Author Archives: Sean Lyngaas

Another FBI veteran tapped to lead DNI’s Cyber Threat Intelligence Integration Center

Posted on by

The U.S. intelligence community’s center for analyzing cyberthreat data got a new director Wednesday in Erin Joe, a career FBI official with experience dealing with nation-state-level threats. Joe becomes the second director of the four-year-old Cyber Threat Intelligence Integration Center at a time when nation-state hacking threats to U.S. organizations have been steady. She most recently served as a senior FBI executive focusing on nation-state hacking and “cyberterrorism” threats, the Office of the Director of National Intelligence said in announcing her appointment. As part of a 22-year career as an FBI field officer, Joe investigated the perpetrators of the September 11, 2001 attacks and led terrorism investigations across the Middle East, according to a biography on the RSA Conference website. CTIIC is a small agency comprised of officials from intelligence, law enforcement, and other agencies whose task is to quickly get cyberthreat intelligence into the hands of federal officials. President Barack […]

The post Another FBI veteran tapped to lead DNI’s Cyber Threat Intelligence Integration Center appeared first on CyberScoop.

Continue reading Another FBI veteran tapped to lead DNI’s Cyber Threat Intelligence Integration Center

Lawmakers want data on the number of times Senate computers have been hacked

Posted on by

The Senate should have an annual tally of when its computers and smartphones have been breached in order to better inform congressional cybersecurity policy, a pair of bipartisan senators says in a letter sent Wednesday to the Senate Sergeant at Arms. Describing Congress as a perennial target for hackers, Sens. Tom Cotton, R-Arkansas, and Ron Wyden, D-Oregon, have asked the Senate Sergeant at Arms (SAA) to be transparent in providing lawmakers with information about the scale of successful hacks of Senate devices, including smartphones. They want annual reports sent to each senator with aggregate data on compromises of computers and other breaches of sensitive Senate data. The senators also asked the SAA to notify the Senate leadership, along with members of the rules and intelligence committees, within five days of breaches to Senate computers being discovered. Right now, lawmakers appear to be in the dark on the issue. “We believe […]

The post Lawmakers want data on the number of times Senate computers have been hacked appeared first on CyberScoop.

Continue reading Lawmakers want data on the number of times Senate computers have been hacked

Kremlin interference in EU vote is likely, says Estonian spy agency

Posted on by

Estonia’s foreign intelligence agency says it is “very likely” that the Russian government will try to interfere in the European Union parliamentary elections in May. The Kremlin’s meddling will likely focus on France, Germany and Italy, which hold the most EU parliamentary seats, in a concerted effort to “secure as many seats as possible for pro-Russian or euro-skeptical political forces,” the Estonian Foreign Intelligence Service said Tuesday in an external security report focused on threats from Russia. The European Parliament’s status as the only EU institution directly elected by the people makes it a prime target for Russian influence operations, the EFIS said, adding that the proportional election system favors marginal parties and that Members of European Parliament (MEPs) can be used as mouthpieces for Russian propaganda. The Kremlin has wooed European politicians by inviting them to a 2016 conference in the Crimea, which Russia annexed in 2014, the report […]

The post Kremlin interference in EU vote is likely, says Estonian spy agency appeared first on CyberScoop.

Continue reading Kremlin interference in EU vote is likely, says Estonian spy agency

UN report accuses North Korea of hacking banks and crypto exchanges

Posted on by

A United Nations panel is corroborating threat intelligence that cybersecurity researchers have long reported: North Korea is using its formidable cyber capabilities to raise money in the face of sanctions. North Korean government-sponsored cyberattacks on financial institutions to illegally transfer funds “have become an important tool in the evasion of sanctions and have grown in sophistication and scale since 2016,” says the U.N. panel report, which was published late Monday. The report chronicles North Korea’s alleged attempts to circumvent sanctions using multiple methods, but the panel is increasingly taking note of the role of cyber operations in that endeavor. Hackers stole at least $882 million from cryptocurrency exchanges in 2017 and 2018, the report stated. Successful attacks on the Coincheck, Bitgrail and Zaif exchanges netted $534 million, $170 million and $60 million, respectively, according to the U.N. The panel also pinned the 2016 theft of $81 million from Bangladesh Bank on North […]

The post UN report accuses North Korea of hacking banks and crypto exchanges appeared first on CyberScoop.

Continue reading UN report accuses North Korea of hacking banks and crypto exchanges

Bad Box configurations lead to leaks of sensitive corporate data

Posted on by

Dozens of organizations left terabytes of data exposed online through web links to files hosted on data-sharing platform Box, according to research published Monday. The exposed data, which spanned hundreds of thousands of documents, included Social Security and bank account numbers; hundreds of passport photos; files of technology prototypes; VPN configurations; and financial data and invoices, according to Adversis, a vulnerability assessment company. Box allows users to easily share files that, if not properly secured, are vulnerable to brute-force attacks, the research shows. After locating the sub-domains of various corporate Box accounts, Adversis researchers began brute-forcing files and folders, “returning results faster than we could review them.” TechCrunch was first to report on the data leak. As the researchers pointed out, their findings have parallels with security problems in another popular data storage service – Amazon Web Services S3 “buckets” – which are routinely exposed online. The Box issue is worse […]

The post Bad Box configurations lead to leaks of sensitive corporate data appeared first on CyberScoop.

