Sean Lyngaas – Page 63 – WindowsTechs.com

From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth

Posted on July 8, 2019 by Sean Lyngaas

Two years after the WannaCry ransomware wreaked havoc on the internet, security professionals are having a grim case of déjà-vu. They’ve tallied the internet-facing computers that aren’t patched for BlueKeep, a vulnerability in old Microsoft Windows operating systems, and wonder when that negligence will come home to roost. “I think everyone is in agreement that once exploits for this are public, it’s going to be bad,” Craig Williams, Cisco Talos’ director of outreach, told CyberScoop. The BlueKeep vulnerability is in Remote Desktop Services, a popular Windows program that grants remote access to computers for administrative purposes. By abusing that remote access, a hacker could delete data or install a new program on a system. “Every CISO right now should have a plan already written down to deal with BlueKeep once the exploit starts surfacing,” Williams said. Organizations need layered defenses so that any BlueKeep-based infection “doesn’t spread like wildfire behind what you […]

The post From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth appeared first on CyberScoop.

Continue reading From exploits to honeypots: How the security community is preparing for BlueKeep’s moment of truth→

‘DerpTrolling’ attacks on gaming sites get Utah man 27 months in prison

Posted on July 5, 2019 by Sean Lyngaas

A federal judge has sentenced a young hacker from Utah to 27 months in prison for carrying out distributed denial-of-service attacks against Sony Online Entertainment and other online gaming companies in 2013 and 2014. The judge also ordered Austin Thompson, 23, to pay $95,000 for damages he caused to Sony Online Entertainment, which was sold and renamed Daybreak Game Company in 2015. Thompson gained notoriety using the Twitter handle DerpTrolling to announce online attacks that downed game servers around the world for hours. Thompson pleaded guilty in November. He had faced up to 10 years in prison and a $250,000 fine. A review of court records did not reveal why the judge opted for a more lenient sentence. On at least one occasion, Thompson reportedly used an open-source tool known as Low Orbit Ion Cannon. The tool started as an innocuous program for testing organizations’ networks, but has long been used […]

The post ‘DerpTrolling’ attacks on gaming sites get Utah man 27 months in prison appeared first on CyberScoop.

Continue reading ‘DerpTrolling’ attacks on gaming sites get Utah man 27 months in prison→

TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S.

Posted on July 3, 2019 by Sean Lyngaas

A criminal hacking group known for authoring the widely used Locky ransomware appears to have new targets in its sights: financial institutions in Singapore, the United Arab Emirates and United States, as well as manufacturing and retail organizations in South Korea. The TA505 group began the campaign last month through tens of thousands of malicious emails, according to researchers at cybersecurity company Proofpoint. The new code is the latest innovation from the group, which is one of the more prolific and adept financially motivated cybercrime organizations. The Windows-based Locky, which emerged in 2016, yielded more than $200 million in ransom payments at its height, according to one estimate. This time, the group is deploying a new piece of malware to download an old remote access tool (RAT) that could have let it steal credentials from a target computer, Proofpoint said. The malware was downloaded in quarantined environments and not at customer sites, meaning there is no evidence that it compromised target […]

The post TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S. appeared first on CyberScoop.

Continue reading TA505 launches fresh attacks on financial organizations in Singapore, UAE and U.S.→

Popular genetic-mapping software potentially exposed patients’ data

Posted on July 1, 2019 by Sean Lyngaas

Security researchers have helped fix a flaw in genetic-mapping software that could have allowed a hacker to manipulate the results of a person’s DNA analysis, showing the challenges of securing code in an industry that is crunching ever-larger sets of data. The bug in the open-source Burrows-Wheeler Aligner (BWA) allowed genetic data to be sent over insecure channels, potentially exposing it to interception and manipulation. Genetic mapping involves replicating information from a person’s cells and comparing that to a standardized human genome, helping a doctor identify traits associated with a disease. In practice, a doctor receiving erroneous data from the software could have prescribed the wrong medication to a patient, warned analysts from the government-funded Sandia National Laboratories, who discovered the vulnerability. BWA is one of the most widely used programs for genetic mapping. A patch has been issued for the flaw. There is no evidence that the vulnerability has been exploited in the wild, researchers said. […]

Continue reading Popular genetic-mapping software potentially exposed patients’ data→

Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal

Posted on July 1, 2019 by Sean Lyngaas

A set of remote access tools used by Vietnam’s top hacking group remained largely undetected for years despite their reliance on sloppy code and other hacking techniques that fall short of the group’s normally high standard, according to research published Monday by BlackBerry Cylance. The OceanLotus group, also known as APT32, has gained notoriety in recent years for using carefully crafted tools to breach companies with business interests in Vietnam, particularly in the manufacturing and hospitality sectors. But use of the newfound remote access trojans (RATs), known as Ratsnif, is out of character for OceanLotus, a technically advanced group that projects power in cyberspace in support of Vietnamese interests. BlackBery Cylance’s new analysis shows how state-aligned groups can select from a range of malware that varies in sophistication, only using what is necessary against a target organization. There is “sloppy code [and] programmatical errors and debug messages not typically present in OceanLotus malware,” said Tom Bonner, BlackBerry Cylance’s director of threat research […]

The post Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal appeared first on CyberScoop.

