Shannon Vavra – Page 36 – WindowsTechs.com

A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata

Posted on October 31, 2019 by Shannon Vavra

Chinese government-linked hackers are monitoring mobile text messages of specific users, and for certain keywords as part of a new surveillance campaign meant to track individuals in a vast trove of telecommunication data, according to findings published Thursday. APT41, a group that carries out state-sponsored cyber-espionage on Beijing’s behalf, this summer compromised an unnamed telecommunications provider to monitor the messaging activity of high-ranking individuals of interest to the Chinese government, according to FireEye. Chinese hackers primarily have been scanning for military or intelligence keywords, tracking how subjects are reacting to protests, such as those in Hong Kong, and analyzing victims’ opinions of world leaders, Steve Stone, advanced practices director at FireEye, told CyberScoop. During the same intrusions into the unnamed phone company, APT41 also sought individuals’ records from call detail record (CDR) databases, which provide metadata such as the time the calls were made, the phone numbers involved, and the length of the […]

The post A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata appeared first on CyberScoop.

Continue reading A Chinese hacking group breached a telecom to monitor targets’ texts, phone metadata→

15 major companies announce effort to tackle cybersecurity workforce recruitment issues

Posted on October 30, 2019 by Shannon Vavra

Fifteen major companies, including the Apple, Facebook, Google, IBM, and PwC, announced Wednesday they are joining together to change their cybersecurity job descriptions and requirements to attract more talent to the 3 million cybersecurity job openings that are expected to be available over the next two years. Specifically, the companies — which are part of the Aspen Cybersecurity Group — are focused on nixing requirements that candidates have four-year bachelor’s degrees and gender-biased job descriptions. “A bachelors degree is actually not a good proxy for whether you have the talent,” Chair of the Aspen Institute’s Cyber & Technology Program John Carlin told CyberScoop. “There’s plenty of talented people out there but we need to figure out better ways to identify them and train them.” The group, which also includes AIG, Cloudflare, the Cyber Threat Alliance, Duke Energy, IronNet, Johnson & Johnson, Northrop Grumman, Symantec, Unisys, and Verizon, came together over […]

The post 15 major companies announce effort to tackle cybersecurity workforce recruitment issues appeared first on CyberScoop.

Continue reading 15 major companies announce effort to tackle cybersecurity workforce recruitment issues→

Cylance: More and more APT groups are relying on mobile malware to track dissidents

Posted on October 29, 2019 by Shannon Vavra

State-backed hackers from China and Iran have long been spying on their country’s political dissidents using mobile malware, but new research from BlackBerry’s Cylance shows these same nation-state hackers — including groups that have previously been unknown — are using the malware to also spy on targets abroad. “It’s … worth expanding our notion of the typical target of the Chinese government: malware meant for targets of interest … for domestic reasons may very well end up inside a Western business,” Cylance researchers write in a blog post. Chinese hackers, for instance, have been using mobile malware to spy on the Uighur and Tibetan population in recent months through iOS and Android malware. But while Volexity, the firm behind the Uighur population’s surveillance research, has previously said there were “possible ties” between the two campaigns, Cylance links both to one actor. Cylance claims Winnti, a Chinese APT group better known for its targeting […]

The post Cylance: More and more APT groups are relying on mobile malware to track dissidents appeared first on CyberScoop.

Continue reading Cylance: More and more APT groups are relying on mobile malware to track dissidents→

FCC chair pitches rules to block Huawei, ZTE

Posted on October 28, 2019 by Shannon Vavra

Federal Communications Commission Chairman Ajit Pai revealed a proposal Monday that would bar U.S. communications companies from using federal subsidies to buy Huawei and ZTE equipment and services. It’s the latest push from the Trump administration to block Chinese-owned telecommunications equipment and services from being used in the U.S. due to national security concerns. Pai’s proposal would prevent communications companies from using the FCC’s $8.5 billion service fund, known as the Universal Service Fund, from buying equipment that poses a “national security threat” to the U.S. Pai specifically cites Huawei and ZTE. “We need to make sure our networks won’t harm our national security, threaten our economic security, or undermine our values. The Chinese government has shown repeatedly that it is willing to go to extraordinary lengths to do just that,” Pai said in a statement. “As the United States upgrades its networks to the next generation of wireless technologies — […]

The post FCC chair pitches rules to block Huawei, ZTE appeared first on CyberScoop.

Continue reading FCC chair pitches rules to block Huawei, ZTE→

NSA: ‘We know we need to do some work’ on declassifying threat intel

Posted on October 24, 2019 by Shannon Vavra

One of the National Security Agency’s newly minted Cybersecurity Directorate’s goals is quickly share information on adversarial threats with the private sector — but the process for doing that needs to be refined, the directorate’s leader said Thursday. “The process in place today is where we know we need to do some work,” Anne Neuberger said while speaking at CyberTalks, produced by CyberScoop. “When we find indications of a threat, we see planning to execute a particular operation, or we see the operation being executed. [But] because we learn about it in a classified way, we treat it as classified.” Part of the difficulty the NSA faces is adversaries often run operations and then discard their compromised infrastructure, making a protracted declassification process near useless since “indicators of compromise pretty much they have a ticking time clock for how useful they are,” Neuberger said. The new directorate, which started operations […]

The post NSA: ‘We know we need to do some work’ on declassifying threat intel appeared first on CyberScoop.

Continue reading NSA: ‘We know we need to do some work’ on declassifying threat intel→

Why did Cyber Command back off its recent plans to call out North Korean hacking?

