Sean Lyngaas – Page 62 – WindowsTechs.com

Pentagon cyber contractor charged for allegedly threatening to kill member of Congress

Posted on July 18, 2019 by Sean Lyngaas

A Department of Defense cybersecurity contractor has been charged with threatening to kill a member of Congress over a bill that would require children in public schools to receive vaccinations, according to a criminal complaint filed in federal court earlier this month. Darryl Albert Varnum allegedly left a voicemail at the office of the member of Congress on June 26 saying he would “f—ing come down and kill your f—ing ass” if “you do that bill,” according to an affidavit filed in the U.S. District Court for the District of Maryland. He is charged with threatening an official. Minutes after the phone call, on his Facebook page, Varnum allegedly posted about a bill, The Vaccinate All Children Act of 2019, introduced in May in the U.S. House of Representatives. The sponsor of the vaccination bill is Frederica Wilson, D-Fla., who also is the subject of the threat, according to The Daily Beast. The affidavit did not […]

The post Pentagon cyber contractor charged for allegedly threatening to kill member of Congress appeared first on CyberScoop.

Continue reading Pentagon cyber contractor charged for allegedly threatening to kill member of Congress→

BitPaymer targets 15 U.S. organizations in 3 months, researchers say

Posted on July 18, 2019 by Sean Lyngaas

An ongoing campaign using the BitPaymer ransomware has targeted at least 15 U.S. organizations in the last three months across the financial, agricultural, technology and government sectors, researchers said Thursday. In an operation marked by meticulous planning, the hackers are phishing their targets with emails laced with the Dridex malware, another one of their staple tools, according to Israeli cybersecurity company Morphisec. After surveying the network, they deploy BitPaymer over a weekend, when employees are out. The ransomware spreads as people get back to work on Monday, Morphisec said. Morphisec would not name any of the affected organizations, but CTO Michael Gorelik told CyberScoop that i has dealt directly with two of them. He declined to offer more details, and he would not elaborate on the “supply chain solution provider” that his company said was also attacked. On average, the organizations targeted had between 200 and 1,000 employees, Gorelik said. The findings are the latest example […]

The post BitPaymer targets 15 U.S. organizations in 3 months, researchers say appeared first on CyberScoop.

Continue reading BitPaymer targets 15 U.S. organizations in 3 months, researchers say→

This firmware flaw was bad enough, but then researchers looked at the supply chain

Posted on July 17, 2019 by Sean Lyngaas

When researchers first found critical vulnerabilities in the firmware of Lenovo computer servers, it looked like a fairly straightforward issue. The problem, however, involved far more than the Hong Kong-based PC giant. The vulnerabilities were in the software of baseboard management controllers (BMC), the small processors used to remotely manage servers at an organization. The flaws could allow an attacker to run arbitrary code within the BMCs to retain persistent access to a computer system, or to “brick” the BMC entirely, rendering it inoperable. Those facts alone were cause for concern, but specialists at hardware-security company Eclypsium discovered a bigger story. The firmware in question was actually sourced from another company — Ohio-based Vertiv — and it was present in servers made by at least seven other vendors. “That’s when we realized just how complex and vulnerable the BMC supply chain is,” said Jesse Michael, principal security researcher at Eclypsium. The […]

The post This firmware flaw was bad enough, but then researchers looked at the supply chain appeared first on CyberScoop.

Continue reading This firmware flaw was bad enough, but then researchers looked at the supply chain→

‘StrongPity’ hacking group does just enough to get around defenses

Posted on July 17, 2019 by Sean Lyngaas

Rather than expend resources on creating fancy new tools, malicious hackers often do the bare minimum needed to breach their targets. That means that when researchers expose their malware, the groups tend to only slightly modify their code to keep it effective. The latest activity from an advanced persistent threat known as StrongPity is a prime example. After having its actions called out last year, StrongPity has come up with new malware samples it is using in a month-long, ongoing campaign against users in Turkey, according to research published Wednesday by AT&T Alien Labs. Although the code has been altered, the general attack method remains the same: go after users who download router management software to infect target organizations, and use the popular file archiver WinRAR for delivery. The spyware delivered to the organizations, which is also called StrongPity, hunts for documents on an infected network and lingers on, retaining […]

The post ‘StrongPity’ hacking group does just enough to get around defenses appeared first on CyberScoop.

Continue reading ‘StrongPity’ hacking group does just enough to get around defenses→

More than 805,000 systems are still exposed to BlueKeep, study finds

Posted on July 17, 2019 by Sean Lyngaas

Since May, security researchers have been sounding the alarm about the “BlueKeep” vulnerability in old Microsoft Windows operating systems. There has been a large movement to get users to patch for the flaw, which could be exploited at scale. Data released Wednesday by cybersecurity company BitSight Technologies shows a mixed report card on how well organizations have closed that security hole. First, the bad news: as of July 2, more than 805,000 operating systems that are online are still vulnerable to BlueKeep, the Boston-based company said. That leaves a broad potential attack surface for someone who exploits the vulnerability. BlueKeep is “wormable,” meaning the malware could infect systems as it finds its own ways to move from network to network. By abusing the remote access granted by Remote Desktop Services, a Windows program, a hacker could delete data or install a new program on a system. “We are really trying […]

The post More than 805,000 systems are still exposed to BlueKeep, study finds appeared first on CyberScoop.

