Shannon Vavra – Page 35 – WindowsTechs.com

Sen. Menendez questions Twitter about former employees spying for Saudi Arabia

Posted on November 15, 2019 by Shannon Vavra

Sen. Bob Menendez has a lot of questions for Twitter and the Trump Administration after the Justice Department charged two former Twitter employees with spying on behalf of Saudi Arabia. Menendez, a New Jersey Democrat who serves as ranking member of the Senate Foreign Relations Committee, has written two letters, one to State Department officials and another to Twitter CEO Jack Dorsey, asking for details on how Saudi Arabia was able to exploit an American company’s internal systems for its own goals. He also wants to know what Twitter, and the Trump Administration, are doing about it. “As we know from the brutal murder of Jamal Khashoggi, Saudi officials carefully surveil social media for any critical voices,” Menendez wrote, referring to The Washington Post columnist who was an espionage target before he was murdered in the Saudi consulate in Istanbul last year. “However, these public charges reveal the extent to which Saudi Arabia is exploiting American companies […]

The post Sen. Menendez questions Twitter about former employees spying for Saudi Arabia appeared first on CyberScoop.

Continue reading Sen. Menendez questions Twitter about former employees spying for Saudi Arabia→

Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO

Posted on November 14, 2019 by Shannon Vavra

Cyber Command has recently cut down the average amount of time it takes to hire someone by approximately 40 percent — 111 days to 44 days — under the Cyber Excepted Service program, according to the Department of Defense CISO Jack Wilmer. The CES program, intended to speed up cybersecurity candidate recruitment in the DOD through initiatives like allowing hiring managers to make direct hires, was originally authorized in 2016 by Congress. The CES also establishes market-based pay scales and allows hiring with or without public notification or vacancy announcements, both intended to decrease red tape in the Pentagons’ hiring process. Wilmer said the decrease has given the Department of Defense a leg up on private sector cybersecurity hiring. Since implementing the CES program, the Pentagon has seen fewer cases of candidates leaving DOD jobs on the table for the private sector. “That is a huge win,” Wilmer said while speaking Thursday at the 2019 Workforce […]

The post Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO appeared first on CyberScoop.

Continue reading Cyber Command has cut hiring time for cybersecurity roles by nearly half, says DOD CISO→

Alleged SIM-swappers charged in $550,000 cryptocurrency scam

Posted on November 14, 2019 by Shannon Vavra

The U.S. Department of Justice charged two men on Wednesday in connection with a two-year-old scheme in which they allegedly stole victims’ phone numbers to steal hundreds of thousands of dollars worth of cryptocurrency. Two Massachusetts men, Eric Meiggs and Declan Harrington, tried to steal more than $550,000 in cryptocurrency from at least 10 victims throughout the U.S. since November 2017, according to the indictment. The two men were arrested Thursday and charged in U.S. District Court in Boston. The scheme relied on convincing cell phone carriers to pass on phone numbers from the SIM card in victims’ phones to SIM cards in phones the suspects controlled. Thieves allegedly targeted executives at cryptocurrency companies, and other individuals that had access to large amounts of cryptocurrency. Upon taking control of victims’ phone numbers, scammers then would pose as those individuals, access their email, social media and cryptocurrency accounts to reset passwords or credentials, and steal funds. […]

The post Alleged SIM-swappers charged in $550,000 cryptocurrency scam appeared first on CyberScoop.

Continue reading Alleged SIM-swappers charged in $550,000 cryptocurrency scam→

Another group is impersonating USPS, tax entities around the globe in order to steal money

Posted on November 14, 2019 by Shannon Vavra

A new scheme has seen a nefarious actor impersonating the United States Postal Service and tax entities in recent weeks in an effort to get victims in the U.S., Italy, and Germany to download and install malware, according to new research from Proofpoint. The scheme has been trying to trick victims into clicking through spearphishing emails that contain ransomware — and at times banking trojans — by sending alerts that appear to require urgent action related to tax information. Of course, what’s really taking place is a money-making ploy, according to Proofpoint researchers. The scheme — it’s unclear whether it’s being carried out by one person or a group — also works to trick victims by appearing to imitate government taxation entities or the USPS by using lookalike domains and branding. In one case last month, German-based accounts were targeted with hundreds of spearphishing emails that looked to be from […]

The post Another group is impersonating USPS, tax entities around the globe in order to steal money appeared first on CyberScoop.

Continue reading Another group is impersonating USPS, tax entities around the globe in order to steal money→

Cyber Command flags North Korean-linked hackers behind ongoing financial heists

Posted on November 11, 2019 by Shannon Vavra

The Department of Defense has once again called out North Korean hackers by exposing malware samples researchers say are linked to regime-backed financial heists, including past attacks on the interbank messaging system known as the Society for Worldwide Interbank Financial Telecommunication (SWIFT), CyberScoop has learned. Cyber Command assessed that the malware, which it posted to the information sharing platform VirusTotal, is being used in ongoing cyberattacks aimed at the financial sector. “These malware samples are currently used for fund generation and malicious cyber activities including remote access, beaconing, and malware command by malicious cyber actors,” the command said in a tweet. The command did not name victims or describe the magnitude of the scheme. It’s a rare statement from the Pentagon’s cyber-operations division on the intent and capabilities of adversary-linked malware in what appears to be an expansion of the command’s willingness and ability to discuss the intelligence behind its VirusTotal […]

The post Cyber Command flags North Korean-linked hackers behind ongoing financial heists appeared first on CyberScoop.

