New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication

A vulnerability in Microsoft’s popular identity management directory could let an attacker breach multiple employee accounts in an organization by circumventing multi-factor authentication, according to new research from identity security company Okta. The directory in question is Microsoft’s Active Directory Federation Services (ADFS), which allows business partners from different organizations to sign in to shared web applications. A weakness in the multi-factor authentication protocol for ADFS means that a hacker equipped with a user’s password and second “factor,” such as an SMS message, could use that factor in place of any other employee’s in the organization, according to Okta. To breach another user in the organization, the hacker would need access to his or her user name and password on the same ADFS service. “Simply put, if just one employee in a global company wanted to – or if a bad actor compromised the account of one employee – they […]

The post New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication appeared first on Cyberscoop.

Continue reading New vuln in Microsoft Active Directory lets attackers bypass multi-factor authentication

DEF CON’s Voting Village tests hacker-government collaboration

The national conversation on election security came into sharp focus Friday at a renowned hacker conference as U.S. officials and security researchers sought common ground in raising awareness of potential vulnerabilities in election equipment. The goal was to have a more transparent conversation about those vulnerabilities without spreading undue public fear about them. The Voting Village at DEF CON in Las Vegas, a room where white-hat hackers could tinker with voting machines and mock voter registration databases, was a high-profile test of that collaboration. “I’m here to learn,” Alex Padilla, California’s secretary of state, said before touring the village in the bowels of Caesars Palace hotel and casino. That mindset is important as state and local officials ramp up resources toward securing election infrastructure three months before the midterm elections. In advance of the 2016 presidential election, Russian hackers probed the IT systems of 21 states, and U.S. officials have […]

The post DEF CON’s Voting Village tests hacker-government collaboration appeared first on Cyberscoop.

Continue reading DEF CON’s Voting Village tests hacker-government collaboration

Health care cyber experts tout progress in vulnerability disclosure at BSides Vegas

The delicate process for disclosing software and hardware bugs in medical devices has made important strides in recent years, according to experts, as big manufacturers have set up disclosure programs and the threat of lawsuits against security researchers has receded. Health care cybersecurity hands are now looking to capitalize on what they say is growing trust between manufacturers and researchers to strengthen vulnerability disclosure in the industry. “There’s still a lot of work to be done to make it better, but man, has it come a far way,” Jay Radcliffe, a cybersecurity researcher at medical device manufacturer Boston Scientific, said at the BSides Las Vegas conference Tuesday.  “And as a researcher, that makes me a lot more comfortable doing my disclosures and doing my research.” Radcliffe, who is diabetic, told the story of a presentation he gave at Black Hat in 2011 on hacking insulin pumps. “At that time, the state of […]

The post Health care cyber experts tout progress in vulnerability disclosure at BSides Vegas appeared first on Cyberscoop.

Continue reading Health care cyber experts tout progress in vulnerability disclosure at BSides Vegas

Hacker honeypot shows even amateurs are going after ICS systems

While stories of nation-state backed hackers threatening the U.S. power sector garner regular headlines, a new experiment highlights the risk of unintended consequences when less-skilled adversaries target the sector. Researchers from Cybereason, a Boston-based company, set up a honeypot in mid-July that mimicked a utility substation’s network environment, drawing the attention of a determined attacker that repeatedly disabled the honeypot’s security system. The hacker’s attempts to be conspicuous, coupled with some sloppy work, told researchers that they were not part of any advanced persistent threat (APT) group that is linked with a nation-state. “It’s not script kiddies, but I’m not convinced that it’s APT either,” said Ross Rustici, senior director of intelligence at Cybereason. “[That] is a red flag for me because they’re very focused, but they’re making mistakes.” While the spotlight has been on nation-state threats to the energy grid, Rustici told CyberScoop, “one of the more concerning and […]

The post Hacker honeypot shows even amateurs are going after ICS systems appeared first on Cyberscoop.

Continue reading Hacker honeypot shows even amateurs are going after ICS systems

DNC tells candidates not to use Huawei or ZTE devices

The Democratic National Committee has warned candidates running in the 2018 midterm elections not to use devices made by Chinese telecom firms Huawei and ZTE because of security concerns. “[P]lease make sure that you are not using or purchasing ZTE or Huawei devices anywhere within your staff – for personal or work-related use,” DNC Chief Security Officer Bob Lord wrote in an email obtained by CyberScoop. Lord sent the email Friday to Democratic state parties and the DNC’s sister committees. U.S. intelligence officials have long expressed concerns that equipment from Huawei and ZTE could be used to spy on Americans due to the companies’ alleged links to the Chinese government. Both companies have vigorously denied the allegations. Lord cited congressional testimony from February, in which U.S. intelligence directors raised security concerns about the Chinese companies. “I wanted to highlight that the intelligence community does not make statements like this lightly,” […]

The post DNC tells candidates not to use Huawei or ZTE devices appeared first on Cyberscoop.

