Sean Lyngaas – Page 8 – WindowsTechs.com

UN cybercrime proposal could help autocrats stifle free speech, rights group says

Posted on May 5, 2021 by Sean Lyngaas

Human rights advocates are warning that a controversial proposal at the United Nations to counter cybercrime could validate tactics that authoritarian governments around the world have used to criminalize free speech and security research. The Russian and Chinese governments back the notion of establishing a new anti-cybercrime convention, a process that diplomats at the U.N. will begin considering next week. However the wording of the proposal, which calls for curbs on the use of technologies for “criminal purposes,” is vague to the point of potentially enabling further government repression, critics say. A report issued Wednesday by Human Rights Watch, a New York-based advocacy group, details a growing list of so-called cybercrime laws that governments have allegedly used to target dissenters, or infringe on personal privacy. A Pakistani law, for example, enables authorities to block websites used to criticize government officials. In the Philippines, police can collect computer data without a […]

The post UN cybercrime proposal could help autocrats stifle free speech, rights group says appeared first on CyberScoop.

Continue reading UN cybercrime proposal could help autocrats stifle free speech, rights group says→

CISA used new subpoena power to contact US companies vulnerable to hacking

Posted on May 5, 2021 by Sean Lyngaas

The Department of Homeland Security’s cybersecurity agency used a new subpoena power for the first time last week to contact at least one U.S. internet service provider with customers whose software is vulnerable to hacking. It’s an authority that DHS’s Cybersecurity and Infrastructure Security Agency has long sought, as agency officials struggled to communicate with some technology firms before flaws in their equipment became public and risked exploitation by state-linked or criminal hackers. Congress granted CISA the subpoena power in a bill that became law in January, allowing the agency to obtain a list of an internet service provider’s vulnerable customers and notify them directly rather than relying on third party communication. CISA issued two such subpoenas last week, acting agency director Brandon Wales said. A CISA spokesperson declined to say which U.S. company or companies had been subpoenaed, or whether the vulnerabilities pertained to an ongoing hacking campaign. “The […]

The post CISA used new subpoena power to contact US companies vulnerable to hacking appeared first on CyberScoop.

Continue reading CISA used new subpoena power to contact US companies vulnerable to hacking→

Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator

Posted on May 4, 2021 by Sean Lyngaas

A pair of hacks at health care organizations revealed in recent days highlights the enduring cybercriminal threat to the sector as the U.S. makes progress in fighting the coronavirus pandemic. Scripps Health, a San Diego-based nonprofit system with five hospital campuses, on May 1 said that it had suspended access to IT applications that support its health care facilities following a “security incident.” The incident forced Scripps to reschedule some patient appointments for Saturday and Monday, but “patient care continues to be delivered safely and effectively at our facilities,” the nonprofit said in a statement on its Facebook page. (Scripps’ website was still down by press time on Tuesday morning.) Meanwhile, Midwest Transplant Network, a Kansas-based organization that connects organ donors with recipients, said it had been working to determine if patients’ personal health data had been affected by a recent breach. NPR affiliate KCUR reported that some 17,000 people […]

The post Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator appeared first on CyberScoop.

Continue reading Hackers disrupt networks at San Diego medical provider, Kansas organ transplant facilitator→

Magecart scammers aim at restaurants’ online delivery systems

Posted on May 3, 2021 by Sean Lyngaas

Cybercriminals are increasingly targeting third-party infrastructure that restaurants across the U.S. use to place online orders, private investigators have found. The last six months have seen hacks of five online ordering platforms, exposing some 343,000 payment cards, threat intelligence firm Gemini Advisory said on April 29. With titles like MenuSifu and Food Dudes Delivery, the platforms may not be household names, but hundreds of restaurants use the platforms — and crooks know it. The coronavirus pandemic has only heightened criminals’ interest in online payment systems as people order delivery from restaurants in droves. “Attacks such as these are appealing because breaching the website of a single online ordering platform can compromise transactions at dozens or even hundreds of restaurants,” Gemini Advisory analysts wrote in a blog post. One of the breaches tracked by Gemini Advisory saw the attacker use an attack technique known as Magecart, which involves planting malicious code […]

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems→

Magecart scammers aim at restaurants’ online delivery systems

Posted on May 3, 2021 by Sean Lyngaas

The post Magecart scammers aim at restaurants’ online delivery systems appeared first on CyberScoop.

Continue reading Magecart scammers aim at restaurants’ online delivery systems→

Justice Department launches review of cyber policies after ransomware, supply chain scourges

Posted on April 30, 2021 by Sean Lyngaas

The Justice Department is undertaking a four-month review of its approach to combatting a range of malicious cyber activity from foreign governments and criminals amid a spate of ransomware attacks and supply chain compromises. “We need to rethink … and really assess are we using the most effective strategies” against such hacking, Deputy Attorney General Lisa Monaco said Friday at the Munich Cyber Security Conference. The review of Justice Department policies, which began this week, will cover the cryptocurrencies that cybercriminals use to cash in on ransomware, along with the “blended threat of nation-states and criminal enterprises, sometimes working together, to exploit our own infrastructure against us,” Monaco said. The policy review is an acknowledgement that, despite the Justice Department and FBI investing heavily in efforts to indict and arrest criminals and take down hacking forums, cyberthreats to U.S. businesses and government agencies remain unrelenting. The 120-day Justice Department review […]

The post Justice Department launches review of cyber policies after ransomware, supply chain scourges appeared first on CyberScoop.

