Sean Lyngaas – Page 9 – WindowsTechs.com

Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018

Posted on April 26, 2021 by Sean Lyngaas

U.S. national security agencies on Monday continued their concerted efforts to expose hacking techniques used by the Russian intelligence agency allegedly responsible for a historic cyber-espionage campaign aimed at the U.S. government. The latest public statement from the FBI and the Department of Homeland Security traces the evolution of Russia’s SVR foreign intelligence agency as a formidable cyber adversary capable of exploiting U.S. networks through a range of tools. A turning point, the advisory said, came in 2018 when the FBI saw the SVR begin to target email-based cloud computing resources in a likely effort to conceal the spies’ intelligence collection. The SVR allegedly employed that tactic in the hacking effort that exploited software made by SolarWinds and other vendors to breach nine U.S. government agencies. The bugging of trusted SolarWinds software updates was “a notable departure from the SVR’s historic tradecraft,” the FBI and DHS’s Cybersecurity and Infrastructure Security […]

The post Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018 appeared first on CyberScoop.

Continue reading Before SolarWinds, US officials say SVR began stealthily targeting cloud services in 2018→

Breach at Click Studios-owned password manager left clients exposed for more than 24 hours

Posted on April 23, 2021 by Sean Lyngaas

For more than 24 hours this week, hackers had unfettered access to the update mechanism for a popular password manager that claims hundreds of thousands of IT professionals as clients, incident responders revealed on Friday. The malicious code found in the Passwordstate software offered the unidentified attackers a potential foothold onto any customer network that downloaded the update during that time. Click Studios, the Australian firm that owns the Passwordstate password manager, claims that 370,000 IT security professional around the world use the software. In addition, 29,000 organizations across sectors such as banking, manufacturing, defense and aerospace are customers, according to the Click Studios website. “We assume this attack could have impacted a large number of these customers,” said CSIS Security Group, the Danish firm that responded to the intrusion. In a year of high-profile supply chain compromises, it’s unclear how severely the incident will rank. But it points to […]

The post Breach at Click Studios-owned password manager left clients exposed for more than 24 hours appeared first on CyberScoop.

Continue reading Breach at Click Studios-owned password manager left clients exposed for more than 24 hours→

Rights groups ask Supreme Court to review warrantless searches at border

Posted on April 23, 2021 by Sean Lyngaas

Civil liberties groups on Friday asked the Supreme Court to hear a case challenging the Department of Homeland Security’s warrantless searches of travelers’ electronic devices at U.S. ports of entry and airports. The petition from the Electronic Frontier Foundation and American Civil Liberties Union asks the Supreme Court to overturn a U.S. appeals court’s decision in February that authorizes border agents to search devices without a warrant. The EFF and ACLU sued DHS in 2017 on behalf of 11 U.S. citizens who contended border officers violated their rights when they searched their devices as they re-entered the U.S. The issue has long been a concern for privacy-minded groups and press advocates. The Committee to Protect Journalists, which does advocacy around the world, warned in 2018 that journalists traveling to the U.S. “should be aware that current practice risks exposing contacts, sourcing and reporting material contained on laptops, phones and […]

The post Rights groups ask Supreme Court to review warrantless searches at border appeared first on CyberScoop.

Continue reading Rights groups ask Supreme Court to review warrantless searches at border→

Researchers find flaw that leaks email addresses from Apple’s AirDrop

Posted on April 23, 2021 by Sean Lyngaas

AirDrop, the feature built into an estimated 1.5 billion Apple devices, allows Mac and iPhone users to seamlessly share files without the nuisance of USB sticks or finding another network connection. But security researchers this week poked a big hole in that peace of mind by revealing two flaws in AirDrop’s protocol that could allow an attacker to obtain email addresses and phone numbers of nearby devices that are using AirDrop. The concern is the snooping could enable other malicious activity, such as spearphishing of individual Apple users or the sale of bulk personal data to fraudsters. At issue are the “hash values” that Apple uses to hide the contact details of AirDrop users from a third party. Researchers from Germany’s Technical University (TU) of Darmstadt who made the discovery said those values can be easily exposed using brute-force or other attacks. A hacker would need to be in close […]

The post Researchers find flaw that leaks email addresses from Apple’s AirDrop appeared first on CyberScoop.