Continue reading Bad Box configurations lead to leaks of sensitive corporate data

Citrix says FBI investigating network breach by ‘international cyber criminals’

Posted on by

Citrix, a VPN service widely used in the corporate world, revealed Friday that the FBI is investigating a breach to its internal network by “international cyber criminals.” The hackers appear to have “accessed and downloaded business documents,” the company said in a blog post, adding that it doesn’t know specifically what was accessed. There is no sign that the breach has compromised any Citrix product or service, the Florida-based company said. “While not confirmed, the FBI has advised that the hackers likely used a tactic known as password spraying, a technique that exploits weak passwords,” Citrix said. “Once they gained a foothold with limited access, they worked to circumvent additional layers of security.” Citrix said it had hired a top digital forensics company to investigate further. News of the breach led to a drop in stock for the company Friday. Citrix has said it provides VPN services to 400,000 companies worldwide, including most of […]

The post Citrix says FBI investigating network breach by ‘international cyber criminals’ appeared first on CyberScoop.

Continue reading Citrix says FBI investigating network breach by ‘international cyber criminals’

To prepare for 2020, DNC security chief tries to make hackers’ lives harder

Posted on by

The Democratic National Committee is striving to “make it more expensive for attackers to do their work” as it prepares for a 2020 election, Bob Lord, the committee’s chief security officer, told CyberScoop. It is a simple but proven principle of cybersecurity: Make it harder for hackers to succeed by implementing time-tested basics like two-factor authentication. The question for the DNC is: How do you aggressively broaden adoption of such practices for campaigns and state parties scattered across the country, many which have very limited budgets? That far-flung apparatus is not the chain of command that Lord was used to when he was a cybersecurity executive at companies like Yahoo and Rapid7. “Because we’re a decentralized ecosystem, it presents a number of interesting challenges,” he said in an interview. “I don’t have the ability to order people to do things. Nor can I practically manage all of their systems. But what I can do […]

The post To prepare for 2020, DNC security chief tries to make hackers’ lives harder appeared first on CyberScoop.

Continue reading To prepare for 2020, DNC security chief tries to make hackers’ lives harder

Google researchers uncover two zero-days affecting Chrome, Windows

Posted on by

Researchers at Google have found previously unkown vulnerabilities – one in Google Chrome and the other in Microsoft Windows – that they say attackers have been exploiting in tandem. Both zero-day vulnerabilities could allow hackers to escape the “sandboxes” that software programs use as safeguards against malicious activity. The vulnerability in Chrome, the web’s most popular browser, affects Chrome’s FileReader API, and could allow an attacker to carry out remote code execution. The Windows vulnerability, which Google researchers had been exploited on Windows 7, could give a hacker the ability to escalate privileges on a certain Windows kernel driver, letting the attacker break out of a security sandbox. Google has released a patch for the Chrome vulnerability, while Microsoft is still working on its own, according to Clement Lecigne, a researcher with Google’s Threat Analysis Group. “The unpatched Windows vulnerability can still be used to elevate privileges or combined with another browser […]

The post Google researchers uncover two zero-days affecting Chrome, Windows appeared first on CyberScoop.

Continue reading Google researchers uncover two zero-days affecting Chrome, Windows

No ‘smoking gun’ evidence coming on Huawei, NSA official says

Posted on by

Don’t expect U.S. officials to produce a “smoking gun” of public evidence that the Chinese government might be using telecommunications giant Huawei to further its interests in cyberspace, a senior National Security Agency official told CyberScoop. “Everybody is anxious for that smoking gun,” Rob Joyce, senior cybersecurity adviser at NSA, said in an interview. “It is not the case that you’re going to see people bring out and drop that smoking gun on the table … for all sorts of reasons about the way we understand the threat, the way we deal with the Chinese, the way we have to protect the ability to see and maybe defeat or deny that capability going forward.” U.S. officials have long accused Chinese tech companies Huawei and ZTE of being potential vessels for spying. One reason is that under Chinese law, companies are required to cooperate with national intelligence activities. Huawei and ZTE strenuously […]

The post No ‘smoking gun’ evidence coming on Huawei, NSA official says appeared first on CyberScoop.

Continue reading No ‘smoking gun’ evidence coming on Huawei, NSA official says

NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public

Posted on by

After years lurking in the shadows, the National Security Agency’s tool for reverse-engineering malware is now out in the open. The software framework has moved from classified status into use by military analysts and contractors in sensitive-but-unclassified settings, and now it’s available to anyone with an internet connection. In a bid to help private and public-sector analysts track how malicious code evolves and morphs, the agency announced the release of the tool at the RSA Conference in San Francisco on Tuesday. “As we open-source it, I think the creative folks on the outside are going to build modules and capabilities and they’re going to be able to collaborate with us on improving it even further,” Rob Joyce, senior cybersecurity adviser at NSA, said at an interview. The gist of the software framework, called Ghidra, is that it allows analysts to compare different versions of malicious code to understand what each is doing differently, including […]

The post NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public appeared first on CyberScoop.

Continue reading NSA puts ‘Ghidra,’ its reverse-engineering tool for malware, in the hands of the public