Author Archives: Sean Lyngaas

Chinese-linked APT10 has been active in the Philippines, researchers say

Posted on by

An elite Chinese government-linked hacking group known for allegedly stealing reams of data from U.S. organizations has been actively targeting entities in the Philippines, according to new research first shared with CyberScoop. During the month of April, the APT10 hacking group, which U.S. officials have tied to China’s civilian intelligence agency, has been using two new malicious software variants to deliver its payloads against targets in the Philippines, according to analysts from endpoint security firm enSilo. It is unclear what the goal of the targeting is, or who the victims are, enSilo researchers said. “Both the loader variants and their various payloads that we analyzed share similar tactics, techniques, and procedures, and code associated with APT10,” the firm wrote in research published Friday. The burst of activity could be a short-lived attack or a test run for a future campaign. But the researchers are trying to warn potential victims about changes in the […]

The post Chinese-linked APT10 has been active in the Philippines, researchers say appeared first on CyberScoop.

Continue reading Chinese-linked APT10 has been active in the Philippines, researchers say

Researchers are still using lessons from VPNFilter to track threats one year later

Posted on by

It’s a been a year since private security researchers worked with the FBI to dismantle a 500,000-router-strong botnet that loomed over Ukraine. Now, lessons learned in that takedown of the “VPNFilter” botnet are still reverberating today in the cybersecurity community, informing defenders about other sets of malicious activity, said Martin Lee, a manager at Cisco Talos, the threat intelligence team that helped uncover the botnet. Lee pointed to the so-called Sea Turtle domain name system hijacking campaign, which Talos detailed last month. Like VPNFilter, the Sea Turtle activity was an example of a state-sponsored attacker abusing internet infrastructure at scale to steal credentials. Data gathered from the VPNFilter investigation, combined with the lesson that state-sponsored actors are wiling to subvert core internet infrastructure, has driven home the fact that attackers can exploit critical devices at scale in a way that few people had fully appreciated. “Essentially, [the Sea Turtle perpetrator] is a threat actor trying to do […]

The post Researchers are still using lessons from VPNFilter to track threats one year later appeared first on CyberScoop.

Continue reading Researchers are still using lessons from VPNFilter to track threats one year later

CISA’s Krebs: Request for border volunteers won’t have operational impact on agency

Posted on by

A call for volunteers to help at the U.S.-Mexico border will not have an impact on the Department of Homeland Security’s Cybersecurity and Infrastructure Agency’s (CISA) operational activities, the agency’s director said Wednesday. “We will ensure that we don’t have operational impact,” particularly on top priority items like election security, CISA Director Chris Krebs said after remarks at a conference hosted by the Georgetown University Law Center. Ten CISA employees that have volunteered are already at the border, and another 10 will soon join them, Krebs told members of the House Oversight and Reform subcommittee. Only one or two of the volunteers who have deployed actually focus on cybersecurity, Krebs told reporters after the hearing. CISA as a whole has roughly 3,500 employees, according to a November estimate. Last week, CISA Deputy Director Matt Travis emailed employees asking them to consider volunteering for 30 to 45 days at the border in response […]

The post CISA’s Krebs: Request for border volunteers won’t have operational impact on agency appeared first on CyberScoop.

Continue reading CISA’s Krebs: Request for border volunteers won’t have operational impact on agency

Google: We’ve been storing some enterprise customer passwords in plaintext since 2005

Posted on by

Google has notified an unspecified number of its enterprise customers that their passwords have been stored in plaintext inside the company’s internal encrypted systems due to a technical issue that has existed since 2005. The issue does not affect free Gmail consumer accounts; only the enterprise accounts that Google refers to as G Suite. “We have been conducting a thorough investigation and have seen no evidence of improper access to or misuse” of the affected credentials, Suzanne Frey, vice president of engineering in Google’s cloud division, wrote in a blog post Tuesday. Frey apologized to users for not storing the passwords with cryptographic hashes, which is an industry best practice that prevents the data host from seeing a password in plain text. “We take the security of our enterprise customers extremely seriously, and pride ourselves in advancing the industry’s best practices for account security,” Frey said. “Here we did not live […]

The post Google: We’ve been storing some enterprise customer passwords in plaintext since 2005 appeared first on CyberScoop.

Continue reading Google: We’ve been storing some enterprise customer passwords in plaintext since 2005

What goes around comes around: Researchers find backdoor in pirated Apple phishing kit

Posted on by

Criminals accustomed to planting backdoors in software may be getting a taste of their own medicine. Researchers at cybersecurity company Akamai Technologies have found a backdoor in a bootlegged version of 16Shop, a popular phishing kit marketed to criminals targeting Apple users. The data leaks to a channel on the encrypted messaging service Telegram, meaning a victim’s data could be stolen by anyone using the pirated kit, but also by anyone accessing the channel. “Someone spent a lot of time and effort to build a really good toolkit and to get more money out of that” by planting the backdoor, said Or Katz, principal lead security researcher at Akamai, which published research on 16Shop on Tuesday. The phishing kit consists of hundreds of files, including login pages that spoof targeted platforms. Industry analysts have been tracking 16Shop since at least last year, and have traced the kit’s development to an Indonesian […]

The post What goes around comes around: Researchers find backdoor in pirated Apple phishing kit appeared first on CyberScoop.

