’s senior cyber intelligence researcher. The hacking group, which analysts say works in support of Iranian interests, also set up a phishing website mimicking that of ClearSky and a web-mail page “built to attack our clients,” Zaidenberg told CyberScoop. While ClearSky did not elaborate on the attempted breaches of the company, the episode highlights the lengths to which the group might go to try to infiltrate the cybersecurity specialists who track them. And it is just the latest activity in what has been a busy few months for the Iranian computer operatives, known to researchers as Charming Kitten, […]

The post Group rumored to be behind campaign hack also going after cybersecurity researchers appeared first on CyberScoop.

Continue reading Group rumored to be behind campaign hack also going after cybersecurity researchers→

U.S. agrees to help Baltic states bolster grid cybersecurity

Posted on October 7, 2019 by Sean Lyngaas

The United States on Sunday agreed to work more closely with three Baltic countries to protect their electric sectors from cyberattacks. “We see a crucial role that U.S. could play in assisting the Baltic states with strategic and technical support,” reads the declaration from the U.S. Department of Energy (DOE) and officials from Latvia, Lithuania, and Estonia, according to multiple news outlets. The four countries will establish a platform for sharing cybersecurity expertise over the next six months, the AFP reported. The agreement is a recognition of the need to fortify energy infrastructure that could be a prime target for hackers in the event of geopolitical conflict. Russia’s neighbors are very familiar with that dynamic: Kremlin-linked hackers cut power in parts of Ukraine in 2015 and 2016. The U.S. announcement with Baltic states was short on specifics. Spokespeople for officials in all four governments did not respond to requests for comment. The document […]

The post U.S. agrees to help Baltic states bolster grid cybersecurity appeared first on CyberScoop.

Continue reading U.S. agrees to help Baltic states bolster grid cybersecurity→