Continue reading Justice Department launches review of cyber policies after ransomware, supply chain scourges→

Navalny adviser urges vigilance after impersonation attempts of Kremlin foes

Posted on April 30, 2021 by Sean Lyngaas

A top aide to jailed Russian opposition figure Alexei Navalny is urging Western policymakers and think tanks to be more wary of suspected Kremlin-backed information operations to undermine their work. Navalny, a prominent critic of Russian President Vladimir Putin, has been detained since January, when he returned to Russia after being poisoned with a chemical nerve agent last year. In February, a Russian court sentenced him to two years in prison in a case that human rights organizations have described as a “mockery” of justice. In the meantime, digital operatives have been posing as Leonid Volkov, Navalny’s chief of staff — and other perceived threats to Kremlin interests — in apparent efforts to smear critics of the Russian government. “It looks like not enough lessons have been drawn from John Podesta clicking those phishing [links] back in 2016,” he said, referring to Russian intelligence agents’ breach of the Hillary Clinton […]

The post Navalny adviser urges vigilance after impersonation attempts of Kremlin foes appeared first on CyberScoop.

Continue reading Navalny adviser urges vigilance after impersonation attempts of Kremlin foes→

Researchers find two dozen bugs in software used in medical and industrial devices

Posted on April 29, 2021 by Sean Lyngaas

Microsoft researchers have discovered some two dozen vulnerabilities in software that is embedded in popular medical and industrial devices that an attacker could use to breach those devices, and in some cases cause them to crash. The so-called “BadAlloc” vulnerabilities the researchers revealed on Thursday are in code that makes its way into infusion pumps, industrial robots, smart TVs and wearable devices. No less than 25 products made by the likes of Google Cloud, Samsung and Texas Instruments are affected. The research serves as a critique of the coding practices of the designers of billions of so-called “internet of things” devices that are a feature of modern life. There’s no evidence that the vulnerabilities have been exploited, according to Microsoft. But the Department of Homeland Security’s cybersecurity agency issued an advisory urging organizations to update their software. It’s unclear just how many devices are affected by the software bugs, but […]

The post Researchers find two dozen bugs in software used in medical and industrial devices appeared first on CyberScoop.

Continue reading Researchers find two dozen bugs in software used in medical and industrial devices→

US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions

Posted on April 28, 2021 by Sean Lyngaas

U.S. federal agents on Tuesday arrested the alleged operator of Bitcoin Fog, a cryptocurrency-obfuscation service that the dark web’s most notorious marketplaces have reportedly used to move tens of millions of dollars. Roman Sterlingov, a Russian-Swedish national, was arrested in Los Angeles and charged with money laundering for his alleged role as Bitcoin Fog’s mastermind, according to court documents. Created in 2011, Bitcoin Fog bills itself as a means of further anonymizing cryptocurrency transactions by separating transmitted bitcoin from a particular bitcoin address. Some $336 million in transactions were routed through Bitcoin Fog over a decade, according to a criminal complaint against Sterlingov filed in the U.S. District Court for the District of Columbia. That included tens of millions of dollars laundered for dark web forums like AlphaBay and Silk Road, which were known for trafficking in drugs and hacking tools, as well as other illicit products, before being shut […]

The post US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions appeared first on CyberScoop.

Continue reading US arrests alleged ‘Bitcoin Fog’ boss, who is accused of laundering millions→

‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip

Posted on April 28, 2021 by Sean Lyngaas

For over a year, Stanislaw Zaryn, a Polish government official, has not been shy about exposing what he says are suspected Russian attempts to interfere in Polish politics. Zaryn has posted screenshots on Twitter of fake accounts and slapped a blaring “Disinformation” label on them. He has called out a forged letter that criticized the U.S. troop presence in Poland. But a study published by security firm FireEye on Wednesday makes clear that the propaganda flagged by Zaryn is but one front in a multi-pronged information operations effort aimed at sowing political discord in multiple NATO countries. FireEye has linked more than 30 such incidents in Lithuania, Latvia, Germany and elsewhere in the last five years to a previously disclosed, ongoing influence campaign it calls Ghostwriter. That includes more than 20 newly discovered Ghostwriter incidents since an initial FireEye report last summer, including one as recent as last month. The […]

The post ‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip appeared first on CyberScoop.

Continue reading ‘Ghostwriter’ disinformation campaign rages on as Biden prepares for NATO trip→