Continue reading More than 805,000 systems are still exposed to BlueKeep, study finds→

Russia’s Turla group goes trolling with code labeled “TrumpTower”

Posted on July 15, 2019 by Sean Lyngaas

It’s a common practice: Researchers digging through malware find legitimate clues that point to its authors or data that are false flags meant to throw researchers off the right path. In the case of the Turla hacking group, which is reportedly tied to Russia’s FSB intelligence service, it is unclear why the group decided to name one of its code strings “TrumpTower” or another “RocketMan!” – presumably a reference to U.S. President Donald Trump’s nickname for North Korean dictator Kim Jong Un. Regardless of whether or not Turla was trolling, it’s clear to researchers from cybersecurity company Kaspersky that the new code was built for an ongoing hacking campaign aimed at a narrow set of unnamed government organizations. To deliver the malicious code to its targets, Turla used legitimate software downloaders, such as tools to evade internet censorship, that were infected with a “dropper” to install the malware. While not saying where the targeting […]

The post Russia’s Turla group goes trolling with code labeled “TrumpTower” appeared first on CyberScoop.

Continue reading Russia’s Turla group goes trolling with code labeled “TrumpTower”→

Engineer took U.S. locomotive manufacturer’s source code to China, prosecutors say

Posted on July 11, 2019 by Sean Lyngaas

A former software engineer at a locomotive manufacturer in Illinois stole intellectual property from the company and took it to China, according to a U.S. Department of Justice inductment made public this week. The 57-year-old engineer, Xudong “William” Yao, has been charged with nine counts of related to the alleged theft of trade secrets, the Department of Justice said Thursday. The indictment returned by the U.S. District Court for the Northern District of Illinois alleges a months-long scheme by Yao to steal more than 3,000 electronic files including source code, technical documents and other sensitive data from the unnamed manufacturing company. Within two weeks of joining the company, located in suburban Chicago, in August 2014, Yao downloaded proprietary data detailing locomotive operating systems, according to the indictment. That activity continued for six months before Yao ultimately accepted a job at a company in China that made automotive telematics service systems, U.S. officials alleged. […]

The post Engineer took U.S. locomotive manufacturer’s source code to China, prosecutors say appeared first on CyberScoop.

Continue reading Engineer took U.S. locomotive manufacturer’s source code to China, prosecutors say→

The developers of the notorious FinSpy spyware are innovating — and thriving

Posted on July 10, 2019 by Sean Lyngaas

Like any competitive company, a spyware vendor has to innovate when its proprietary data is exposed or stolen. For Gamma Group, the maker of the notorious FinSpy spyware, the definitive moment came in 2014, when it was hacked and information about its software and clients was dumped online. Since then, FinSpy’s authors have revamped big portions of the software, improving the encryption and making the code harder for analysts to parse, according to new research from Kaspersky Lab. The updated spyware implants for iOS and Android have been used in nearly 20 countries in the last year or so across Asia, Europe, and the Middle East, the researchers said Wednesday. In Myanmar, an ongoing campaign has infected several dozen phones. The researchers suspect there are many more victims out there, given how popular FinSpy has been with government clients. “The developers behind FinSpy constantly monitor security updates for mobile platforms and tend to quickly […]

The post The developers of the notorious FinSpy spyware are innovating — and thriving appeared first on CyberScoop.

Continue reading The developers of the notorious FinSpy spyware are innovating — and thriving→

Researchers warn of critical vulnerability in GE anesthesia machines

Posted on July 9, 2019 by Sean Lyngaas

A flaw in the firmware of anesthesia and respiratory devices made by General Electric could allow a hacker to change the composition of gases dispensed by the equipment, putting patients at risk, cybersecurity researchers warned Tuesday. “If exploited, this vulnerability could directly impact the confidentiality, integrity and availability of device components,” CyberMDX, the health care security company that discovered the issue, said in a statement. For the vulnerability to be exploited, a hacker would need access to a hospital’s network and for the machines to be connected to a terminal server, or one that allows enterprises to connect to multiple systems, according to CyberMDX. But with that access, an attacker could not only alter gas composition, the researchers said, but also silence alarms on the equipment and change dates and timestamps that document a patient’s surgery. “Once the integrity of time and date settings has been compromised, you no longer […]

The post Researchers warn of critical vulnerability in GE anesthesia machines appeared first on CyberScoop.

Continue reading Researchers warn of critical vulnerability in GE anesthesia machines→

Zoom flaw could enable hackers to activate Mac webcams without permission

Posted on July 9, 2019 by Sean Lyngaas

A vulnerability in the Mac version of Zoom, the popular video conferencing application, could allow a hacker to turn on a user’s video camera without their authorization or disrupt their computer via a denial-of-service attack, according to research published Monday. The vulnerability, found by security researcher Jonathan Leitschuh, exists in a Zoom feature that lets a user send a meeting invite via a web link. By clicking the link, a user is launched into a video call. But a phishing campaign or a website laced with malicious advertisements could take advantage of those links, Leitschuh said. Leitschuh, a software engineer at the engineering organization Gradle, published his findings Monday on the blogging platform Medium after Zoom failed to fix the problem within 90 days. “An organization of this profile and with such a large user base should have been more proactive in protecting their users from attack,” he wrote. Asked how many Zoom […]

The post Zoom flaw could enable hackers to activate Mac webcams without permission appeared first on CyberScoop.

Continue reading Zoom flaw could enable hackers to activate Mac webcams without permission→