Continue reading What goes around comes around: Researchers find backdoor in pirated Apple phishing kit

Election commission hires 2 tech experts for testing and certification program

Posted on by

The U.S. Election Assistance Commission has added two experienced hands to its voting system certification program amid concerns it had a shortage of technical experts overseeing election infrastructure. The agency is staffing up its crucial certification program by hiring Jessica Bowers, a former executive at Dominion Voting Systems, one of the country’s three largest voting system vendors, and Paul Aumayr, a former Maryland election official. Both new hires will work as senior election technology specialists. In an email announcement to staff obtained by CyberScoop, EAC Executive Director Brian Newby touted Bowers and Aumayr’s technical acumen. Bowers has “over 18 years of software development and product support experience,” while Aumayr is a “Microsoft-certified systems engineer,” Newby wrote. Both will begin work May 28 and report to Jerome Lovato, a former Colorado state election official. Earlier this month, Lovato was tapped to head the EAC’s program for testing and certifying voting systems. He replaced Ryan Macias, whose departure […]

The post Election commission hires 2 tech experts for testing and certification program appeared first on CyberScoop.

Continue reading Election commission hires 2 tech experts for testing and certification program

Citing data security concerns, DHS warns industry of Chinese-made drones

Posted on by

The Department of Homeland Security is warning companies that their data may be at risk if they use commercial drones manufactured in China. The combination of the sensitive data collected by drones and the requirement of Chinese citizens to support “national intelligence activities” makes the Chinese-made technology a significant risk to U.S. companies, DHS’s Cybersecurity and Infrastructure Security Agency said this week in an industry alert, obtained by CyberScoop. “Be cautious when purchasing [drone] technology from Chinese manufacturers as they can contain components that can compromise your data and share your information on a server accessed beyond the company itself,” the advisory says. “Manufacturers and vendors can build in malware or collect data from your UAS device without your knowledge,” the alert states. Other concerns are that an organization is susceptible to data theft if the drone is transmitting unencrypted data or, more broadly, that a drone could increase the […]

The post Citing data security concerns, DHS warns industry of Chinese-made drones appeared first on CyberScoop.

Continue reading Citing data security concerns, DHS warns industry of Chinese-made drones

Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense

Posted on by

With the private industrial cybersecurity market thriving, the Department of Homeland Security is continuing to push for closer coordination with experts on the front lines of defending facilities like power plants from hackers. In speeches last week to vendors, security researchers, and state officials, DHS personnel said they wanted to help put companies on a more proactive defensive posture to thwart hacking threats to industrial environments. The department has been working with ICS vendors to test security products before they go to market, but more needs to be done, Jeanette Manfra, assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency, said last Wednesday at Hack the Capitol, an ICS security conference in Washington, D.C. “In this space, unlike really, frankly, any other, we have got to have much more capability to prevent the attacks from happening before they get in there – or at least detect them quickly so […]

The post Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense appeared first on CyberScoop.

Continue reading Appealing for collaboration, DHS nudges ICS companies toward a more ‘proactive’ defense

International police dismantle crime ring that allegedly used GozNym malware to try to steal $100 million

Posted on by

Law enforcement officials from the U.S. and some European allies say they have broken up a criminal network that used banking malware to try to steal an estimated $100 million from over 41,000 victims in multiple countries. An indictment made public Thursday alleges that 10 members of a criminal organization used the GozNym malware, a banking trojan that infects internet browsers and was compiled from two other known pieces of malware, to steal victims’ login credentials, steal their money and then launder those funds through U.S. and foreign bank accounts. The primary victims were U.S. businesses and their supporting financial institutions, including several victims in the Western District of Pennsylvania, U.S. officials said. Other organizations hit were a Pennsylvania asphalt and paving business, a Washington law firm, a casino in Gulport, Mississippi, and a California furniture business, according to the indictment. Cybersecurity researchers tracking GozNym in recent years have reported its targeting of credit […]

The post International police dismantle crime ring that allegedly used GozNym malware to try to steal $100 million appeared first on CyberScoop.

Continue reading International police dismantle crime ring that allegedly used GozNym malware to try to steal $100 million

After Meltdown and Spectre, meet a new set of Intel chip flaws

Posted on by

Those who warned that the Meltdown and Spectre computer chip flaws revealed last year would trigger a new era of hardware vulnerability discovery were onto something. On Tuesday, Intel and a group of cybersecurity researchers published details on four new potential chip attacks that exploit the same “speculative execution” process, which is used to improve CPU performance, that was central to Meltdown and Spectre. The newly revealed security issues could allow attackers to steal sensitive data from a CPU in multiple ways. Like Meltdown and Spectre, there isn’t evidence these attacks have been executed in the wild, but the insecurities they reveal in micro-architectures demand attention from hardware owners. The colorfully named ZombieLoad attack, for example, unearths private browsing history and leaks information from a computer’s application, operating system and virtual machines in the cloud. The RIDL attack leaks information from different security buffers inside the Intel processors, while an […]

The post After Meltdown and Spectre, meet a new set of Intel chip flaws appeared first on CyberScoop.

Continue reading After Meltdown and Spectre, meet a new set of Intel chip flaws