Shannon Vavra – Page 18 – WindowsTechs.com

Chinese cyber power is neck-and-neck with U.S., Harvard research finds

Posted on September 8, 2020 by Shannon Vavra

As conventional wisdom goes, experts tend to rank the U.S ahead of China, U.K., Iran, North Korea, Russia, in terms of how strong it is when it comes to cyberspace. But a new study from Harvard University’s Belfer Center shows that China has closed the gap on the U.S. in three key categories: surveillance, cyber defense, and its efforts to build up its commercial cyber sector. “A lot of people, Americans in particular, will think that the U.S., the U.K., France, Israel are more advanced than China when it comes to cyber power,” Eric Rosenbach, the Co-Director of Harvard’s Belfer Center, told CyberScoop. “Our study shows it’s just not the case and that China is very sophisticated and almost at a peer level with the U.S.” Overall, China’s cyber power is only second to the U.S., according to the research, which was shared exclusively with CyberScoop. But the study also found […]

The post Chinese cyber power is neck-and-neck with U.S., Harvard research finds appeared first on CyberScoop.

Continue reading Chinese cyber power is neck-and-neck with U.S., Harvard research finds→

How the government is keeping hackers from disrupting coronavirus vaccine research

Posted on September 8, 2020 by Shannon Vavra

Six months ago, as professional sports were postponed indefinitely, schools were shuttering, Tom Hanks was the poster boy for COVID-19, and President Donald Trump addressed a nervous nation, people at the highest levels of the U.S. government became laser-focused on one idea: Coronavirus vaccine research needed to be defended from hacking attempts. Soon after the World Health Organization declared a pandemic, the Pentagon’s Defense Digital Service and the National Security Agency got to work on a behind-the-scenes protection mission for “Operation Warp Speed,” the U.S. government program responsible for producing 300 million coronavirus vaccine doses by January 2021. Known as the Security and Assurance portion of Operation Warp Speed, the mission is no small effort. Consisting of people from DDS, NSA, FBI, the Department of Homeland Security and the Department of Health and Human Services, it has been running behind the scenes for months, and is being detailed here for the first time. […]

The post How the government is keeping hackers from disrupting coronavirus vaccine research appeared first on CyberScoop.

Continue reading How the government is keeping hackers from disrupting coronavirus vaccine research→

Trump administration urged to sanction Russian individuals and groups for election meddling

Posted on September 3, 2020 by Shannon Vavra

A group of Democratic senators is urging the U.S. Treasury Department to impose sanctions on those involved in efforts to interfere in the 2020 elections so far, including those from Russia. “We write to urge you immediately to impose sanctions on individuals, entities and governmental actors seeking to interfere in the 2020 U.S. elections,” the 11 lawmakers, including Intelligence Committee Vice Chairman Mark Warner, wrote in a letter Thursday to Treasury Secretary Steven Mnuchin. “Congress mandated a broad range of sanctions tools, and it is long past time for the administration to send a direct message to President Putin: the U.S. will respond immediately and forcefully to continuing election interference by the government of the Russian Federation and its surrogates, to punish, deter and substantially increase the economic and political costs of such interference.” The U.S. intelligence community has assessed Russia is currently working to “publicly denigrate” Democratic presidential candidate Joe Biden, according to a statement the Office […]

The post Trump administration urged to sanction Russian individuals and groups for election meddling appeared first on CyberScoop.

Continue reading Trump administration urged to sanction Russian individuals and groups for election meddling→

Trump administration urged to sanction Russian individuals and groups for election meddling

Posted on September 3, 2020 by Shannon Vavra

The post Trump administration urged to sanction Russian individuals and groups for election meddling appeared first on CyberScoop.

Continue reading Trump administration urged to sanction Russian individuals and groups for election meddling→

NSA watchdog finds abusive behavior, grift at senior levels

Posted on September 2, 2020 by Shannon Vavra

The National Security Agency’s Office of the Inspector General determined that multiple senior executive leaders and top officials at the intelligence agency recently have engaged in abusive behavior, misusing their positions, and fudging timesheets. One senior executive “created a hostile work environment by using abusive and offensive language toward subordinate employees,” according to the NSA OIG’s semi-annual report to Congress, an unclassified version of which was published Wednesday. The same official also asked subordinates to bring in food such as donuts, to be paid for out of pocket, and urged subordinates to perform activities outside of their professional duties and complete tasks that weren’t “authorized in accordance with law or regulation,” the OIG said. The same executive, who went unnamed in the report, also “misused the NSA/[Central Security Service] information systems in a manner that served no legitimate public interest and which would reflect adversely on NSA, in violation of DoD Joint Ethics Regulation and Agency […]

The post NSA watchdog finds abusive behavior, grift at senior levels appeared first on CyberScoop.