Continue reading Vietnamese hacking group has a ‘Swiss Army knife’ of tools at its disposal→

Outgoing FBI cyber official joins Accenture’s incident response team

Posted on June 28, 2019 by Sean Lyngaas

Eric Welling has left his position as deputy assistant director of the FBI’s Cyber Division to join consulting giant Accenture, a company spokesperson confirmed. After more than 20 years at the FBI, Welling will lead Accenture Security’s North America Incident Response Command Center. The center is part of a set of “cyber fusion centers” where Accenture provides threat analysis and other security services, a company spokesperson said. Accenture has built up its incident response capabilities, which help organizations recover from breaches, since acquiring FusionX in 2015. “As critical as it is for our nation to build its cyber defenses it is equally as critical for our businesses, across the globe, to become cyber resilient,” Welling said in a statement. “It was a tremendous privilege to work alongside my colleagues at the FBI and I now look forward to working with Accenture Security and its clients to help secure their businesses from even the most […]

The post Outgoing FBI cyber official joins Accenture’s incident response team appeared first on CyberScoop.

Continue reading Outgoing FBI cyber official joins Accenture’s incident response team→

FDA urges patients to ditch vulnerable insulin pumps built by Medtronic

Posted on June 27, 2019 by Sean Lyngaas

A vulnerability in an insulin pump made by medical device vendor Medtronic could allow a hacker to change the pump’s settings and control the delivery of the hormone, the Food and Drug Administration warned Thursday. After security researchers demonstrated how an attacker could abuse a radio frequency protocol, which the pump uses to communicate with other devices, to inject and intercept data, the FDA told patients to switch to pump models with better cybersecurity protections. The advisory is the latest example of a health care company struggling to secure medical technology, which often is expensive and difficult to replace. Norman “Ned” Sharpless, acting head of the FDA, said the agency wasn’t aware of any patient harm stemming from the software vulnerability. While we are not aware of any patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant. — […]

The post FDA urges patients to ditch vulnerable insulin pumps built by Medtronic appeared first on CyberScoop.

Continue reading FDA urges patients to ditch vulnerable insulin pumps built by Medtronic→

Gift-card scheme went well beyond Wipro hack, RisKIQ reports

Posted on June 26, 2019 by Sean Lyngaas

The high-profile breach of Indian IT giant Wipro earlier this year was but one part in a series of campaigns carried out by a set of money-driven hackers over the last three years, researchers said Wednesday. The scheme, as documented by cybersecurity company RiskIQ, covered essentially the whole ecosystem of companies involved in gift-card transactions – from distributors to payment processors to IT providers, with shopping-industry giants Best Buy, Costco, and Sears among the organizations targeted with phishing emails. The hackers employed open-source software whose use is difficult to attribute, and they even turned an anti-phishing training platform on its head to target organizations, the researchers said. “RiskIQ has identified at least five distinct attack campaigns based off analysis of the actor-owned infrastructure,” the San Francisco-based company said in a report. RiskIQ emphasized that the organizations listed were targeted but not necessarily breached, by the hackers. However, the report notes, the hackers’ “operational tempo increased to ramp […]

The post Gift-card scheme went well beyond Wipro hack, RisKIQ reports appeared first on CyberScoop.

Continue reading Gift-card scheme went well beyond Wipro hack, RisKIQ reports→

Senate investigation finds agencies ‘unprepared’ to protect Americans’ data

Posted on June 25, 2019 by Sean Lyngaas

Federal agencies are “failing to implement basic cybersecurity standards” needed to protect Americans’ personal data and keep the nation’s secrets safe from hackers, a Senate investigation has concluded. The report, which drew on 10 years’ worth of inspector general reports at eight agencies, paints a picture of persistent neglect of standard network defense measures. It comes more than four years after the breach of the Office of Personnel Management, in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees. Lessons from that sweeping compromise of American security clearances still haven’t been heeded, according to the report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. “Despite major data breaches like OPM, the federal government remains unprepared to confront the dynamic cyberthreats of today,” laments the report, which covered the departments of Agriculture, Education, Health and Human Services, Homeland […]

The post Senate investigation finds agencies ‘unprepared’ to protect Americans’ data appeared first on CyberScoop.

Continue reading Senate investigation finds agencies ‘unprepared’ to protect Americans’ data→

Chinese spies have been sucking up call records at multinational telecoms, researchers say

Posted on June 24, 2019 by Sean Lyngaas

Chinese hackers have hit the soft underbelly of global telecommunications companies to siphon off hundreds of gigabytes of data, according to an investigation by security company Cybereason. The long-running hacking campaign, which has breached about 10 cellular providers in Africa, Europe, the Middle East and Asia, bears all the hallmarks of an intelligence operation, Cybereason researchers said. In one instance, the spies targeted roughly 20 customers of a cellular provider. “No one siphons out hundreds of gigabytes of data about a very specific amount of individuals unless it’s for intelligence [purposes],” said Amit Serper, principal security researcher at Cybereason, which published research on the campaign Tuesday.“The attackers knew exactly what they were after.” Cybereason declined to name the breached telecommunications providers, but said they had hundreds of millions of customers in total. Since at least 2017, the hackers have burrowed their way, computer by computer, deep into the victim organizations until they had […]

The post Chinese spies have been sucking up call records at multinational telecoms, researchers say appeared first on CyberScoop.

Continue reading Chinese spies have been sucking up call records at multinational telecoms, researchers say→