Continue reading Cyber Command flags North Korean-linked hackers behind ongoing financial heists→

Former Twitter employees charged with spying on critics of Saudi Arabia

Posted on November 7, 2019 by Shannon Vavra

The Department of Justice charged two former Twitter employees for spying on users at the behest the Saudi Arabian government, according to charges unsealed Wednesday. Three individuals are charged in all, part of an alleged scheme that was carried out by the Saudi Arabian government that started in 2014. The employees accessed the personal information of Saudi dissidents, including email addresses, phone numbers, and IP addresses that could reveal user location. According to the criminal complaint, Ahmad Abouammo, who formerly was head of the company’s media partnerships in the Middle East and North Africa, met with a Saudi official in London in 2014. One week later, he began accessing the private information of a Twitter user who has been a prominent critic of the Saudi government. Another former Twitter employee, Ali Alzabarah, is also alleged to have accessed sensitive information about Twitter users. According to the complaint, Alzabarah was charged with […]

The post Former Twitter employees charged with spying on critics of Saudi Arabia appeared first on CyberScoop.

Continue reading Former Twitter employees charged with spying on critics of Saudi Arabia→

Amid NSA warning, attacks on Confluence have risen in recent weeks

Posted on November 6, 2019 by Shannon Vavra

The National Security Agency’s recent warning about nation-state actors exploiting a vulnerability affecting Confluence wasn’t merely a delayed confirmation of information that the cybersecurity community already had on its radar. It also appears to tip off new exploitation of the vulnerability — hackers have been dramatically stepping up the pace and persistence of their attacks on the popular workplace collaboration software in recent weeks, according to new private sector research obtained by CyberScoop. The attackers are using a vulnerability that Confluence warned about this spring, according to data from Trend Micro’s TippingPoint technology. And while the NSA issued an advisory last week about the bug, it only says nation-state hackers “have exploited” and “could” exploit the vulnerability, not going so far as to say there has been a recent uptick in attacks. New information suggests now that the agency had specific reasons to share the guidance this fall: Starting in late September, just weeks before the NSA made its announcement, hackers began exploiting the vulnerability […]

The post Amid NSA warning, attacks on Confluence have risen in recent weeks appeared first on CyberScoop.

Continue reading Amid NSA warning, attacks on Confluence have risen in recent weeks→

Former Trend Micro employee enabled scam calls by stealing customers’ personal data

Posted on November 6, 2019 by Shannon Vavra

A former employee of Trend Micro stole the personal data of some customers with a “clear criminal intent” and then sold it to a third party earlier this year, the cybersecurity company disclosed Tuesday. Trend Micro first caught wind of the unauthorized disclosure when several users of a home security product began receiving unannounced phone calls from people impersonating Trend Micro support staff. The company says such contact is always a scam because its support calls are always scheduled in advance. After investigating, Trend Micro uncovered that an employee, who has since been fired, had accessed a company customer support database that contained names, email addresses, support ticket numbers and some telephone numbers. It was not immediately clear when the employee first gained access to the database. Trend Micro said it disabled the unauthorized account and law enforcement has been notified. Less than 120,000 Trend Micro consumer customers are affected, the company said. It did not specify what the scammers tried […]

The post Former Trend Micro employee enabled scam calls by stealing customers’ personal data appeared first on CyberScoop.

Continue reading Former Trend Micro employee enabled scam calls by stealing customers’ personal data→

With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more

Posted on November 5, 2019 by Shannon Vavra

The HACKED Act is actually about making sure people don’t get hacked. The bipartisan bill — with the full title “The Harvesting American Cybersecurity Knowledge through Education Act” — was introduced Tuesday by four senators who say it would boost cybersecurity education and expand workforce training. The legislation comes as the Trump administration, Congress and industry have all taken steps to boost the cybersecurity workforce through training, recruitment and retention. “America is facing serious cyberthreats every day in today’s increasingly connected world, yet there is a serious shortage of workers needed to confront this urgent challenge,” Sen. Maria Cantwell, D-Wash., one of the cosponsors and the Commerce Committee’s ranking member, said in a statement. “The bipartisan HACKED Act of 2019 would help address this by training cybersecurity educators and skilling American workers to do these jobs, as well as increasing coordination on these issues throughout the government.” The bill includes proposals to incentivize recruitment of […]

The post With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more appeared first on CyberScoop.

Continue reading With workforce in mind, bipartisan bill proposes incentives for cybersecurity education, and more→

Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections

Posted on November 1, 2019 by Shannon Vavra

The Pentagon once again is sending cyber personnel overseas to gather intelligence to help protect the 2020 presidential elections against foreign interference, the U.S. Embassy in Montenegro announced this week. U.S. European Command and U.S. Cyber Command are deploying an undisclosed number of staffers to Montenegro in order to gain insights into cyber threats from adversaries before both the U.S. and Montenegrin elections next year. It’s the second time in as many years the Department of Defense is running going through the effort as part of a partnership that’s uniquely poised to provide insights on possible Russian election interference. Montenegro and the U.S. both have been targeted by the Russian government-linked hacking outfit APT28, or Fancy Bear. If Cyber Command uncovers similar activity again in Montenegro, those insights could inform decisions on how to safeguard the U.S. “Montenegro is among the first in Europe to face unconventional attacks on its democracy and freedom […]

The post Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections appeared first on CyberScoop.

Continue reading Pentagon again deploying cyber personnel abroad to gather intel for 2020 elections→