Author Archives: Sean Lyngaas

FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds

Posted on by

The U.S. Federal Emergency Management Agency exposed personally identifiable data about more than 2 million disaster survivors in violation of a federal privacy law, an inspector general’s investigation has found. The negligence leaves the survivors of hurricanes Irma, Harvey, and Maria, as well as the 2017 California wildfires, at increased risk of experiencing identity theft and fraud schemes, the Department of Homeland Security’s inspector general (IG) said in a report published Friday. In “direct violation” of federal requirements, FEMA released the personal data to a contractor administering a disaster relief program that helps survivors find temporary lodging at hotels, the IG said. The report redacted the name of the contractor. “During our ongoing audit of the Federal Emergency Management Agency’s (FEMA) Transitional Sheltering Assistance program, we determined that FEMA violated the Privacy Act of 1974 and Department of Homeland Security policy,” the inspector general said in its report. Details about possible […]

The post FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds appeared first on CyberScoop.

Continue reading FEMA exposed personal data on 2.3 million disaster survivors, violated privacy law, IG finds

Vietnam’s premier hacking group ramps up targeting of global car companies

Posted on by

A Vietnamese hacking group has been aggressively targeting multinational automotive companies in an apparent bid to support the country’s domestic auto industry, researchers who closely track the group told CyberScoop. Since February, the group known as APT32 sent malicious lures to between five and 10 organizations in the automotive sector, according to Nick Carr, senior manager at cybersecurity company FireEye. FireEye “assesses with moderate confidence” that APT32’s latest activity is in support of “the Vietnamese government’s stated domestic vehicle and auto part manufacturing goals,” Carr said. It is unclear how successful the operation has been. Carr declined to say whether the lures led to compromises of the automotive organizations’ networks. What is clear is that FireEye mobilized resources in response to the threat. “This is a little bit uncommon for [APT32] to do the industry-wide targeting,” he told CyberScoop. “And so, as a company we’ve been putting out more intelligence on our […]

The post Vietnam’s premier hacking group ramps up targeting of global car companies appeared first on CyberScoop.

Continue reading Vietnam’s premier hacking group ramps up targeting of global car companies

NSO Group spyware targeted widow of Mexican journalist, researchers say

Posted on by

A notorious piece of spyware has been used to target the wife of a slain Mexican journalist, security researchers said Wednesday, adding to ongoing public scrutiny of the company that developed the powerful surveillance tool. Days after Javier Valdez Cárdenas, a reporter known for his coverage of international drug trafficking, was murdered in May 2017, multiple attempts were made to hack the phone of his widow, Griselda Triana, with spyware made by NSO Group, according to Citizen Lab, a digital rights and research organization at the University of Toronto. The text messages sent to Triana, who is also a journalist, were laced with software that would have turned her phone into a multifaceted surveillance device, Citizen Lab researchers said. One of the messages tugged at her grief as a widow, asking, “What do you think of this story?” Triana didn’t click on either link and turned the texts over to Mexican advocacy […]

The post NSO Group spyware targeted widow of Mexican journalist, researchers say appeared first on CyberScoop.

Continue reading NSO Group spyware targeted widow of Mexican journalist, researchers say

DHS officials plan Europe trip to brief allies on election security, gather intel for 2020

Posted on by

Department of Homeland Security officials plan to visit European allies to share lessons learned from defending the 2018 U.S. midterm elections, a top DHS official said Tuesday. “What we’re doing is taking some of the ’16 and ’18 lessons learned, packaging them together, and then doing a bit of a roadshow,” Chris Krebs, head of DHS’s Cybersecurity and Infrastructure Security Agency, told reporters. Details of the trip are still being finalized, but Krebs said it also would offer CISA officials an update from the field on adversary activity ahead of the 2020 U.S. presidential election. Many millions of Europeans are expected to head to the polls in late May to choose new representatives in the European Union parliament. European officials have issued a series of warnings that Russia is likely to interfere in the vote, including an assessment last week from Estonia’s foreign intelligence agency. In another key election, Ukrainians will choose a […]

The post DHS officials plan Europe trip to brief allies on election security, gather intel for 2020 appeared first on CyberScoop.

Continue reading DHS officials plan Europe trip to brief allies on election security, gather intel for 2020

Norwegian aluminum producer Norsk Hydro hit with large ransomware attack

Posted on by

The IT systems of Norsk Hydro, a top global aluminum producer, were hit with ransomware late Monday, forcing the company to temporarily suspend production at some plants, the company and Norwegian authorities said. The ransomware that struck the company is known as LockerGoga, a nascent strain that first surfaced in January, according to Norway’s federal cybersecurity agency (NSM in Norwegian). In a statement, the company, which had a market cap of over $12 billion last year, said it is “working to neutralize the attack, but so far does not know the full extent of the situation.” In a press conference, Norsk CFO Eivind Kallevik said the attack started in its U.S.-based plants, but did not specify any further details on how the malware spread. The company has aluminum remelting facilities in Henderson, Ky., and Commerce, Texas. It also has offices in Baltimore. Kallevik said the company has taken measures to […]

The post Norwegian aluminum producer Norsk Hydro hit with large ransomware attack appeared first on CyberScoop.

