Sean Lyngaas – Page 59 – WindowsTechs.com

New research shows more utility companies are being targeted by phishing emails

Posted on September 23, 2019 by Sean Lyngaas

A set of possibly state-sponsored hackers has targeted a much longer list of U.S. utility-sector organizations than previously documented, according to cybersecurity company Proofpoint, underscoring the steady interest that well-resourced hackers have in U.S. critical infrastructure. From April to August, the unidentified hackers have targeted at least 17 entities in the sector, Proofpoint said. The tally jumped from the three utilities the company reported on in August after a fresh batch of phishing emails was found. Proofpoint is unsure who is behind the spearphishing attempts, but described the activity as an “advanced persistent threat” campaign — a label used to denote state sponsorship. Proofpoint has said there are similarities between macros used by the attackers and activity last year from APT10, a group tied to China’s civilian intelligence agency. The link between the two, however, is far from conclusive. “Our analysts did not observe additional code overlap or infrastructure reuse […]

The post New research shows more utility companies are being targeted by phishing emails appeared first on CyberScoop.

Continue reading New research shows more utility companies are being targeted by phishing emails→

Microsoft will offer free Windows 7 support for election officials through 2020

Posted on September 20, 2019 by Sean Lyngaas

Microsoft is expected to announce Friday it will offer state and local election officials free support for Windows 7 operating systems used in voting systems through 2020, according to multiple people familiar with the matter. Microsoft has long planned to stop providing security updates for Windows 7 users in general in January 2020, but was allowing users to pay for those updates through 2023. But the offer of free services through next year’s U.S. presidential election is an additional effort to make it easier to update operating software used in voting systems, such as the election management systems that format ballots. Many systems that support voting in the U.S. still rely on Windows 7, which is not nearly as straightforward to update on those machines as it is on a personal computer. Patches require installation and testing to verify that they will not disrupt a voting system. The U.S. Election Assistance Commission has said it will not de-certify […]

The post Microsoft will offer free Windows 7 support for election officials through 2020 appeared first on CyberScoop.

Continue reading Microsoft will offer free Windows 7 support for election officials through 2020→

What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon

Posted on September 19, 2019 by Sean Lyngaas

Voting-equipment vendors are preparing to formally ask security researchers for ideas on building a coordinated vulnerability disclosure (CVD) program, the next step in the industry’s gradual move to work more closely with ethical hackers. The Elections Industry-Special Interest Group, which includes the country’s three largest voting-systems vendors, will this week release the request for information (RFI), Chris Wlaschin, vice president of systems security at one of those vendors, Election Systems & Software, told CyberScoop. “We all feel that sense of urgency to adopt this sooner than later,” Wlaschin said. Since January, the voting vendor group, which is part of the IT-Information Sharing and Analysis Center (IT-ISAC), a broader industry association, has held biweekly meetings to begin hashing out what a CVD program to find and fix software bugs might look like. Other industries have adopted such programs, which can raise the bar for security in an industry and establish trust […]

The post What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon appeared first on CyberScoop.

Continue reading What would a vulnerability disclosure program look like for voting equipment? Expect an RFI soon→

Election commission says it won’t de-certify voting systems running old versions of Windows

Posted on September 18, 2019 by Sean Lyngaas

The U.S. Election Assistance Commission has told lawmakers that it will not de-certify certain voting machines using outdated Microsoft Windows systems, a disclosure that highlights the challenge of keeping voting systems secure after a vendor ceases offering support for a product. While a voting machine would fail certification if it were running software that wasn’t supported by a vendor, the act of de-certifying the machine is cumbersome and “has wide-reaching consequences, affecting manufacturers, election administration at the state and local levels, as well as voters,” EAC commissioners wrote in a letter to the Committee on House Administration that CyberScoop obtained. To pass certification, voting vendors must meet a series of specifications outlined in the Voluntary Voting Systems Guidelines (VVSG), a set of standards that the EAC has been slow to update. In response to questions from the committee’s staff, EAC commissioners said the laborious de-certification process can be initiated if there is […]

The post Election commission says it won’t de-certify voting systems running old versions of Windows appeared first on CyberScoop.

Continue reading Election commission says it won’t de-certify voting systems running old versions of Windows→

A persistent group of hackers has been hitting Saudi IT providers, Symantec says

Posted on September 18, 2019 by Sean Lyngaas

Over the last 14 months, a determined group of hackers has breached IT companies in Saudi Arabia in a likely attempt to gain access to their customers, security researchers said Wednesday. The group, dubbed Tortoiseshell, has struck at least 11 organizations, most of them in Saudi Arabia, since July 2018 and was active as recently as July 2019, according to cybersecurity company Symantec. Targeting Saudi IT providers and collecting data on their networks makes perfect sense for anyone looking for persistent access to those suppliers’ clients. Symantec did not speculate on which organizations the attackers have been targeting further upstream in the supply chain. Nor would the researchers describe the nature of the IT services the hacked organizations provide. Jon DiMaggio, senior threat intelligence analyst for Symantec Security Response, said the IT providers have a “large presence in Saudi Arabia” and have lots of customers. The IT providers “have that trust relationship with these customers,” DiMaggio told CyberScoop. […]

The post A persistent group of hackers has been hitting Saudi IT providers, Symantec says appeared first on CyberScoop.

