Author Archives: Shannon Vavra

Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn

Posted on by

The Russian government hacking group known as Cozy Bear or APT29 has been targeting coronavirus vaccine research, U.K., U.S., and Canadian government officials said Thursday morning. The hackers have been trying to breach programs in all three countries, the officials said in a security assessment issued by the U.K.’s National Cyber Security Centre (NCSC). Agencies from the U.S. and Canada contributed to the effort. The hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets,” the NCSC said in the assessment. A senior official with the U.S. National Security Agency urged organizations to pay attention to the technical details in the document. “APT29 has a long history of targeting governmental, diplomatic, think-tank, healthcare and energy organizations for intelligence gain so we encourage everyone to take this threat seriously and apply the mitigations issued in the advisory,” NSA Cybersecurity Director Anne Neuberger said in a separate statement. State-backed hackers worldwide are interested in targeting research […]

The post Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn appeared first on CyberScoop.

Continue reading Russian government hackers targeting coronavirus vaccine research, UK, US and Canada warn

Microsoft issues patch for wormable Windows DNS Server flaw

Posted on by

Microsoft is issuing a patch for a severe and wormable Windows Domain Name System Server vulnerability that could allow attackers to execute arbitrary code against targets and gain control of targets’ entire IT infrastructure. The vulnerability, which was uncovered by a researcher at Check Point, would allow hackers to intercept and interfere with users’ emails and network traffic, tamper with services, and steal users’ credentials, by exploiting Windows’ Domain Name System (DNS) Server; DNS is essentially the protocol that translates between website names and their corresponding IP addresses. The vulnerability can be triggered by a malicious DNS response, which could lead to a heap-based buffer overflow, according to Check Point. The vulnerability is widespread as it affects all Windows Server versions, according to Microsoft. It’s the third serious vulnerability Microsoft has addressed just this month, following the emergency disclosure and patching of two critical vulnerabilities affecting Windows 10 and Windows Server distributions. Those […]

The post Microsoft issues patch for wormable Windows DNS Server flaw appeared first on CyberScoop.

Continue reading Microsoft issues patch for wormable Windows DNS Server flaw

Chinese banks require clients to use tax programs laced with backdoors, report says

Posted on by

When a Chinese bank asked a new client to use a specific kind of tax software as a condition of doing business, the company didn’t know that the tax technology came with a backdoor that would give hackers a new way in, according to research from Trustwave. The Chinese bank had told the U.K.-based defense contractor that the Chinese government required firms to use that specific software tool to pay local taxes. However, findings published Tuesday by the security vendor Trustwave spotlight how the tax software’s developer has relied on a number of subcontractors to build software flaws into other software tools for years. The programs are required to be used through the Chinese government’s Chinese Golden Tax Project, a tax system launched in the 1990s meant to streamline tax administration, according to Trustwave. The security company did not identify the Chinese bank nor the U.K.-based defense contractor. The revelation that Beijing mandates […]

The post Chinese banks require clients to use tax programs laced with backdoors, report says appeared first on CyberScoop.

Continue reading Chinese banks require clients to use tax programs laced with backdoors, report says

Israeli court rejects request to revoke NSO Group’s export license

Posted on by

An Israeli judge has ruled against revoking the export license of Israeli software surveillance firm NSO Group, despite allegations its software has been used to target human rights activists and political dissidents around the globe. Amnesty International filed the lawsuit in Israel last year alleging one of its employees had been targeted by Pegasus, NSO Group’s signature software. But the judge overseeing the case said that Amnesty had not provided sufficient evidence to show that Pegasus was used against the alleged targets, according to Haaretz, which first reported the decision. Security researchers and human rights groups have claimed that Pegasus has been used to target political dissidents, journalists, and human rights activists, including an Amnesty employee, in several countries. Most notably, Pegasus is alleged to have been used to target associates of American journalist Jamal Khashoggi before he was murdered. Amnesty alleged in June that the technology was also being […]

The post Israeli court rejects request to revoke NSO Group’s export license appeared first on CyberScoop.

Continue reading Israeli court rejects request to revoke NSO Group’s export license

Google bans stalkerware marketing in ad policy adjustment, but leaves big loophole

Posted on by

Starting next month, Google says it will no longer allow advertisements or marketing in its network that promotes spyware and surveillance technology used for intimate partner surveillance. More commonly known as stalkerware, these applications can facilitate and exacerbate domestic violence by monitoring a target’s texts, phone calls, browsing history, geolocation, social media history, and more without alerting targets they are being tracked. The policy update intends to bar advertisements or marketing in Google’s ad network that perpetuates this kind of surveillance without targets’ consent. The change, announced this month, could be an important move for stalkerware victims because while Google has taken steps to ban stalkerware applications in the Google Play Store, developers can always place advertisements that direct users to third-party sources where the applications can be acquired. Despite the changes, there are still several gaps that could allow stalkerware advertising in Google’s network. Although Google says its new […]

The post Google bans stalkerware marketing in ad policy adjustment, but leaves big loophole appeared first on CyberScoop.

