Sean Lyngaas – Page 78 – WindowsTechs.com

Vast breach exposes German politicians’ personal data

Posted on January 4, 2019 by Sean Lyngaas

A sweeping data breach has exposed information on hundreds of German politicians and public figures, including Chancellor Angela Merkel, a German government spokeswoman has confirmed. “Personal data and documents belonging to hundreds of politicians and public figures have been published online,” German government spokeswoman Martina Fietz said at Friday press conference. Every party in German parliament aside from the far-right Alternative for Germany was affected by the breach, with hundreds of mobile phone numbers and addresses of politicians and public figures dumped on Twitter, German news outlet RBB reported. In some cases, private chats and credit card information were included, the report said. But in Merkel’s case, the information exposed was less sensitive and included two email addresses, according to German media reports. “The information and data drained from the chancellery and that relate to the chancellor are manageable,” Fietz said. It is unclear who is responsible for the breach and whether it […]

The post Vast breach exposes German politicians’ personal data appeared first on CyberScoop.

Continue reading Vast breach exposes German politicians’ personal data→

Cutely named apps siphon user data from phones

Posted on January 3, 2019 by Sean Lyngaas

The mobile applications have innocuous-sounding names like Flappy Birr Dog and Flappy Bird, but something sinister lurks inside. Spyware masquerading as those Android apps and others were downloaded over 100,000 times from the Google Play store last year, cybersecurity company Trend Micro said Thursday. Google has removed all of the apps from the store, but the episode is a reminder of the ease with which crooks can hide their malware in popular app markets. The spyware is capable of siphoning call logs, SMS conversations, and clipboard items from a user’s phone, according to Trend Micro. Users in scores of countries around the world were affected, researchers said, with a third of infections taking place in India. The so-called MobSTSPY spyware uses a cloud-messaging service to send the stolen information to a command-and-control server, registering the infected device. The malware then lies in wait for the attacker to send it commands from […]

The post Cutely named apps siphon user data from phones appeared first on CyberScoop.

Continue reading Cutely named apps siphon user data from phones→

Health agency looks to bolster cybersecurity with new guidelines for industry

Posted on January 2, 2019 by Sean Lyngaas

2018 was a busy year for cyberthreats to the health care sector, with more than 3 million patient records breached in the second quarter alone, according to one study. In an effort to learn from those incidents – and build on security progress in the sector – the Department of Health and Human Services (HHS) capped the year by releasing voluntary cybersecurity guidelines for health care professionals. The document, published Dec. 28 and developed with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems. HHS lent urgency to the guidelines’ release by underscoring that the same technologies that provide critical treatment to patients can be exploited by hackers to steal patient data or disable hospital systems. “We are under constant cyberattack in the health sector, and no organization can escape that reality,” […]

The post Health agency looks to bolster cybersecurity with new guidelines for industry appeared first on CyberScoop.

Continue reading Health agency looks to bolster cybersecurity with new guidelines for industry→

FBI warns industry that hackers could probe vulnerable connections in building systems

Posted on December 21, 2018 by Sean Lyngaas

A port for communicating with control systems in buildings leaves unpatched devices on those networks exposed to hackers, the FBI warned the private sector this week, calling attention to a longstanding issue in an often-overlooked segment of critical infrastructure. Major universities, state governments, and communications companies are among the organizations at risk of having their building-system data exposed, the bureau said in an industry advisory obtained by CyberScoop. The port in question – port 1911 – is serving up building-network information on the internet that could be of use to hackers. “This default port discloses system information without authenticating, allowing cyber attackers to identify devices and systems that are not patched against known exploits,” the FBI alert says. “Successful exploitation could lead to data leakage and possible privilege escalation.” An FBI spokesperson told CyberScoop that the bureau “routinely advises private industry of various cyberthreat indicators observed during the course of our […]

The post FBI warns industry that hackers could probe vulnerable connections in building systems appeared first on CyberScoop.

Continue reading FBI warns industry that hackers could probe vulnerable connections in building systems→

U.S. indicts China-linked group over wide-ranging hacking operations

Posted on December 20, 2018 by Sean Lyngaas

The Justice Department on Thursday unsealed charges against two hackers linked with China’s civilian intelligence agency for a lengthy campaign to break into global technology service providers in efforts to steal intellectual property. The campaign targeted more than 45 companies in a dozen countries, including sectors ranging from aviation to pharmaceuticals, along with U.S. Navy, a Department of Energy laboratory, and NASA, prosecutors alleged. The defendants also stole the Social Security numbers and other personal information of over 100,000 Navy personnel, U.S. officials said. “The list of victim companies reads like a who’s who of the global economy,” FBI Director Christopher Wray said while announcing the charges. Other companies targeted included those in manufacturing, oil and gas, and maritime technology, U.S officials said. The pair of hackers – Zhu Hua and Zhang Shilong – are accused of being part of a Chinese hacking group known as APT10 or Cloudhopper. Industry […]

The post U.S. indicts China-linked group over wide-ranging hacking operations appeared first on CyberScoop.

