Shannon Vavra – Page 5 – WindowsTechs.com

Australia investigates reported hacks aimed at parliament, media

Posted on March 29, 2021 by Shannon Vavra

Australian officials are investigating two apparent security issues that have resulted in downtime for a parliamentary email system, and technical issues for a popular television broadcaster. An apparent cyber incident knocked Australia’s Parliament House’s email system offline just as Australia’s Channel Nine broadcasting was interrupted by hackers over the weekend. The suspected attack on Parliament has reportedly left MPs and senators without email access, while the incident affecting Channel Nine has primarily interrupted the broadcasting and corporate business departments, leaving the network unable to air its Weekend Today show on Sunday, the network said. Local media outlets reported that the incident was the largest cyberattack to ever affect an Australian media company. The publishing and radio departments appeared to continue functioning without issue. Meanwhile, smartphones and tablets at Department of Parliamentary Services were malfunctioning as a result of an attack there, DPS said in a statement. It was not immediately […]

The post Australia investigates reported hacks aimed at parliament, media appeared first on CyberScoop.

Continue reading Australia investigates reported hacks aimed at parliament, media→

Patching is trucking along on Microsoft flaws, but hackers are still meddling

Posted on March 26, 2021 by Shannon Vavra

Over 92% of servers that were vulnerable to recently announced Microsoft flaws have been patched or mitigated around the world, Microsoft announced Thursday. The statistics are no doubt good news, as security researchers have tracked hackers from China exploiting systems and warned of an onslaught of ransomware attackers trying to take vulnerable organizations for a ride and extort them for money. The percentage comes amid a series of other rosy assessments on the number of vulnerable systems that remain. Less than a week ago the White House noted that in the week prior the number of vulnerable machines fell by 45%. But the revelations about high percentages of patching don’t speak to the number of organizations that hackers have already been able to exploit. Patching, while extremely helpful in warding off future hacking, does not evict hackers if they already exploited the vulnerabilities. Already criminal and nation-state hackers have taken […]

The post Patching is trucking along on Microsoft flaws, but hackers are still meddling appeared first on CyberScoop.

Continue reading Patching is trucking along on Microsoft flaws, but hackers are still meddling→

US lacks visibility into digital espionage at home, NSA boss says

Posted on March 25, 2021 by Shannon Vavra

National Security Agency Director Gen. Paul Nakasone addressed the elephant in the room on Thursday during testimony on Capitol Hill: How could the U.S. government have missed SolarWinds and Microsoft Exchange Server hacking until after the malicious activity was already well underway? “It’s not the fact that we can’t connect the dots — we can’t see all the dots,” Nakasone said, acknowledging that the U.S. government, including the NSA, does not have a view into foreign hacking campaigns when they exploit domestic internet infrastructure. “We have a difficulty as a government understanding the totality of the actual intrusion.” The suspected Russian and Chinese hackers behind the SolarWinds supply chain attack and the hacking stemming from the Microsoft Exchange Server vulnerabilities, respectively, used U.S.-based computers and servers to launch their operations. It’s an indication to some, including White House officials, that intruders deliberately sought to bypass detection by the U.S. intelligence community. […]

The post US lacks visibility into digital espionage at home, NSA boss says appeared first on CyberScoop.

Continue reading US lacks visibility into digital espionage at home, NSA boss says→

State prosecutors push Facebook, Twitter to do more to slow virus misinformation

Posted on March 25, 2021 by Shannon Vavra

A group of 12 state attorneys general sent a letter on Wednesday to Facebook and Twitter urging them to do more to curtail vaccine misinformation on their platforms. “Misinformation disseminated via your platforms has increased vaccine hesitancy, which will slow economic recovery and, more importantly, ultimately cause even more unnecessary deaths,” the group of attorneys general state in the letter. The letter sent to Facebook CEO Mark Zuckerberg and Twitter CEO Jack Dorsey Wednesday is signed by the attorneys general of Connecticut, Delaware, Iowa, Massachusetts, Michigan, Minnesota, New York, North Carolina, Oregon, Pennsylvania, Rhode Island and Virginia. They note that purveyors of vaccine misinformation have often targeted Black Americans, “members of communities who have suffered the worst health impacts of the virus and whose vaccination rates are lagging.” Bad actors and grifters have been spreading misinformation about vaccines on social media, including on Facebook and Twitter, for years. Some of […]

The post State prosecutors push Facebook, Twitter to do more to slow virus misinformation appeared first on CyberScoop.

Continue reading State prosecutors push Facebook, Twitter to do more to slow virus misinformation→

COVID-19 vaccine scammers are still lurking

Posted on March 24, 2021 by Shannon Vavra

Scams looking to take advantage of people attempting to get vaccinated against the coronavirus are alive and well. In the approximately two months since the first COVID-19 vaccines became available in the U.S., vaccine-related phishing campaigns aimed at stealing victims’ credentials increased by 530%, according to Palo Alto Networks’ Unit 42 research published Wednesday. In one campaign, hackers created a website that imitated a page for the Pfizer and BioNTech vaccine, requesting users’ Office 365 credentials to purportedly register for a vaccine. Phishing campaigns targeting employees of hospitals and pharmacies rose 189% during the same time period, the researchers found. In some attacks, the hackers attempted to steal credentials from employees at Walgreens, Canada-based Pharmascience, India-based Glenmark Pharmaceuticals and China-based Junshi Biosciences. Unit 42’s findings cover scams researchers tracked through the end of last month. The pandemic has spurred on a flurry of new cyberthreats over the course of the […]

The post COVID-19 vaccine scammers are still lurking appeared first on CyberScoop.