Continue reading Google bans stalkerware marketing in ad policy adjustment, but leaves big loophole

Secret Service merging electronic and financial crime task forces to combat cybercrime

Posted on by

The Secret Service is combining its Electronic Crimes Task Forces (ECTFs) and Financial Crimes Task Forces (FCTFs) into one unified network, the agency announced Thursday. The new merged network of task forces, to be known as Cyber Fraud Task Forces (CFTFs), will detect, prevent and root out cyber-enabled financial crimes, such as business email compromise and ransomware scams, “with the ultimate goal of arresting and convicting the most harmful perpetrators,” the Secret Service said in a press release. The agency hopes the reorganization integrates the resources and know-how in the previous task forces. “Through the creation of the CFTFs, the Secret Service aims to improve the coordination, sharing of expertise and resources, and dissemination of best practices for all its core investigations of financially-motivated cybercrime,” the Secret Service said. The decision to merge task forces comes months after the Secret Service launched an effort to modernize its investigations into financially-motivated […]

The post Secret Service merging electronic and financial crime task forces to combat cybercrime appeared first on CyberScoop.

Continue reading Secret Service merging electronic and financial crime task forces to combat cybercrime

Cyber Command backs ‘urgent’ patch for F5 security vulnerability

Posted on by

One of the largest providers of enterprise networking equipment in the world, F5 Networks, has issued a security fix for a major vulnerability that, if exploited, could result in a “complete system compromise.” F5’s BIG-IP is among the most popular networking gear in use today, with adoption through government networks, internet service providers, and cloud computing data centers. If security administrators fail to patch the new vulnerability, though, attackers could wreak havoc on their systems, according to a information security specialists. Mikhail Klyuchnikov, the senior web application security researcher at Positive Technologies who uncovered the flaw, estimated that there are approximately 8,000 vulnerable devices exposed to the internet. The remote code execution vulnerability, called CVE-2020-5902, affects the BIG-IP products’ Traffic Management User Interface (TMIU), which can function as load balancers, firewalls, rate limiters, and web traffic shaping systems. Attackers who exploit the weakness can execute arbitrary system commands, create files, delete files, or disable services, according to […]

The post Cyber Command backs ‘urgent’ patch for F5 security vulnerability appeared first on CyberScoop.

Continue reading Cyber Command backs ‘urgent’ patch for F5 security vulnerability

Facebook reinstates NSO Group employee accounts amid ongoing lawsuit

Posted on by

After a months-long court battle, Facebook has reinstated four accounts of people employed by Israeli software surveillance firm NSO Group, according to Israeli news outlet CTech. NSO Group employees had alleged in a suit filed last November that Facebook had unfairly blocked them from their personal accounts when Facebook’s WhatsApp sued the surveillance firm in October. An Israeli court had previously ordered Facebook to unblock the accounts in February. Last month, the court rejected Facebook’s appeal, according to CTech. It’s the latest legal scuffle between the social media giant and NSO Group, which is being sued in California over allegations its software was used to spy on thousands of WhatsApp users. In a statement to CTech, Facebook indicated the decision to reinstate the accounts would not affect the lawsuit. “Throughout the entire proceedings in Israel, NSO Group operated behind the scenes to sabotage our efforts to make it admit its responsibility for attacks […]

The post Facebook reinstates NSO Group employee accounts amid ongoing lawsuit appeared first on CyberScoop.

Continue reading Facebook reinstates NSO Group employee accounts amid ongoing lawsuit

Microsoft issues two emergency security updates impacting Windows 10 and Windows Server

Posted on by

Microsoft on Tuesday issued emergency security updates for two vulnerabilities that could allow attackers to run remote code execution against victims. One of the flaws, catalogued as CVE-2020-1425, would allow attackers to gather information from victims about further compromising their targets. If attackers were to exploit another flaw, catalogued as CVE-2020-1457, they would be capable of executing arbitrary code, Microsoft said. To exploit the vulnerabilities, which affect Windows 10 and Windows Server distributions, they would have to use a “specially crafted image file,” Microsoft said. The flaws were rated as “critical” and “important,” respectively. Microsoft has addressed the vulnerabilities by correcting how objects in memory are handled by Microsoft Windows Codecs Library. Customers don’t have to take any action to receive the updates, Microsoft said. Microsoft typically issues patches for vulnerabilities on the second Tuesday of each month. And although Microsoft said it hasn’t seen any threat actors exploiting the vulnerabilities in the […]

The post Microsoft issues two emergency security updates impacting Windows 10 and Windows Server appeared first on CyberScoop.

Continue reading Microsoft issues two emergency security updates impacting Windows 10 and Windows Server

During a pandemic, stalkerware becomes even more sinister

Posted on by

When public health experts started recommending social distancing to reduce the spread of COVID-19, the goal was to place people out of harm’s way. But the policy has forced many domestic violence victims to possibly face a far more insidious danger: isolating with an abuser. Security researchers tell CyberScoop that data show a rise in invasive surveillance software known as stalkerware — applications that can spy on partners’ texts, calls, social media use and geolocation information — since the coronavirus pandemic began, despite the fact that abusers are much more likely to be sharing the same living space as their victims. Three antivirus companies tracking stalkerware globally told CyberScoop they saw an increase in stalkerware detections just after governments at all levels put social distancing measures in place. Between January and May, for instance, California-based Malwarebytes and Germany-based Avira said stalkerware detections on their respective customers’ devices spiked by 190% and […]

The post During a pandemic, stalkerware becomes even more sinister appeared first on CyberScoop.

Continue reading During a pandemic, stalkerware becomes even more sinister