Posted on October 22, 2019 by Shannon Vavra

U.S. Cyber Command was on the verge of again publicly calling out North Korean hackers for targeting the financial sector in late September, but ultimately backed off the plan by early October, multiple sources familiar with the decision tell CyberScoop. The announcement was to be part of a Cyber Command effort to publicly share malware samples on VirusTotal, a web platform dedicated to tracking malware. Led by Cyber Command’s Cyber National Mission Force, those postings are intended to call out adversary-linked hacking in the hopes that it will deter groups from similar efforts in the future. It wasn’t clear why the decision was made to refrain from publicly posting malware samples this time around, despite the fact that Cyber Command has done so numerous times in recent months. It didn’t appear to be an issue of accuracy — the Pentagon outfit still decided to share private advisories with threat intelligence companies and the financial sector. A […]

The post Why did Cyber Command back off its recent plans to call out North Korean hacking? appeared first on CyberScoop.

Continue reading Why did Cyber Command back off its recent plans to call out North Korean hacking?→

Russian hackers have been mooching off existing OilRig infrastructure

Posted on October 21, 2019 by Shannon Vavra

Russian-linked hackers known as the Turla group have been piggybacking on Iranian hackers’ tools and infrastructure for years now to run their own attacks, according to a joint announcement Monday from the National Security Agency and the U.K.’s National Cyber Security Centre. A two-year long investigation revealed that the Turla group, which has been linked to Russian intelligence, scanned for the presence of Iranian-built backdoors, then used them to try gaining a foothold in victim networks in at least 35 countries, largely in the Middle East, according to the NSA. This announcement again demonstrates how hackers will use other attackers’ techniques, creating the false impression that one espionage group is behind an operation when, in fact, it’s another. “Turla acquired access to Iranian tools and the ability to identify and exploit them to further their own aims,” the NCSC’s Director of Operations, Paul Chichester, said in a statement. Turla would run its own cyber-espionage operations using […]

The post Russian hackers have been mooching off existing OilRig infrastructure appeared first on CyberScoop.

Continue reading Russian hackers have been mooching off existing OilRig infrastructure→

North Korea is using front companies to steal cryptocurrency

Posted on October 15, 2019 by Shannon Vavra

North Korean government-backed hackers are targeting cryptocurrency exchanges to try to steal financial resources as Pyongyang searches for ways to fund its regime, two researchers discovered within the past week. Lazarus Group, also known as APT38, has carried out hacks against central banks and exploited monetary exchanges as part of an effort to boost Kim Jong-un’s financial and military goals. The United Nations revealed in August North Korea had gained approximately $2 billion from hacking banks and cryptocurrency companies. This time, they’re using a front company to do it. Researchers Patrick Wardle, the principal security researcher at Jamf, and MalwareHunterTeam, of IDRansomware, a group that aims to help provide guidance on ransomware, found malware affecting Mac and Windows operating systems that installs a backdoor Trojan on victim machines, allowing hackers to gain control of infected targets. The malware asks for administrative privileges during installation, then communicates with a command-and-control server, and can receive instructions from the hackers to run certain tasks, […]

The post North Korea is using front companies to steal cryptocurrency appeared first on CyberScoop.

Continue reading North Korea is using front companies to steal cryptocurrency→

Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities

Posted on October 14, 2019 by Shannon Vavra

Ethical hackers have found nine “high severity” vulnerabilities and one “critical” vulnerability across Department of Defense proxies, virtual private networks, and virtual desktops through the “Hack the Proxy,” bug bounty program, the Department of Defense’s Defense Digital Service and HackerOne announced Monday. In addition to the high severity and critical vulnerabilities uncovered, “Hack the Proxy” found 21 “medium” or “low severity” vulnerabilities. Defense Digital Service and HackerOne spokespeople did not immediately return requests for comment on what kinds of vulnerabilities constitute as “high severity,” “critical,” or “medium/low severity.” The bug bounty program, sponsored by U.S. Cyber Command, zeroed in on finding vulnerabilities external to the Department of Defense Information Network that could enable foreign hackers to watch internal affairs at the Pentagon. This comes just a week after the National Security Agency issued an alert warning that multiple nation-state adversaries have been exploiting VPN vulnerabilities in Pulse Secure and Fortinet products, products which Chinese hackers known as “Manganese” or […]

The post Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities appeared first on CyberScoop.

Continue reading Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities→

‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says

Posted on October 11, 2019 by Shannon Vavra

The National Security Agency’s new Cybersecurity Directorate, charged with helping protect the defense industrial base and sensitive government computers by providing insights on foreign hackers, is now at initial operating capability, senior NSA officials informed reporters at a rare briefing Thursday at Fort Meade. Just this week the fledgling directorate took one of its first public actions, issuing an unclassified alert about nation-state hacking groups actively exploiting vulnerabilities on virtual private networks. Beyond the usual job of such alerts — identifying the bugs and recommending mitigations — the directorate made a point to provide ways for organizations to check whether they have been victimized, something the directorate intends to continue in unclassified ways moving forward. “We need to be sure that people who own networks that are vital to the national security systems and defense systems of this nation can figure out if adversaries have gained access into their networks,” NSA spokesperson Natalie Pittore said. “It’s about […]

The post ‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says appeared first on CyberScoop.

Continue reading ‘Kicking out the adversary’ is part of new Cybersecurity Directorate’s mission, NSA says→