Sean Lyngaas – Page 61 – WindowsTechs.com

How offense and defense came together to plug a hole in a popular Microsoft program

Posted on August 2, 2019 by Sean Lyngaas

It’s no secret that Microsoft’s Remote Desktop Services (RDS) software is a natural target for hackers. The same remote access that the popular program gives to clients also piques the interest of would-be attackers. That also makes fixing a bug in the software a good opportunity for both ends of the cybersecurity profession — offensive and defensive — to collaborate. One RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas. “This attack was very hard to detect,” recalled Dana Baril, a security software engineer at Microsoft. “The behavior didn’t stand out as unusual for the user.” A hacker exploiting the bug would be making network connections that looked a lot like whatever a normal person might do with RDS. Baril had received a report through Microsoft’s bug bounty program. She reached out to Eyal […]

The post How offense and defense came together to plug a hole in a popular Microsoft program appeared first on CyberScoop.

Continue reading How offense and defense came together to plug a hole in a popular Microsoft program→

A potentially state-sponsored hacking campaign tried to phish U.S. utilities in July, researchers say

Posted on August 1, 2019 by Sean Lyngaas

Hackers that may be state-sponsored tried to spearphish three companies in the U.S. utility sector last month, cybersecurity company Proofpoint said Thursday. The malware-laced emails were sent from July 19 to July 25 and appeared to impersonate a national association that facilitates engineering exams, Proofpoint researchers said. A Microsoft Word document attached to the emails contained a remote access trojan capable of deleting files, taking screenshots, rebooting a machine, and deleting itself from an infected network, among other attributes. The researchers did not say if the hackers were able to compromise the utility companies. A person familiar the matter told CyberScoop that at least one of the three organizations was able to block and mitigate the activity. That person did not have knowledge of the other two organizations that were targeted. It is also unclear who is behind the phishing operation. There are similarities between the macros used in this […]

The post A potentially state-sponsored hacking campaign tried to phish U.S. utilities in July, researchers say appeared first on CyberScoop.

Continue reading A potentially state-sponsored hacking campaign tried to phish U.S. utilities in July, researchers say→

Facebook shuts down ‘coordinated inauthentic behavior’ from Egypt, Saudi Arabia, UAE

Posted on August 1, 2019 by Sean Lyngaas

In the latest sign that fake accounts remain a popular tool for amplifying political messages on Facebook, the social media company says it has disrupted information campaigns emanating from Egypt, Saudi Arabia, and the United Arab Emirates. The hundreds of disabled accounts, groups and pages were involved in two unrelated operations, one originating in Egypt and the UAE, and the other in Saudi Arabia. The campaigns — which Facebook labeled as “coordinated inauthentic behavior” also included accounts on Instagram, which Facebook owns. Both campaigns used phony pages to post news in support of a political agenda, and both focused on countries in the Middle East and North Africa, Facebook said. The company linked the latter campaign, which supported Saudi Crown Prince Mohammad bin Salman, to the Saudi government. “We’re taking down these pages, groups and accounts based on their behavior, not the content they posted,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, wrote […]

The post Facebook shuts down ‘coordinated inauthentic behavior’ from Egypt, Saudi Arabia, UAE appeared first on CyberScoop.

Continue reading Facebook shuts down ‘coordinated inauthentic behavior’ from Egypt, Saudi Arabia, UAE→

Yet another hacking group is targeting oil and gas companies, Dragos says

Posted on August 1, 2019 by Sean Lyngaas

A previously undocumented hacking group has been targeting oil and gas companies along with telecommunications providers from Africa to Central Asia to the Middle East, the industrial cybersecurity company Dragos said Thursday. The revelation brings to five the number of groups tracked by Dragos that go after the oil and gas sector, highlighting the growing interest shown by well-resourced hackers in probing the industrial control systems (ICS) that underpin energy infrastructure. Oil and gas companies move markets and are strategic national assets, giving cyber operatives plenty of reason to scope them out. The new hacking group, which Dragos calls Hexane, has been particularly active in recent months, targeting organizations with phishing lures and malware implants. “It’s definitely stage-one activity with the intent to intrude,” Casey Brooks, senior adversary hunter at Dragos, told CyberScoop. “Whether they were successful or not, we can’t comment on that.” The far-flung activity underscores the interest that ICS-focused […]

The post Yet another hacking group is targeting oil and gas companies, Dragos says appeared first on CyberScoop.

Continue reading Yet another hacking group is targeting oil and gas companies, Dragos says→

DHS warns of vulnerability that could be used to alter flight data in small planes

Posted on July 30, 2019 by Sean Lyngaas

An insecure networking standard could allow a hacker with physical access to a small aircraft to trick the plane’s equipment into giving false readings of critical flight data, according to a warning from the Department of Homeland Security. The vulnerability, discovered by cybersecurity company Rapid7, is in the implementation of CAN bus, a popular networking standard that allows communication between microcontrollers in planes, cars and other machinery. A hacker would need physical access to carry out the hypothetical attack, which involves attaching a device to the plane’s CAN bus to insert false data. Engine readings, altitude and airspeed are among the data that could be manipulated, according to Rapid7 researcher Patrick Kiley. Kiley said the aviation sector is lagging in securing CAN bus networks because of an apparent reliance on physical security. Because the assumption is that hackers won’t get physical access to airplanes, “the increased perceived physical security of […]

The post DHS warns of vulnerability that could be used to alter flight data in small planes appeared first on CyberScoop.

