Shannon Vavra – Page 40 – WindowsTechs.com

U.S. Cyber Command warns of North Korea-linked Lazarus Group malware

Posted on August 15, 2019 by Shannon Vavra

Malicious software samples uploaded by U.S. Cyber Command to VirusTotal on Wednesday are associated with campaigns from Lazarus Group, an advanced persistent threat group linked with North Korea, two cybersecurity researchers told CyberScoop. Lazarus is an umbrella name that typically describes hacking activity which advances Pyongyang’s interests. The group is especially known for its financial motivations, such as abusing the Society for Worldwide Interbank Financial Telecommunication (SWIFT) monetary transfer system and for hacking banks, according to Adam Meyers, vice president of intelligence at CrowdStrike. The instance Wednesday marks the second time in as many months Cyber Command added malware details to the VirusTotal security repository as part of an information sharing effort with the private sector. Researchers from cybersecurity firms Symantec and CrowdStrike said they have seen the two malware samples in this case (available here and here) associated with Lazarus Group. The technical capabilities of the malware strains were not immediately clear. The last samples Cyber Command shared were […]

The post U.S. Cyber Command warns of North Korea-linked Lazarus Group malware appeared first on CyberScoop.

Continue reading U.S. Cyber Command warns of North Korea-linked Lazarus Group malware→

DanaBot banking trojan hits Germany again, with new targets

Posted on August 14, 2019 by Shannon Vavra

DanaBot, a banking trojan that has targeted organizations in Australia, Europe, and North America, has expanded its targets in Germany as of this June in a new campaign, according to new research from Webroot. While the trojan — which steals users’ banking credentials via malicious JavaScript injects — initially began targeting Australian banks in 2018, the targets identified in this new campaign are outside of the financial sector. Webroot Advanced Threat Research Analyst Jason Davison tells CyberScoop that the targets are a range of victims in retail, including the German websites for fashion brands H&M and Esprit, along with lodging rental platform Airbnb. The campaign is primarily unleashed via spear phishing emails containing malicious links or files to download, Davison says. “Once the loader module gets downloaded and is run, it sets up persistence (the ability to stay on a device through a reboot) on the victim’s machine and then […]

The post DanaBot banking trojan hits Germany again, with new targets appeared first on CyberScoop.

Continue reading DanaBot banking trojan hits Germany again, with new targets→

At DEF CON’s aviation village, the military is interested in more than just the hacks

Posted on August 9, 2019 by Shannon Vavra

The first-ever aviation “village” at the DEF CON security conference has an F-35 fighter jet simulator among its hacking targets, but that’s not the only reason the Defense Digital Service’s newly minted chief, Brett Goldstein, is hanging around this corner of the convention hall in Las Vegas. The agency sees it as a recruiting opportunity, too. “In this room and throughout the convention is some of the best security talent in the world,” Goldstein tells CyberScoop. “This is a win for me if I can spark the imagination of this community, get them to understand we want to collaborate with them, that the problem space is fascinating, and this is something they should think about.” Right now the DDS, which ran its first bug bounty program in 2016, has approximately 70 employees, some of which are civilians and some of which are active-duty military. But they rotate in and out approximately […]

The post At DEF CON’s aviation village, the military is interested in more than just the hacks appeared first on CyberScoop.

Continue reading At DEF CON’s aviation village, the military is interested in more than just the hacks→

Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security

Posted on August 8, 2019 by Shannon Vavra

When Saudi Arabia contacted security researcher Chris Kubecka to investigate an apparent intrusion into its Dutch embassy’s secured email accounts, she knew it was not going to be a simple case. Local laws in the Hague did not apply, since the embassy is considered Saudi soil. And it only got more complicated after Kubecka got to work: Once the email account was secured, the attacker — who claimed ISIS affiliation — left a trail suggesting an insider was responsible and then threatened to kill hundreds of innocent people if certain demands weren’t met. The escalations sent Kubecka, the Saudis, the Dutch and dozens of other diplomats scrambling on an international whodunnit — a hacking case that emphasized the high-stakes challenges and troublesome gray areas that come with securing diplomatic communications. The particular account that was compromised — the Saudi ambassador’s secretary’s email — was on its secure embassy system, according to Kubecka, whom the Saudi government brought in […]

The post Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security appeared first on CyberScoop.

Continue reading Extortion and alleged ISIS threats: A Saudi embassy learned the hard way about email security→

NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy

Posted on August 8, 2019 by Shannon Vavra

Just five months ago at the RSA conference, the NSA released Ghidra, a piece of open source software for reverse-engineering malware. It was an unusual move for the spy agency, and it’s sticking to its plan for regular updates — including some based on requests from the public. In the coming months, Ghidra will get support for Android binaries, according to Brian Knighton, a senior researcher for the NSA, and Chris Delikat, a cyber team lead in its Research Directorate, who previewed details of the upcoming release with CyberScoop. Knighton and Delikat are discussing their plans at a session of the Black Hat security conference in Las Vegas Thursday. Before the Android support arrives, a version 9.1 will include new features intended to save time for users and boost accuracy in reverse-engineering malware — enhancements that will come from features such as processor modules, new support for system calls and the ability to conduct additional editing, known as sleigh editing, in the Eclipse […]

The post NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy appeared first on CyberScoop.

