Sean Lyngaas – Page 69 – WindowsTechs.com

How an annual ‘Cyber Shield’ drill helps the National Guard secure elections

Posted on April 15, 2019 by Sean Lyngaas

Prior to the 2018 midterm elections, multiple states activated their National Guard forces to protect the vote from cyberthreats. It was a big step for the Guard’s role in national cyberdefense, and an annual drill held by the Guard made it more effective. In Illinois, for example, the National Guard’s participation in the cybersecurity drill meant that “when the midterm 2018 elections came around and it was time for us to work together, those relationships were already there,” said Brig. Gen. Richard Neely, the Illinois National Guard’s adjutant general. That exercise, known as Cyber Shield, is now in its eighth year and taking place through April 20 at Camp Atterbury in Indiana. What started as a simple red-and-blue-team affair has grown into an 800-person event that reflects the greater role the Guard is playing in national cyberdefense. In an earlier iteration of the exercise, “our offensive piece wasn’t very strong,” Col. Terry Williams, deputy commander of […]

The post How an annual ‘Cyber Shield’ drill helps the National Guard secure elections appeared first on CyberScoop.

Continue reading How an annual ‘Cyber Shield’ drill helps the National Guard secure elections→

DHS alerts industry to insecure enterprise VPN apps

Posted on April 12, 2019 by Sean Lyngaas

The Department of Homeland Security on Friday alerted the public to a vulnerability in multiple virtual private network applications that could give a hacker access to other apps running on a VPN connection. The flaw involves the insecure storage of cookies in memory or in log files, and affects enterprise VPN apps made by Cisco, F5 Networks, Palo Alto Networks, and Pulse Secure. Other vendors could be affected because the configuration issue is likely “generic” to other VPN apps, according to an advisory cited by DHS from Carnegie Mellon University’s CERT Coordination Center. “If an attacker has persistent access to a VPN user’s endpoint or exfiltrates the cookie using other methods, they can replay the session and bypass other authentication methods,” CERT CC said. “An attacker would then have access to the same applications that the user does through their VPN session.” While Palo Alto Networks had patched its VPN […]

The post DHS alerts industry to insecure enterprise VPN apps appeared first on CyberScoop.

Continue reading DHS alerts industry to insecure enterprise VPN apps→

U.S. jury finds two Romanians guilty of stealing credit card info, infecting 400,000 computers

Posted on April 11, 2019 by Sean Lyngaas

A federal jury on Thursday convicted two Romanian nationals of aggravated identity theft and wire fraud, among other charges, for using malware to steal credit card information and sell it on underground websites. A 12-day trial found Bogdan Nicolescu and Radu Miclaus guilty on 21 counts. In addition to wire fraud and identity theft, they were convicted on money laundering and counterfeit charges. The men were accused of infecting and controlling over 400,000 computers, most of which were in the U.S., as part of the long-running fraud scheme that included cryptocurrency mining. The scheme also involved robbing people of millions of dollars by duping them into making fraudulent purchases on supposed auction sites. Prosecutors described a methodical enterprise that used stolen credit card numbers to rent server space, register domains, and pay for virtual private network services. Nicolescu and Miclaus, who are both in their 30s and from the Romanian […]

The post U.S. jury finds two Romanians guilty of stealing credit card info, infecting 400,000 computers appeared first on CyberScoop.

Continue reading U.S. jury finds two Romanians guilty of stealing credit card info, infecting 400,000 computers→

U.S. government issues new warning about North Korea-linked malware

Posted on April 10, 2019 by Sean Lyngaas

Department of Homeland Security and FBI officials are warning industry about what they say are new Trojan malware variants that North Korean-government-backed hackers have deployed as part of their global operations. The variants employ proxy applications to mask communications between the malicious programs and their operators, DHS said in a report published Wednesday. When executed, the malware collects information on the victim machine’s operating system and its system time, and uses a public SSL certificate for secure communication with its operators, the report said. “This is continuing our campaign to put pressure on the DPRK as well as helping network defenders understand some of the tools and the capabilities that they are using,” Jeanette Manfra, assistant director for cybersecurity at DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop. The mitigations that DHS recommends – such as updating antivirus signatures and disabling file-sharing services – aren’t radical but they have added urgency […]

The post U.S. government issues new warning about North Korea-linked malware appeared first on CyberScoop.

Continue reading U.S. government issues new warning about North Korea-linked malware→

FireEye says it is responding to a second Trisis intrusion

Posted on April 10, 2019 by Sean Lyngaas

Cybersecurity company FireEye on Wednesday said it was responding to a second intrusion at a critical infrastructure facility carried out by the group behind Trisis, the notorious malware that targets safety systems at industrial plants. To raise awareness about the group, known as Xenotime or TEMP.Veles, FireEye also released details on new customized tools the company’s incident responders had found at the unnamed facility. “[W]e believe there is a good chance the threat actor was or is present in other target networks,” FireEye researchers said in a blog post. (FireEye refers to Trisis as Triton.) The announcement of a second intrusion reinforces warnings from industrial cybersecurity experts that the hacking group has gone after additional targets since the dangerous malware was deployed on a Saudi petrochemical plant in the summer of 2017. The malware disrupted the Saudi plant’s safety instrumented systems, forcing it to shut down. Perhaps unlike any before […]

The post FireEye says it is responding to a second Trisis intrusion appeared first on CyberScoop.