Continue reading DHS warns of vulnerability that could be used to alter flight data in small planes→

Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras

Posted on July 30, 2019 by Sean Lyngaas

In a world of hackable things, protocols in surveillance cameras sometimes get overlooked. The cameras used in commercial buildings aren’t necessarily a priority for researchers looking for the next big intrusion, and the devices are often seen as one-dimensional targets that only yield the data they collect. But that misses the point of how a camera can be a gateway to other devices in a building. Hacking an internet-connected camera could give an attacker a pathway to a device controlling physical access to a facility, for example. That concern prompted researchers at Forescout Technologies to dissect surveillance cameras in their test lab in the Netherlands. What they found were widely used cameras using weak communication protocols to transmit data over unencrypted channels. The researchers were able to carry out a “man-in-the-middle attack,” which intercepts and manipulates data, to replace footage recorded by the camera with their own. Altering security footage at an airport, for example, could be […]

The post Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras appeared first on CyberScoop.

Continue reading Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras→

Marcus Hutchins, who stopped WannaCry’s spread, avoids prison time

Posted on July 26, 2019 by Sean Lyngaas

A British cybersecurity researcher best known for halting the spread of the global WannaCry ransomware outbreak two years ago will avoid prison for creating banking malware that surfaced in 2014. A federal judge in the Eastern District of Wisconsin on Friday sentenced 25-year-old Marcus Hutchins to time served and one year of supervised release, according to reporters in the courtroom. The decision brings to a dramatic close a legal saga that has absorbed the cybersecurity community for years. Hutchins, also known by the Twitter handle “MalwareTech,” had faced up to a decade in prison after pleading guilty in April to two counts related to writing and distributing the Kronos banking trojan, and another piece of malware known as UPAS Kit. Hutchins created Kronos as a black hat hacker, a life he disavowed before the WannaCry ransomware virus infected more than 200,000 computers in roughly 150 countries in May 2017. Hutchins, working as a security researcher at […]

The post Marcus Hutchins, who stopped WannaCry’s spread, avoids prison time appeared first on CyberScoop.

Continue reading Marcus Hutchins, who stopped WannaCry’s spread, avoids prison time→

A Russian military contractor has a new, shady Android malware kit

Posted on July 24, 2019 by Sean Lyngaas

A contractor for the Russian military that was sanctioned for interfering in the 2016 U.S. election has developed Android malware that is being used in “highly-targeted” attacks that exfiltrate data using third-party applications, according to mobile security company Lookout. The malware allegedly developed by the contractor, St. Petersburg-based Special Technology Center (STC), is capable of installing the attacker’s own software certificate in a certificate store and then using it for “man-in-the-middle” attacks, intercepting data before it reaches its intended recipient. “This ability is something that Lookout researchers have never seen in the wild before,” Lookout’s Adam Bauer, Apurva Kumar, Christoph Hebeisen said Wednesday. The so-called “Monokle” malware is extremely invasive, according to Lookout. It can record a target device’s screen while the user is unlocking it, capturing the user’s PIN. It abuses Android’s accessibility features to harvest data from third-party apps. And it uses “predictive-text dictionaries” to figure out what a […]

The post A Russian military contractor has a new, shady Android malware kit appeared first on CyberScoop.

Continue reading A Russian military contractor has a new, shady Android malware kit→

Hackers used password spraying to breach Citrix, investigation confirms

Posted on July 24, 2019 by Sean Lyngaas

The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. The “password spraying” ploy allowed the hackers to steal business files from a Citrix network drive along with a drive linked with its consulting practice, Citrix President David Henshall wrote in a blog post last week. The attackers had access to the drives for a “limited number of days,” between October 2018 and March 2019, he said. Henshall did not say who carried out the hack or what their ultimate objective was. VPN providers could be an enticing target for any set of hackers looking for a foothold in a corporation’s network. “The cybercriminals also may have accessed the individual virtual drives and company email accounts of a very limited number of compromised users and launched without further exploitation […]

The post Hackers used password spraying to breach Citrix, investigation confirms appeared first on CyberScoop.

Continue reading Hackers used password spraying to breach Citrix, investigation confirms→

‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats

Posted on July 23, 2019 by Sean Lyngaas

FBI Director Christopher Wray has been clear to Congress: cyberthreats are outpacing the FBI’s capacity to track them, and the bureau needs more money and people to catch up. Boosting the FBI’s roster of cybersecurity talent, rather than playing whack-a-mole with an expanding docket of threats, is of the essence. “[The cyber] threat has grown exponentially in terms of actors, methods, targets, and so we need personnel and tools there in a big, big way,” Wray told Senate appropriators in May. In fiscal 2020, the FBI is asking Congress for $70.5 million more in funding compared with the prior year for cybersecurity programs, and for 33 more personnel dedicated to the issue. Any new hires would be stepping into an agency that has transformed its approach to cyberspace in the last several years. The FBI has had to get more out of its cybersecurity personnel as the types of malware, and the number of actors willing […]

The post ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats appeared first on CyberScoop.

Continue reading ‘We have to hit the problem the way it hits us’: How the FBI tracks a range of hacking threats→