Continue reading DNC tells candidates not to use Huawei or ZTE devices

Senator asks DHS what it’s learning from key email-security measure

Sen. Ron Wyden has asked the Department of Homeland Security how it is turning the implementation of an important email security protocol at federal civilian agencies into “actionable cyber intelligence” to guard against hackers. In a Aug. 2 letter, Wyden, D-Ore., asks the department how it is analyzing reports that civilian agencies are required to send DHS about attempts by hackers and spammers to spoof federal email accounts. The senator also wants to know if there are agencies that aren’t sending those reports. “[R]equiring agencies to transmit email impersonation threat data to DHS is only the first step,” states Wyden’s letter to Chris Krebs, DHS’s undersecretary of the National Protection and Programs Directorate. “DHS must then collate and analyze those reports in order to understand the scope of the threat and to determine how best to protect federal agencies from impersonation.” The anti-phishing email protocol, known as Domain-based Message, Authentication, Reporting […]

The post Senator asks DHS what it’s learning from key email-security measure appeared first on Cyberscoop.

Continue reading Senator asks DHS what it’s learning from key email-security measure

Criminal hacking group targets U.S., U.K. agencies in Pakistan

A criminal hacking group concentrated in Pakistan has in recent months carried out a string of attacks on American, British, Russian, and Spanish governmental organizations, according to new research from cybersecurity company Palo Alto Networks. The hacking collective known as the Gordon Group “has been performing criminal operations against targets across the globe, often using shared infrastructure with their targeted attack operations,” Palo Alto Networks’ threat intelligence arm, Unit 42, said in a blog post Thursday. The group has been targeting foreign government agencies operating in Pakistan, partly through malware-laced Microsoft Word documents, the researchers found.  “The spear phishing emails involved in this campaign would most often originate from Gmail accounts masquerading as legitimate individuals, such as a prominent lieutenant colonel in the Pakistani military,” they wrote. It is unclear if the attackers are all based in Pakistan, but they claim to be through online personas, according to the research. The […]

The post Criminal hacking group targets U.S., U.K. agencies in Pakistan appeared first on Cyberscoop.

Continue reading Criminal hacking group targets U.S., U.K. agencies in Pakistan

Pence urges states to accept federal help in securing elections

Vice President Mike Pence on Tuesday delivered the most direct and high-profile appeal from the Trump administration to states to accept federal aid in securing election systems, citing a recent “malware attack” in Kansas as a need for state-federal cooperation. “Take advantage of the assistance offered by our administration,” Pence said at the Department of Homeland Security’s cybersecurity summit in New York City. “Do everything in your power to strengthen and protect your election systems.” “It concerns us that many states still don’t have concrete plans to update their voting systems,” said Pence, the former governor of Indiana. “Fourteen states are struggling to replace outdated voting machines that lack paper trails before the next presidential election [in 2020].” To emphasize the need for federal election-security assistance, the vice president shed light on what he described as a “malware attack” within the last two weeks in Finney County, Kansas. Finney County […]

The post Pence urges states to accept federal help in securing elections appeared first on Cyberscoop.

Continue reading Pence urges states to accept federal help in securing elections

DHS to unveil National Risk Management Center

The Department of Homeland Security will on Tuesday unveil a new interagency center to help critical-infrastructure firms assess the risk that a ceaseless stream of cyberthreats pose to their networks. The National Risk Management Center is meant to be a one-stop shop for helping private companies manage their cybersecurity risk – and develop ways to mitigate it. Officials are expected to announce the center at a conference in New York City on Tuesday that will feature Vice President Mike Pence, Homeland Security Secretary Kirstjen Nielsen and other cabinet officials. The new initiative follows months of public statements from DHS officials about the need to better understand cyber risk spread across sectors.  Effectively assessing risk requires “visibility into an often-opaque supply-chain process and a clear understanding of the threat,” Jeanette Manfra, DHS’s top cybersecurity official, said in April. With the private sector telling DHS it needs more actionable threat data, the department has […]

The post DHS to unveil National Risk Management Center appeared first on Cyberscoop.

Continue reading DHS to unveil National Risk Management Center

Malware-ransomware combo campaign hits North American inboxes

An updated version of a popular credential-stealing malware variant has been paired with ransomware to send thousands of emails in North America, according to new research. Within a day of hackers releasing an update of the trojan malware known as AZORult to underground forums, a “prolific actor” had coupled it with the Hermes ransomware, according to research from email security company Proofpoint. The hybrid malware campaign targeted email users with job-related subject lines that came with malicious attachments, Proofpoint said. The company attributed the campaign to a hacking group it dubbed TA516, which has used similar tricks to install banking trojans or a Monero cryptocurrency miner. The Hermes 2.1 variant used in the attack first emerged in November 2017 and was used in an attack on a Taiwanese bank that has been linked with North Korea. However, there isn’t any evidence to suggest at this point that TA516 is linked […]

The post Malware-ransomware combo campaign hits North American inboxes appeared first on Cyberscoop.

Continue reading Malware-ransomware combo campaign hits North American inboxes