Continue reading Researchers find flaw that leaks email addresses from Apple’s AirDrop→

Stanford student finds glitch in ransomware payment system to save victims $27,000

Posted on April 22, 2021 by Sean Lyngaas

The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses. Stanford University student and security researcher Jack Cable got a call Wednesday from a family friend, who is a doctor, asking for help because cybercriminals had locked the doctor’s computer. The doctor was preparing to pay the ransom when Cable began looking at the hackers’ payment system, according to Cable. The hackers were demanding 0.01 Bitcoin, or roughly $550 at the time, to unlock the doctor’s files. Cable, who served as a cybersecurity adviser to the Department of Homeland Security during the 2020 election, realized that if he changed one letter from lowercase to uppercase in the “transaction ID” the hackers were using to track payments, the system mistook the input for a victim that had […]

The post Stanford student finds glitch in ransomware payment system to save victims $27,000 appeared first on CyberScoop.

Continue reading Stanford student finds glitch in ransomware payment system to save victims $27,000→

A botnet named after Prometheus jumps is also exploiting Exchange Server flaws

Posted on April 22, 2021 by Sean Lyngaas

Sometimes a glaring new software vulnerability is all that scammers need to revive a trusty hacking scheme. Just days after Microsoft announced that suspected Chinese spies were exploiting bugs in Microsoft Exchange Server software in March, Russian-speaking attackers controlling a botnet, or army of compromised computers, used those vulnerabilities to conduct a series of intrusions at companies in North America, according to incident responders at security firm Cybereason. The hacks, which are among several breaches involving the Exchange Server vulnerabilities, show how the same bugs in widely used software can be used for very different purposes. And the reemergence of the so-called Prometei botnet, named after the Russian word for Prometheus, the Greek god of fire, is a reminder of the many malicious purposes that the zombie computers serve. Cybereason said it was aware of more than a dozen recent hacking incidents involving the Prometei botnet, which the attackers typically use […]

The post A botnet named after Prometheus jumps is also exploiting Exchange Server flaws appeared first on CyberScoop.

Continue reading A botnet named after Prometheus jumps is also exploiting Exchange Server flaws→

At least 24 agencies run Pulse Secure software. How many were hacked is an open question.

Posted on April 21, 2021 by Sean Lyngaas

At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. CyberScoop’s review of agency records found that multiple U.S. government-funded labs conducting national security-related research appear to run Pulse Connect Secure virtual private network software, which allows employees to log […]

The post At least 24 agencies run Pulse Secure software. How many were hacked is an open question. appeared first on CyberScoop.

Continue reading At least 24 agencies run Pulse Secure software. How many were hacked is an open question.→

Hackers exploit SonicWall email software in a banner week for zero-day flaws

Posted on April 21, 2021 by Sean Lyngaas

It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […]

The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop.

Continue reading Hackers exploit SonicWall email software in a banner week for zero-day flaws→

Hackers pose as Bloomberg employees in email scam

Posted on April 21, 2021 by Sean Lyngaas

Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […]

The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop.

Continue reading Hackers pose as Bloomberg employees in email scam→

State-linked hackers hit American, European organizations with Pulse Secure exploits

Posted on April 20, 2021 by Sean Lyngaas

Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye incident response unit Mandiant. “We have also uncovered limited evidence to suggest that [the hacking group] operates on behalf of the Chinese government,” Mandiant said in a blog post. The company did not say, specifically, what evidence it uncovered tying the incident to China. More broadly, Mandiant Senior Vice President and […]

The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.

Continue reading State-linked hackers hit American, European organizations with Pulse Secure exploits→