Continue reading NSA watchdog finds abusive behavior, grift at senior levels→

The most popular brand websites hackers use for typosquatting campaigns

Posted on September 1, 2020 by Shannon Vavra

The most imitated websites that credential-stealing, financially-motivated hackers have resorted to mimicking include Wells Fargo, Netflix, Facebook, and Microsoft, according to new Palo Alto Networks research published Tuesday. Some of the other top brands that hackers have mimicked with typosquatting, a technique that relies on victims glancing over typos in website names that appear similar to other popular legitimate sites, also include PayPal, Apple, Royal Bank of Canada, LinkedIn, Google, Apple’s iCloud, Bank of America, Dropbox, Amazon, and Instagram, according to the research, which examines data collected in December 2019. The hackers have been using these malicious domains to distribute malware, reward scams, run phishing campaigns and technical support scams, Palo Alto Networks’ Unit 42 researchers said in a blog post. Of nearly 13,857 squatting domains registered in December, 18.59% are malicious, “often distributing malware or conducting phishing attacks.” Typosquatting has long been a favorite tactic for attackers looking to […]

The post The most popular brand websites hackers use for typosquatting campaigns appeared first on CyberScoop.

Continue reading The most popular brand websites hackers use for typosquatting campaigns→

UK man arrives to face charges in US after alleged $2 million email scam

Posted on August 31, 2020 by Shannon Vavra

A man charged as part of a business email compromise money laundering scheme that allegedly defrauded victims out of $2 million over the course of at least six years is set to face a judge in U.S. court in the Southern District of New York. The man, Habeeb Audu, who is a dual citizen of Nigeria and the U.K., was extradited from London last week for his alleged involvement in multiple money laundering and fraud scams, some of which leveraged information stolen during previous business email compromises, according to the U.S. Department of Justice. One of the operations in which Audu was allegedly involved ran from 2013 to 2018. Audu and several co-conspirators duped banks into giving them access to victim bank accounts to steal money, according to the Justice Department. They did so by using stolen personal information to deceive the banks into thinking they were legitimate account holders, according to court documents. They then supplemented those […]

The post UK man arrives to face charges in US after alleged $2 million email scam appeared first on CyberScoop.

Continue reading UK man arrives to face charges in US after alleged $2 million email scam→

DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks

Posted on August 27, 2020 by Shannon Vavra

The U.S. Department of Justice has filed a civil forfeiture complaint targeting the North Korean government’s hacking of two cryptocurrency exchanges last year. The hacks, which allegedly took place in July 2019 and September 2019, resulted in the theft of millions of dollars’ worth of cryptocurrency and financial instruments, according to the DOJ’s complaint, which was filed in a Washington, D.C. federal court on Thursday. The filing comes amid a broad effort in the U.S. government to hold North Korea accountable for its hacking operations, particularly those that seek to fund the regime amid international sanctions. It comes just one day after the U.S. government exposed details of other, more recent North Korean government financial hacking operations — aimed at stealing cash from ATMs around the globe. But the complaint filed Thursday reveals a new wrinkle in the U.S. military’s efforts to target North Korean hacking: The DOJ said it […]

The post DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks appeared first on CyberScoop.

Continue reading DOJ and Cyber Command partner up in civil forfeiture claim targeting North Korea’s financial hacks→

US government exposes North Korean government ATM cashout hacking campaign

Posted on August 26, 2020 by Shannon Vavra

The U.S. government called out North Korea on Wednesday over a government-led hacking campaign that has been focused on stealing cash from ATMs around the world. The operation, run out of the North Korean government’s Reconnaissance General Bureau — through a hacking group the U.S. government refers to as Hidden Cobra — poses a “significant threat to financial institutions,” the Department of Defense, Department of Homeland Security, FBI, and U.S. Treasury said in a joint release. The scheme comes as North Korea is under the crush of harsh international sanctions, which is forcing the country to find money through any means necessary. In exposing the campaign, the U.S. government says it aims to throttle those efforts. “We know that North Korea uses cyber-enabled tactics and techniques to steal currency, which it would otherwise be denied under international sanctions,” the Pentagon’s Cyber Command Cyber National Mission Force Commander, Brig. Gen. Joe Hartman, […]

The post US government exposes North Korean government ATM cashout hacking campaign appeared first on CyberScoop.

Continue reading US government exposes North Korean government ATM cashout hacking campaign→

Malicious Autodesk plugin at root of cyber-espionage campaign

Posted on August 26, 2020 by Shannon Vavra

A company involved in billion-dollar real estate deals in New York, London, Australia, and Oman has recently become the target of a cyber-espionage campaign from a set of well-resourced hackers, according to new BitDefender research published Wednesday. The hackers waged the campaign against the target, an international architectural and video production entity, in a likely effort to collect financial information or negotiation details of competing contracts for a customer, BitDefender assessed. They infiltrated the victim firm by imitating a plugin for a popular 3D computer graphics software, AutoDesk 3ds Max, and then deploying a malicious file against the target. The perpetrators are likely hackers-for-hire who split their time between running nation-state cyber-operations and conducting corporate espionage on behalf of private sector entities, according to BitDefender’s analysis. Which foreign government BitDefender suspects employs the hackers wasn’t immediately clear, but Russia, China, Iran, and North Korea alike frequently rely on contractor talent or […]

The post Malicious Autodesk plugin at root of cyber-espionage campaign appeared first on CyberScoop.

Continue reading Malicious Autodesk plugin at root of cyber-espionage campaign→