Continue reading Norwegian aluminum producer Norsk Hydro hit with large ransomware attack

Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry

Posted on by

A good chunk of the cybersecurity industry is “smoke and mirrors,” with companies hawking shiny products that aren’t needed to block most hacks, Tenable CEO Amit Yoran said in an interview with CyberScoop earlier this month “It’s an industry that has fed and continues to feed, to a large extent, off of fearmongering,” Yoran said on the sidelines of the vendor-happy RSA Conference in San Francisco. The RSA Conference is a feeding frenzy for companies pushing products on the trade-show floor. Vendors spend big on things like booths, parties, and hotel suites to woo potential clients. (Tenable had a booth demonstrating some of its technology.) In a blunt interview, Yoran reflected on where the “hype-driven” side of the business, as he called it, had gotten the cybersecurity industry. “The millions of dollars that people are spending, all the hype and the sexy marketing and the AI and the anomaly-behavioral…whatever buzzword […]

The post Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry appeared first on CyberScoop.

Continue reading Tenable CEO blasts ‘smoke and mirrors’ of cybersecurity industry

Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn

Posted on by

A new variant of the infamous Mirai botnet is targeting embedded devices like routers and internet-connected cameras with new exploits, security researchers have concluded. By taking aim at enterprises with large network bandwidths, the Mirai offshoot could give the botnet “greater firepower” to orchestrate distributed denial-of-service attacks, said researchers at Unit 42, Palo Alto Networks’ threat intelligence unit. Operators of the new variant have gone after devices that are popular with businesses, such as wireless presentation systems, according to Unit 42. “IoT/Linux botnets continue to expand their attack surface, either by the incorporation of multiple exploits targeting a plethora of devices, or by adding to the list of default credentials they brute force, or both,” Ruchna Nigam, senior threat researcher at Unit 42, wrote in a blog post. Either patch your devices or get them off the network, Nigam advised. Mirai is a multi-part cautionary tale in the vulnerability of […]

The post Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn appeared first on CyberScoop.

Continue reading Mirai offshoot offers ‘greater firepower’ for DDoS attacks, researchers warn

Email scammers stole more than $150K from defense contractors and a university, FBI says

Posted on by

Cybercriminals defrauded two defense contractors and a university out of more than $150,000 through email scams last year, the FBI has warned companies. Scammers obtained fraudulent lines of credit to buy expensive technical equipment in the organizations’ names, the FBI said last week in an industry advisory obtained by CyberScoop. The suspects spoofed email addresses of the target organizations, convincing suppliers to process payments with fake purchase orders and credit documents. The bureau did not name any organization victimized in the scams, which took place in the first half of 2018. In one case, someone impersonating an employee of a large university placed two orders for 150 digital multimeters, which are devices that measure electric current, from a U.S. Department of Defense supplier, leading to roughly $80,000 in losses, according to the FBI. Two other cases involved defense contractors getting swindled for a total of $90,000. The affected contractors were cleared to handle classified DOD information, but it was the companies’ […]

The post Email scammers stole more than $150K from defense contractors and a university, FBI says appeared first on CyberScoop.

Continue reading Email scammers stole more than $150K from defense contractors and a university, FBI says

Blistering report scolds Navy for longstanding cybersecurity challenges

Posted on by

The Department of the Navy this week released a scathing assessment of the service’s approach to cybersecurity, lamenting that hackers have been relatively unimpeded in their years-long plundering of data from the department and its contractors. “Competitors and potential adversaries have exploited DON [Department of Navy] information systems, penetrated its defenses, and stolen massive amounts of national security” intellectual property, says the “cybersecurity readiness review” released by Richard Spencer, the secretary of the Navy. The Navy failed to account for the fact that defense companies it contracts with would be aggressively targeted by foreign hackers for their valuable data, according to the audit. “Despite our adversaries’ clear statements of intent, the DON did not anticipate this attack vector,” the report says. The reactive system of self-reporting of breaches and supplier vulnerabilities has “demonstrably failed,” concludes the study,  which was released after The Wall Street Journal reported on it this week. […]

The post Blistering report scolds Navy for longstanding cybersecurity challenges appeared first on CyberScoop.

Continue reading Blistering report scolds Navy for longstanding cybersecurity challenges

Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia

Posted on by

As part of its work to protect the 2018 U.S. midterm elections from foreign hackers and trolls, Cyber Command personnel visited Montenegro, North Macedonia, and Ukraine to collaborate on network defense with those allies and study cyberthreats, U.S. officials confirmed to CyberScoop. The trip to Europe demonstrates how the command, which has grown in stature and capability since its 2009 inception, supports and learns from allies facing threats from persistent hackers. “We sent defensive teams… to three different European countries,” Gen. Paul Nakasone, head of Cyber Command, told a House Armed Services subcommittee on Wednesday. Nakasone did not name the countries. But a Cyber Command spokesperson said two of those countries were the Balkan nations of Montenegro and North Macedonia, which until February was known as Macedonia. And a U.S. government official with knowledge of the matter said the third country was Ukraine – something corroborated by a public statement […]

The post Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia appeared first on CyberScoop.

Continue reading Cyber Command’s midterm election work included trips to Ukraine, Montenegro, and North Macedonia