Continue reading COVID-19 vaccine scammers are still lurking→

Energy giant Shell impacted in Accellion hack

Posted on March 23, 2021 by Shannon Vavra

Oil and gas company Shell is the latest organization to get caught up in the hack that targeted IT provider Accellion’s file-sharing platform, the energy company says. The suspected criminal hackers behind the breach, who have gone after victims around the world using vulnerabilities in Accellion’s file transfer application (FTA), have accessed some personal data as well as data belonging to Shell stakeholders and subsidiaries, the company said on March 16. Shell had used the FTA to securely transfer large files. The incident appears to have only impacted the Accellion file transfer service. Shell claims there is “no evidence” so far that the incident has affected Shell’s IT system itself. Shell is working with authorities and regulators to investigate the incident, the firm said. The list of companies that use Accellion’s FTA that have fallen victim to the Accellion hack continues growing by the day. A Michigan-based savings bank and […]

The post Energy giant Shell impacted in Accellion hack appeared first on CyberScoop.

Continue reading Energy giant Shell impacted in Accellion hack→

US racing to address Microsoft vulnerabilities, especially for small businesses

Posted on March 22, 2021 by Shannon Vavra

The number of entities in the U.S. that remain vulnerable to the recently announced Microsoft Exchange Server software flaws is dropping, according to a National Security Council spokesperson. Overall, the number of vulnerable systems systems fell 45% last week, the National Security Council (NSC) spokesperson said in a statement, and there are now fewer than 10,000 vulnerable systems in the U.S., compared to the more than 120,000 entities that were vulnerable when the software bugs were first uncovered. The key to that apparent decrease is the fact that entities are taking advantage of a new tool Microsoft released to the public last week in an attempt to protect protect smaller organizations against hackers seeking to exploit the Exchange Server flaws, according to the NSC spokesperson. Microsoft developed the tool, the Exchange On-Premises Mitigation tool — which works in an automated way, scanning for compromises and remediating issues — in coordination with […]

The post US racing to address Microsoft vulnerabilities, especially for small businesses appeared first on CyberScoop.

Continue reading US racing to address Microsoft vulnerabilities, especially for small businesses→

Russian man pleads guilty to Tesla hacking plot

Posted on March 19, 2021 by Shannon Vavra

A 27-year-old Russian has pleaded guilty to working to recruit a Tesla employee to hack the Nevada-based company last year. The man, Egor Igorevich Kriuchkov, last year tried to convince the unnamed employee to launch malware against the company’s computer network, allowing Kriuchkov and co-conspirators to steal data, according to court documents and admissions in court, the Department of Justice announced. The plan was that Kriuchkov and his co-conspirators would then conduct a distributed denial-of-service attack against Tesla in order to distract the company from the malware, and then extort the company with threats to disclose the purloined information, according to court documents. Kriuchkov allegedly traveled between Russia, California and Nevada on multiple occasions last year to try to convince the employee to help with the scheme, promising the employee bitcoin as payment. Kriuchkov also provided the employee, who is not named in court documents, a phone and taught them […]

The post Russian man pleads guilty to Tesla hacking plot appeared first on CyberScoop.

Continue reading Russian man pleads guilty to Tesla hacking plot→

Hackers target Apple developers with backdoor

Posted on March 18, 2021 by Shannon Vavra

Hackers appear to be targeting Apple developers with a backdoor that has worked its way into a shared Xcode project, according to SentinelOne research published Thursday. In a blog post, SentinelOne says an external researcher alerted the company about malicious code that was tainting a development project in Xcode, Apple’s integrated development environment (IDE) for macOS. The nefarious project, which the researchers say abuses the Run Script feature in Xcode, is a malicious version of an open-source project that’s been available on GitHub that’s intended to help developers with features in animating the iOS Tab Bar. The attackers have made a version of the project to execute a malicious script and target a victim’s development machine with a backdoor. If they leverage the backdoor properly the attackers could record through the victim’s microphone or camera, or log keystrokes from their keyboard. The hackers could also upload or download files, according […]

The post Hackers target Apple developers with backdoor appeared first on CyberScoop.

Continue reading Hackers target Apple developers with backdoor→

Cypriot sentenced for email hacking committed as teen

Posted on March 18, 2021 by Shannon Vavra

A 22-year-old from Cyprus was sentenced to a year in prison after pleading guilty to computer fraud conspiracy and computer fraud for hacking websites and extorting them for money, the Department of Justice announced Thursday. The Cypriot, Joshua Polloso Epifaniou, exploited security vulnerabilities to steal sensitive personal information from user and customer databases between October 2014 and November 2016, when he was a teen living with his mother, according to the Department of Justice. Epifaniou used the stolen information to log into email accounts and send messages to victim websites demanding a ransom and threatening to leak the sensitive data. Epifaniou also obtained information on targets from a co-conspirator who had previously hacked the websites. Epifaniou targeted a Turner Broadcasting System-owned sports news website in Georgia, a hardware company in New York, an online game publisher in California, a consumer report website in Arizona and an employment website located in […]

The post Cypriot sentenced for email hacking committed as teen appeared first on CyberScoop.

Continue reading Cypriot sentenced for email hacking committed as teen→