Continue reading NSA’s reverse-engineering malware tool, Ghidra, to get new features to save time, boost accuracy→

‘Machete’ cyber-espionage group goes after military in Venezuela

Posted on August 5, 2019 by Shannon Vavra

In March, there were massive, days-long power outages in Venezuela, causing several fatalities and pushing the South American country into turmoil that has continued to the present day. Around the same time as the first outages, a cyber-espionage group — dubbed “Machete” by ESET — began siphoning off gigabytes of confidential documents from Venezuela’s military in a successful campaign that is ongoing, according to new research from ESET. While there are some compromised computers in Ecuador, Colombia, and Nicaragua, the primary focus is Venezuela, as over half of the compromised computers in the campaign belong to the Venezuelan military, according to the Slovakian cybersecurity company. ESET researchers write that until May of this year, more than 50 computers were actively communicating with the attackers’ command and control server and bleeding gigabytes-worth of data each week. The toolset used by Machete is capable of stealing documents commonly used in the office […]

The post ‘Machete’ cyber-espionage group goes after military in Venezuela appeared first on CyberScoop.

Continue reading ‘Machete’ cyber-espionage group goes after military in Venezuela→

Russian government hackers used office technology to try to breach privileged accounts

Posted on August 5, 2019 by Shannon Vavra

Early this spring, Russian government-linked hackers used three popular internet of things devices with weak security to access several Microsoft customers’ networks, then tried infiltrating more privileged accounts, researchers announced Monday. The company’s Threat Intelligence center said the STRONTIUM group, also known as APT 28 and Fancy Bear, leveraged weak security in an office printer, video decoders and voice over IP, or VOIP, phone to access wider systems. The attacks occurred as recently as April, Microsoft said, adding that hackers used insecure IoT devices as a means to attempt to break into valuable accounts where they would have found more sensitive data. Microsoft disclosed neither the affected devices, nor which of its customers were impacted. “While much of the industry focuses on the threats of hardware implants, we can see in this example that adversaries are happy to exploit simpler configuration and security issues to achieve their objectives,” Microsoft researchers wrote in their […]

The post Russian government hackers used office technology to try to breach privileged accounts appeared first on CyberScoop.

Continue reading Russian government hackers used office technology to try to breach privileged accounts→

NIST is preparing guidance on how to share .zip files in a more secure way

Posted on August 1, 2019 by Shannon Vavra

Do you ever wonder if the files you’re sending over the internet are safe from hackers’ prying eyes? The search for how to share files in a more secure way could soon be over. The U.S. National Institute of Standards and Technology is now preparing to instruct the public, as well as government agencies, on the best ways to protect .zip files sent over the internet, according to a letter obtained by CyberScoop. While there’s no timeline for when the final advice could be made public, NIST says its motivation is to produce “easy-to-understand guidance” on how to compress many files into a single place while protecting all of that data with strong encryption. James Schufedier, director of the Congressional and Legislative Office at NIST, explained more in a July 22 letter to Sen. Ron Wyden, D-Ore. “The need to improve practices for securing sensitive data that is shared over the Internet is one of […]

The post NIST is preparing guidance on how to share .zip files in a more secure way appeared first on CyberScoop.

Continue reading NIST is preparing guidance on how to share .zip files in a more secure way→

Estonia debuts first-ever cyber diplomacy training

Posted on July 29, 2019 by Shannon Vavra

Dozens of NATO and EU diplomats who focus on cybersecurity issues descended upon Estonia last week for their first-ever “summer school” training on cyber diplomacy. The sessions focused on lessons learned from previous international negotiations on cybersecurity issues, technical developments on the latest cyberthreats, and international norms and laws in cyberspace. For five days the 80 diplomats participated with cybersecurity experts and academics in conversations and a simulation of a real-world international cybersecurity crisis, Britta Tarvis, media adviser for the Estonian Ministry of Foreign Affairs, told CyberScoop. The objective was to help diplomats from EU and NATO countries get “a more in-depth understanding” of cybersecurity strategies and technological developments, and how those topics affect the implementation of norms and international law, Tarvis said. Twenty-six countries were represented. The development of what is accepted nation-state behavior in cyberspace is still in its nascent stages. It was only five years ago that NATO incorporated cyberattacks into its collective defense agreement, for instance, […]

The post Estonia debuts first-ever cyber diplomacy training appeared first on CyberScoop.

Continue reading Estonia debuts first-ever cyber diplomacy training→

‘This isn’t IAD 2.0’: NSA’s new Cybersecurity Directorate plots its mission

Posted on July 25, 2019 by Shannon Vavra

The National Security Agency has started to lay the groundwork and select the leadership for its new Cybersecurity Directorate, which will be focused on fusing together signals intelligence with the agency’s cybersecurity protection mission, CyberScoop has learned. Neal Ziring, who most recently served as the NSA’s technical director for capabilities, will be the Cybersecurity Directorate’s technical director, an NSA spokesperson tells CyberScoop. Dave Frederick, the NSA’s chief of strategic counter cyber operations, will be the new deputy director, an NSA spokesperson said. In his most recent role, Ziring was responsible for acting as a liaison to both private industry and other government agencies. Ziring previously served as the technical director of the agency’s defensive operations directorate, the Information Assurance Directorate (IAD). Frederick was responsible for coordinating defensive and offensive cyber missions. NSA Director Gen. Paul Nakasone announced the new Cybersecurity Directorate earlier this week. It will be run by Anne […]

The post ‘This isn’t IAD 2.0’: NSA’s new Cybersecurity Directorate plots its mission appeared first on CyberScoop.

Continue reading ‘This isn’t IAD 2.0’: NSA’s new Cybersecurity Directorate plots its mission→