Continue reading A persistent group of hackers has been hitting Saudi IT providers, Symantec says→

Hacked government contractor shares breach details as investigation continues

Posted on September 16, 2019 by Sean Lyngaas

The president of a hacked U.S. government contractor says a recent breach has cost his company $500,000 to $1 million in what he deemed a “learning experience” that should be shared with other organizations to raise their network defenses. “It could happen to anyone,” Sandesh Sharda, president of Arlington, Virginia-based Miracle Systems, told CyberScoop. “We keep hearing about all these hacks all the time, whether it’s Baltimore, whether it’s Texas, whether it’s Capital One, commercial or government. This is not going to go away…How we prepare our industry for these kinds of hacks is [what’s] most important.” It’s been a month since Miracle Systems, which provides IT, engineering and other services to more than 20 federal agencies, learned that its internal server had been breached. On at least one cybercriminal forum, a hacker or hackers has advertised access to internal company data, as journalist Brian Krebs reported. Sharda downplayed the breach, […]

The post Hacked government contractor shares breach details as investigation continues appeared first on CyberScoop.

Continue reading Hacked government contractor shares breach details as investigation continues→

Teenager arrested in UK for allegedly hacking ‘world-famous’ musicians

Posted on September 13, 2019 by Sean Lyngaas

A 19-year-old man has been arrested for allegedly hacking the websites and “cloud-based accounts” of “world-famous” musicians, stealing their unreleased work, and selling the music for cryptocurrency, U.S. and British authorities announced Friday. The man was arrested in Ipswich, a city in eastern England, after the search of a property there and one in North London, according to an announcement from the Manhattan District Attorney Cyrus R. Vance Jr., and City of London Police Commissioner Ian Dyson. The Manhattan D.A. investigated the incident after being contacted by the musicians’ management companies and worked with the London police ahead of the arrest, according to the announcement. Authorities did not name the victimized musicians, but City of London officials said they were all American, some of them Grammy-winning, NBC 4 New York reported. Spokespeople for the Manhattan D.A. and the City of London did not immediately respond to questions regarding how much music […]

The post Teenager arrested in UK for allegedly hacking ‘world-famous’ musicians appeared first on CyberScoop.

Continue reading Teenager arrested in UK for allegedly hacking ‘world-famous’ musicians→

‘Cobalt Dickens’ group is phishing universities at scale again, researchers say

Posted on September 11, 2019 by Sean Lyngaas

An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign, whose aim is likely intellectual property theft, sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that discovered the activity. “The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity,” Secureworks said in a blog post. The most high-profile attempt to disrupt the hackers was the charges the U.S. Department of Justice announced in March 2018 against nine Iranian nationals for breaching the networks of multiple U.S. universities, federal government agencies and U.S. companies. And yet the hacking group, which Secureworks dubs Cobalt Dickens, has used some of the same domains in their new […]

The post ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say appeared first on CyberScoop.

Continue reading ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say→

Imperva says cloud firewall customers’ passwords were exposed

Posted on August 27, 2019 by Sean Lyngaas

Security vendor Imperva on Tuesday revealed that data belonging to an unspecified number of customers of its cloud firewall product was exposed online. Email addresses and hashed and salted passwords from a database of its Cloud Web Application Firewall (WAF) customers were left exposed through September 15, 2017, Imperva CEO Chris Hylen wrote in a blog post disclosing the incident. Additionally, the API keys and SSL certificates of some customers were exposed. The company found out about the incident last week thanks to an unnamed third party, he said. It is unclear to what extent, if any, hackers had accessed the exposed data. The company did not respond to a request for comment by press time. Imperva’s Cloud WAF counts the AARP, General Electric, and Siemens as customers, according to the company’s website. “We continue to investigate this incident around the clock and have stood up a global, cross-functional team,” Hylen wrote, adding […]

The post Imperva says cloud firewall customers’ passwords were exposed appeared first on CyberScoop.

Continue reading Imperva says cloud firewall customers’ passwords were exposed→

Apple patches bug that let hackers jailbreak iOS 12.4

Posted on August 26, 2019 by Sean Lyngaas

Apple has fixed a vulnerability in the latest iPhone operating system that made it possible for hackers to “jailbreak” a device running that version of iOS. The technology company released the patch on Monday, roughly a week after a security researcher known as Pwn20wnd published a technique that would allow outsiders to obtain root access to devices running iOS 12.4. Jailbreaking allows users to install unauthorized software on a device, a process that can make phones more vulnerable to hacking. It is exceedingly rare for a jailbreak of the latest iOS to be made public. Apple previously had fixed the same bug earlier this year after a Google researcher flagged the bug in a prior version of iOS. Patrick Wardle, principal security researcher at Jamf, a company focused on Apple device security, told CyberScoop that Apple’s reintroduction of the bug was “inexcusable, as it puts millions of iOS users at risk.” Smartphone customers long have sought methods of removing their […]

The post Apple patches bug that let hackers jailbreak iOS 12.4 appeared first on CyberScoop.

Continue reading Apple patches bug that let hackers jailbreak iOS 12.4→