Author Archives: Sean Lyngaas

Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’

Posted on by

A Pennsylvania credit union has sued fintech giant Fiserv for allegedly failing to address persistent vulnerabilities in the platform that powers its banking websites and online applications. In a lawsuit filed Friday, Bessemer System Federal Credit Union said that the web platform maintained by Fiserv, is “plagued with security vulnerabilities that affect the privacy of thousands of Bessemer’s members.” Those vulnerabilities were “based on baffling and amateurish security lapses,” the document alleges. The complaint describes Wisconsin-based Fiserv’s technology as the “lifeblood of Bessemer” in that it is used to run the website, generate statements and track deposits. But now, the credit union says it’s ditching Fiserv, a Fortune 500 company that says it has some 12,000 clients in over 80 countries. “To protect the credit union’s members, the credit union is replacing its core processing vendor and will be taking appropriate legal action against the vendor,” said Charles Nerko, a […]

The post Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’ appeared first on CyberScoop.

Continue reading Fintech giant Fiserv sued by Pa. credit union for ‘baffling security lapses’

FBI director: Protecting 2018 election was a ‘dress rehearsal’ for 2020

Posted on by

Protecting the 2018 U.S. midterm elections from foreign meddling was a “dress rehearsal for the big show” of the 2020 presidential elections, which adversaries are expected to target, FBI Director Christopher Wray said Friday. “Our adversaries are going to keep adapting and upping their game,” Wray said in a speech at the Council on Foreign Relations, adding that multiple nation-states have learned from Russia’s influence operations in the 2016 presidential election. After the sweeping Russian intervention in 2016 – which also included probing voter databases and breaching and disseminating thousands of Democratic Party emails– federal agencies put an unprecedented amount of resources into defending the 2018 midterms. The 2018 vote passed without any “material impact or interference” on election or campaign infrastructure, Wray said Friday as he hailed “enormous strides” in election security. Now, all eyes are on 2020. If foreign intelligence agencies already have their sights on the 2020 […]

The post FBI director: Protecting 2018 election was a ‘dress rehearsal’ for 2020 appeared first on CyberScoop.

Continue reading FBI director: Protecting 2018 election was a ‘dress rehearsal’ for 2020

Classified data key to new acquisition approach, Federal CISO says

Posted on by

The strength of a new federal acquisition council on supply-chain security lies in its ability to directly involve classified information in agencies’ decisions to buy products and services, according to a senior White House official. The new regime contrasts from previous “whack-a-mole” approaches that were confined to the unclassified space, Federal Chief Information Officer Grant Schneider said Thursday at the 2019 Security Through Innovation Summit, presented by McAfee. He chairs the nascent interagency Federal Acquisition Security Council, which was established by a law signed by President Donald Trump in December. The law allows classified information to be used to support risk assessments while assuring the intelligence community that data is protected, Schneider added. “The Binding Operational Directive on Kaspersky was completely through open-source [information],” Schneider said, referring to a 2017 federal order that, due to security concerns, banned civilian agencies from using products made by Moscow-based Kaspersky Lab. “If we […]

The post Classified data key to new acquisition approach, Federal CISO says appeared first on CyberScoop.

Continue reading Classified data key to new acquisition approach, Federal CISO says

TA505 hackers thwarted at the door of a big financial org

Posted on by

A failed attempt to breach a big financial institution is providing new data on a global criminal hacking group known for authoring the widely-used Locky ransomware. The group, dubbed TA505, has stalked financial organizations on multiple continents. Boston-based security company Cybereason says earlier this month it blocked a hack from the group against an unnamed financial institution. “This malware is part of a larger campaign” against organizations that was precise in its targeting, Eli Salem, a Cybereason security analyst, told CyberScoop. The fresh threat intelligence from the breach attempt includes a revamped backdoor and an example of how the hackers are signing their malicious code using a legitimate certificate – a hallmark of advanced groups looking to avoid detection. TA505 is known for writing the Windows-based Locky ransomware that emerged in February 2016. At its height, Locky was one of the most common ransomware strains, employed in mass email campaigns for […]

The post TA505 hackers thwarted at the door of a big financial org appeared first on CyberScoop.

Continue reading TA505 hackers thwarted at the door of a big financial org

Someone is spoofing big bank IP addresses – possibly to embarrass security vendors

Posted on by

The last several days have seen a surge in internet traffic mimicking the IP addresses of big U.S. banks in a possible effort to disrupt the cybersecurity personnel and products that help protect them, according to GreyNoise Intelligence, a company that maps internet traffic. Bank of America, JPMorgan Chase, and SunTrust are among the banks whose IP addresses are being spoofed to seem like they are conducting broad scans of the internet, GreyNoise said. That large-scale scanning is duping people into thinking that the IP addresses are malicious, GreyNoise founder Andrew Morris told CyberScoop. “There are a lot of people around the internet who are definitely convinced that these are bad IPs,” he said. Threat intelligence teams in the U.S. financial sector are looking into the issue, sources told CyberScoop. Morris said the volume of traffic is too low to be a distributed denial-of-service attack. Instead, he suggested, a bad […]

The post Someone is spoofing big bank IP addresses – possibly to embarrass security vendors appeared first on CyberScoop.