Continue reading FireEye says it is responding to a second Trisis intrusion→

Get those Verizon Fios routers patched, Tenable says

Posted on April 9, 2019 by Sean Lyngaas

If hackers managed to exploit vulnerabilities in widely used Verizon Fios routers, they would have full control of a wireless home network and access to devices connected to them, researchers said Tuesday. The new vulnerabilities, uncovered by cybersecurity company Tenable, point to underlying security issues in Verizon Fios Quantum Gateway routers, which are given to new customers unless they opt out. In tinkering with his Fios router, Chris Lyne, a Tenable researcher, showed how an attacker could change security settings on the router or capture login requests sent through the device. The research highlights the extent to which routers can be a gateway into networked homes. An attacker who is authenticated to the router’s administrative web portal could exploit one of the vulnerabilities to gain root-level access to the router, Lyne said. The exploit can be run through two possible password parameters, which load a script on the router’s web […]

The post Get those Verizon Fios routers patched, Tenable says appeared first on CyberScoop.

Continue reading Get those Verizon Fios routers patched, Tenable says→

Nation-state hacking kit ‘Flame’ had a second life, researchers say

Posted on April 9, 2019 by Sean Lyngaas

Flame, the nation-state-developed malware kit that targeted computers in Iran, went quiet after researchers exposed it in 2012. The attackers tried to hide their tracks by scrubbing servers used to talk to infected computers. Some thought they had seen the last of the potent malware platform. Flame’s disappearance “never sat right with us,” said Juan Andres Guerrero-Saade and Silas Cutler, researchers with Alphabet’s Chronicle. On Tuesday at the Kaspersky Security Analyst Summit in Singapore, they showed that Flame hadn’t died, it had just been reconfigured. Tracing early components of Flame, Guerrero-Saade and Cutler found a new version of it that was likely used between 2014 and 2016. Flame 2.0 is “clearly built” from the original source code, but it has new measures aimed at eluding researchers, they wrote in a paper. The discovery shows how good source code dies hard, and that tracking its evolution can be a very long game […]

The post Nation-state hacking kit ‘Flame’ had a second life, researchers say appeared first on CyberScoop.

Continue reading Nation-state hacking kit ‘Flame’ had a second life, researchers say→

Kirstjen Nielsen, a cyber-minded DHS chief, resigns

Posted on April 8, 2019 by Sean Lyngaas

Kirstjen Nielsen resigned on Sunday as head of the Department of Homeland Security, ending the tenure of one of the most cybersecurity-focused secretaries the department has had in its 16-year existence. In her resignation letter to President Donald Trump, Nielsen said she was proud that “we have replaced complacency with consequences in cyberspace,” – a line she has often used to argue that the Trump administration has been tougher on foreign hackers than its predecessors. The letter also highlighted DHS’s election-security efforts, which the department ramped up after the Russian intervention in the 2016 presidential campaign. This afternoon I submitted my resignation to @POTUS and thanked him for the opportunity to serve in his administration. — Sec. Kirstjen Nielsen (@SecNielsen) April 7, 2019 Nielsen’s letter did not say why she was resigning, only that it was “the right time” to do so. Trump had reportedly been unhappy with her enforcement of his […]

The post Kirstjen Nielsen, a cyber-minded DHS chief, resigns appeared first on CyberScoop.

Continue reading Kirstjen Nielsen, a cyber-minded DHS chief, resigns→

DHS official sounds alarm on authoritarian states ‘operationalizing their tech sectors’

Posted on April 5, 2019 by Sean Lyngaas

The willingness of authoritarian governments to leverage native tech companies to achieve their national goals has forced U.S. officials to adapt in how they view risk from those companies, according to a senior Department of Homeland Security official. “Our focus is not on the country of origin, or the company, but it’s about what is the rule of law under which that product is potentially subject to,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, said Thursday at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and FedScoop. The problem lies with foreign tech companies that are subject to government demands without the visibility or appeal process that exists in the United States, he said. “It’s the rise of authoritarian states and how they’re operationalizing their tech sectors,” Krebs said, summing up how U.S. officials view products made by Chinese telecommunications giant Huawei and Russian […]

The post DHS official sounds alarm on authoritarian states ‘operationalizing their tech sectors’ appeared first on CyberScoop.

Continue reading DHS official sounds alarm on authoritarian states ‘operationalizing their tech sectors’→

SamSam outbreak led to FBI restructuring, top official says

Posted on April 4, 2019 by Sean Lyngaas

The notorious SamSam ransomware — which extracted $6 million in payments from more than 200 victim organizations — forced the FBI to adjust its model for handling cyberattack investigations, a senior bureau official said Thursday. Nearly all 56 of the FBI’s field offices responded to SamSam incidents — an inefficient way of keeping up with the malware, said Tonya Ugoretz, deputy assistant director of the FBI’s Cyber Division. And so, in an example of how the FBI is trying to adapt to an era of unceasing cyberthreats to U.S. businesses, the bureau changed its investigative structure. “We developed a model whereby when there is a certain type of malicious strain or certain type of threat actor, we have one office that’s in charge, we have other offices running supporting investigations that are feeding up into that,” Ugoretz said at the Cybersecurity Leadership Forum presented by Forcepoint and produced by CyberScoop and […]

The post SamSam outbreak led to FBI restructuring, top official says appeared first on CyberScoop.

Continue reading SamSam outbreak led to FBI restructuring, top official says→