Continue reading U.S. indicts China-linked group over wide-ranging hacking operations→

Cybersecurity firm Area 1 defends pointing finger at China over European cables hack

Posted on December 19, 2018 by Sean Lyngaas

Chinese military hackers have used a persistent phishing campaign to steal thousands of European diplomatic cables on sensitive topics ranging from counterterrorism to technology exports, cybersecurity researchers charged Wednesday. The years-long operation targeted over 100 organizations, including the United Nations and the AFL-CIO, according to Area 1, a California-based cybersecurity company. The China’s People’s Liberation Army (PLA) was behind the effort, Area 1 said. The company did not list detailed forensic evidence linking the hack to the PLA, drawing criticism from other researchers as to why an attribution was made. But Area 1 defended its work, telling CyberScoop it had plenty of evidence of China’s role in the breach. A spokesperson for the Chinese embassy in Washington, D.C., did not respond to a request for comment on the allegations. European Union officials said Wednesday that they were investigating the breach. In an interview with CyberScoop, Area 1 co-founder Blake Darché said the company had […]

The post Cybersecurity firm Area 1 defends pointing finger at China over European cables hack appeared first on CyberScoop.

Continue reading Cybersecurity firm Area 1 defends pointing finger at China over European cables hack→

Lawmakers ask DHS to take action on pipeline cybersecurity

Posted on December 19, 2018 by Sean Lyngaas

The top Democrats on the House and Senate energy committees have urged the Department of Homeland Security to assess cyber and physical protections for natural gas and oil pipelines following an audit that criticized the department’s approach to the issue. “The results of this assessment will help policymakers evaluate the security of our nation’s energy assets,” Sen. Maria Cantwell, D-Wash., and Rep. Frank Pallone, Jr., D-N.J. wrote to Homeland Security Secretary Kirstjen Nielsen on Wednesday. Operators of the nation’s 2.7 million miles of pipelines for oil, natural gas, and other hazardous liquids have grappled with cybersecurity risk as their infrastructure becomes more digitized. Those pipelines are a natural target for nation-state hackers, a Federal Energy Regulatory Commission official said in August, according E&E News. Cantwell and Pallone, Jr., said much more needs to be done to counter the threat. They were reacting to a Government Accountability Office audit that found […]

The post Lawmakers ask DHS to take action on pipeline cybersecurity appeared first on CyberScoop.

Continue reading Lawmakers ask DHS to take action on pipeline cybersecurity→

As threats increase, audit finds federal agencies struggle to implement cyber plans

Posted on December 19, 2018 by Sean Lyngaas

A majority of federal civilian agencies examined by a government watchdog are struggling to implement cybersecurity programs capable of adapting to a changing threat landscape. “Until agencies more effectively implement the government’s approach and strategy, federal systems will remain at risk,” the Government Accountability Office warned in a report Tuesday that assessed security implementation at the departments of Homeland Security, Justice, Energy and others. Seventeen of 23 inspectors general said their agencies’ cybersecurity programs were not being effectively put into place, and that they had “significant information security deficiencies” in financial reporting controls, the GAO said. The audit is a reminder that, despite years of attention and billions of dollars spent, there is often a discrepancy between objectives and results in the cybersecurity of federal agencies. Agencies were considered to have an “effective” cybersecurity program if they had, at a minimum, “quantitative and qualitative measures on the effectiveness of policies, procedures, and strategy” across […]

The post As threats increase, audit finds federal agencies struggle to implement cyber plans appeared first on CyberScoop.

Continue reading As threats increase, audit finds federal agencies struggle to implement cyber plans→

Russian disinformation ops were bigger than we thought

Posted on December 17, 2018 by Sean Lyngaas

Through a flurry of social media posts ahead of the 2016 U.S. election, Russian trolls sought to deter African-Americans from voting, according to a report prepared for the Senate Intelligence Committee. The Internet Research Agency, a social-media propaganda machine based in St. Petersburg, Russia, encouraged African-American voters to boycott the 2016 election or follow incorrect voting procedures, according to the report by researchers from the University of Oxford and social-media analysis company Graphika. The broader Russian propaganda operation, which continues to this day, has also leaned more heavily on Instagram to sow discord that was previously understood, according to a second report prepared for the committee by private researchers from New Knowledge, Columbia University, and Canfield Research LLC. The reports, released Monday by the committee, represent the most comprehensive independent analyses of the Russian disinformation efforts. They show how, through hundreds of millions of interactions on Instagram, Facebook and Twitter, the IRA looked for every opportunity […]

The post Russian disinformation ops were bigger than we thought appeared first on CyberScoop.

Continue reading Russian disinformation ops were bigger than we thought→

As China tensions mount, U.S. officials outline efforts to combat economic espionage

Posted on December 12, 2018 by Sean Lyngaas

In congressional testimony Wednesday, U.S. officials described the vast scope of alleged Chinese theft of American intellectual property and outlined ongoing efforts to counter such threats amid a dispute with Beijing. From 2011 to 2018, more than 90 percent of Justice Department cases claiming economic espionage by a state or for its benefit involved China, Assistant Attorney General John Demers said at a Senate Judiciary Committee hearing. “The [Chinese] playbook is simple: rob, replicate, and replace,” Demers said, describing Beijing’s alleged efforts to build technology-rich companies through stolen American know-how. China is “the most severe counterintelligence threat facing our country today,” said Bill Priestap, assistant director of the FBI’s Counterintelligence Division. The hearing comes at a fraught time for U.S.-China relations on technology, trade, and cybersecurity issues. Secretary of State Mike Pompeo alleged during an interview Wednesday with Fox News that China is responsible for a data breach at Marriott that exposed personal […]

The post As China tensions mount, U.S. officials outline efforts to combat economic espionage appeared first on CyberScoop.

Continue reading As China tensions mount, U.S. officials outline efforts to combat economic espionage→