Continue reading Someone is spoofing big bank IP addresses – possibly to embarrass security vendors

Patient PII exposed in leak of Pennsylvania-based rehab center records

Posted on by

A trove of personally identifiable information on patients at an addiction treatment center in Pennsylvania has been left in an insecure database, potentially exposing those people to identity theft. Patient names, their rehab care provider, and specific procedures they received were among the information sitting in a database that didn’t require authentication for someone to access, according to Justin Paine, the security researcher who made the discovery. Taking a tiny sample size of the nearly 5 million rows of data that he found, Paine roughly estimated that over 146,000 unique patients could be affected by the data leak. He emphasized, however, that it is “entirely possible” that the sample was not representative of the full dataset. “I only sampled the 5,000 rows of data,” Paine told CyberScoop in an email. “I didn’t want to go digging through the sensitive data any further than I needed to.” Paine came across the […]

The post Patient PII exposed in leak of Pennsylvania-based rehab center records appeared first on CyberScoop.

Continue reading Patient PII exposed in leak of Pennsylvania-based rehab center records

How companies – and the hackers themselves – could respond to the OilRig leak

Posted on by

In the last few weeks, hacking tools apparently used by a prolific Iran-linked group have been publicly leaked, exposing the hackers’ malicious code, the IP addresses of their servers, and their alleged victims. An unknown person or group began dumping the information last month via Telegram, and has since doxed alleged members of the group known to the cybersecurity community as OilRig, APT34, or Helix Kitten. Whoever is behind the Telegram channel claimed to expose the “names of the cruel managers” behind OilRig, and pointed the finger at the Iranian intelligence ministry. While the ties of those individuals to OilRig has not been confirmed, a remote-access trojan and other tools, which have since been posted to GitHub, are authentic and employed by the group, researchers tell CyberScoop. They have been used in a series of hacking campaigns in recent years that industry analysts say align with the interests of the […]

The post How companies – and the hackers themselves – could respond to the OilRig leak appeared first on CyberScoop.

Continue reading How companies – and the hackers themselves – could respond to the OilRig leak

Scammers are selling 3.2 million payment records stolen from Indian cardholders

Posted on by

Cybercriminals have reaped a healthy profit by buying and selling on the dark web financial information that belongs to cardholders in India, according to new research. Underground forums contained 3.2 million records of stolen Indian card data last year, a 219 percent uptick from 2017, Gemini Advisory, a dark-web intelligence company, said Thursday. India now ranks third internationally when it comes to the number of stolen records for sale on the dark web, following the U.S. and U.K. “Criminals continuously search for payment cards from specific banks that provide the highest return on investment, and largely spend money only when confident that they stand to make a profit,” researchers said in a report. In the world’s second most populous country, fraudsters target online vendors with weak cyberdefenses and that offer access to a trove of card data. Many payment breaches go unreported in India, meaning banks are slow to stop cards from being used […]

The post Scammers are selling 3.2 million payment records stolen from Indian cardholders appeared first on CyberScoop.

Continue reading Scammers are selling 3.2 million payment records stolen from Indian cardholders

PPD-20 successor has yielded ‘operational success,’ Federal CISO says

Posted on by

A revamped policy framework for offensive U.S. cyber operations is much quicker than its predecessor and has yielded “operational success,” a top White House cybersecurity official said Tuesday. Last August, President Donald Trump rescinded the Obama-era policy, known as Presidential Policy Directive 20, which governed U.S. hacking operations, and replaced it with the new framework. Critics said PPD-20’s intricate interagency process unnecessarily delayed offensive operations, while advocates called it an important mechanism for accounting for all of the potential repercussions of a cyberattack. The new structure “gives more authority to the people who need to actually make those decisions” about offensive operations, Grant Schneider, the federal information security officer, said at an event hosted by the nonprofit Intelligence and National Security Alliance. U.S. officials are focused on ensuring that the Pentagon “has the tools available to leverage offensive cyber capabilities,” he added. The remarks from Schneider, the National Security Council’s top defensive-focused […]

The post PPD-20 successor has yielded ‘operational success,’ Federal CISO says appeared first on CyberScoop.

Continue reading PPD-20 successor has yielded ‘operational success,’ Federal CISO says

Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector

Posted on by

For researchers investigating malicious network activity in a given country, scanning hacker forums is like reading tea leaves. The discussion boards can provide insight about which malware is most popular, its likely victims and some clues that can help identify the thieves cashing in. In Brazil, underground bazaars host a bevy of hackers that cybersecurity company Recorded Future has dubbed “pirates” for their willingness to change tactics at any time in order to find easy money. That traditionally could mean flooding a large number of users with text messages and counting on someone to click a link, or using spam to change the domain name settings on local routers. It’s clear now some so-called pirates are capable of more. Skilled Brazilian cybercriminals are able to circumvent two-factor authentication through SIM-swapping, by compromising desktops used for banking, or by directly interfering with the banking sessions, according to research published Tuesday by Recorded Future. The findings illuminate a Brazilian […]

The post Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector appeared first on CyberScoop.

Continue reading Brazilian ‘pirates’ sail around two-factor authentication to vex banking sector