Author Archives: Shannon Vavra

SolarWinds hackers stole Mimecast source code

Posted on by

Attackers behind the SolarWinds hacking campaign successfully stole Mimecast source code as part of their sweeping espionage operation, the email security firm said in an incident report published Tuesday. The hackers, which U.S. government officials suggested are “likely” Russian actors, “accessed and downloaded a limited number of our source code repositories, but we found no evidence of any modifications to our source code nor do we believe there was any impact on our products,” Mimecast said in the incident report. Mimecast added that it has replaced all compromised servers and that it has no reason to believe the hackers accessed email or archive content of customers. Mimecast had previously disclosed that the hackers compromised a security certificate the company used to secure connections. The latest revelation, which comes more than two months after its disclosure the certificate was compromised, now underscores just how long it may take to get a […]

The post SolarWinds hackers stole Mimecast source code appeared first on CyberScoop.

Continue reading SolarWinds hackers stole Mimecast source code

New global model needed to dismantle ransomware gangs, experts warn

Posted on by

Ransomware gangs are making a killing — they’re encrypting data at schools and hospitals around the world at an alarming rate, and they’re raking in hundreds of millions of dollars’ worth doing it, by some counts. But it doesn’t have to be that way. Security experts and former diplomats are in the early stages urging governments to work together to create a different kind of world — one with fewer examples of hackers taking data hostage or knocking organizations offline to demand ransoms or extortion fees, and one in which hackers are held accountable for targeting vulnerable organizations. Government officials increasingly have been working together to tamp down on malicious cyber activity in recent years, as evidenced by a European Union sanctions regime focused on hacking rolled out in the past year, and a 2015 agreement among United Nations members that cyberattacks intended to damage critical infrastructure are off limits. But […]

The post New global model needed to dismantle ransomware gangs, experts warn appeared first on CyberScoop.

Continue reading New global model needed to dismantle ransomware gangs, experts warn

Russia, Iran ran influence operations aimed at 2020 elections, US says

Posted on by

The governments of Russia and Iran sought to influence the U.S. presidential elections in 2020 and exacerbate societal tensions throughout the nation last year, the U.S. intelligence community said in a declassified assessment released Tuesday. The long awaited report from the Office of the Director of National Intelligence detailing how foreign governments sought to influence or interfere in U.S. elections declared that Russian President Vladimir Putin authorized the influence operations that were aimed at denigrating Joe Biden’s candidacy and the Democratic Party while supporting then-President Donald Trump. The assessment states that Supreme Leader Ali Khamenei “probably” authorized Iran’s campaign, which was aimed at undermining Trump’s reelection. Both Russia and Iran intended to undermine public confidence in the electoral process as well, the report states. China did not run influence operations aimed at the U.S. elections, but Chinese authorities had considered doing so, the U.S. intelligence community found. The assessment, which […]

The post Russia, Iran ran influence operations aimed at 2020 elections, US says appeared first on CyberScoop.

Continue reading Russia, Iran ran influence operations aimed at 2020 elections, US says

Signal is down in China after big user uptick

Posted on by

Signal users have begun reporting issues the encrypted messaging app in China, a sign that the government may be adding another chat application to its list of banned services. Signal’s website itself has been banned since Monday, according to Greatfire.org. The app relies on end-to-end encryption, a data protection measure that puta the content of users’ messages and calls outside the government’s reach. Signal also has encountered roadblocks in Iran in recent months, where users began reporting issues in January after Signal experienced a surge of new users. Users in China can still download the app from Apple’s iOS store, and seem to be able to access the app through a virtual private network, according to CNBC. Android stores, on the other hand, no longer list the encrypted app as being available. Signal has been downloaded approximately 100 million times in China, according to data from Sensor Tower, an application […]

The post Signal is down in China after big user uptick appeared first on CyberScoop.

Continue reading Signal is down in China after big user uptick

NFT digital art is already attracting hackers

Posted on by

Users of the digital art marketplace Nifty Gateway reported hackers had taken over their accounts and stolen artwork worth thousands of dollars over the weekend. Some users reported their entire accounts of digital certificates of authenticity for digital assets — known as non-fungible tokens (NFTs or “nifities”) — were drained over the weekend. But even after changing their passwords, some users said the hackers weren’t kicked out of their accounts. Some reported that the digital assets stolen from their accounts were then sold on the chat application Discord or on Twitter. Others users reported the intruders also stole their credit card information and began using it to make purchases of other art to the tune of $20,000. Nifty Gateway, a marketplace where users can buy, sell and display digital items, said in a statement that it encourages users to use two-factor authentication (2FA) to prevent account takeovers and hacking, noting […]

The post NFT digital art is already attracting hackers appeared first on CyberScoop.

Continue reading NFT digital art is already attracting hackers

Buffalo Public Schools cancels classes after cyberattack

Posted on by

Ransomware attackers appear to have taken a swipe at Buffalo Public Schools in recent days, screeching the school system’s plans for remote classes and in-person learning to a halt on Friday. The school system, which has been slowly returning to in-person learning plans, canceled all classes Monday while it works to respond to the incident, according to an announcement. The FBI is investigating the attack, but so far the probe has not found that any sensitive information about students and teachers was exposed during the attack, the superintendent of Buffalo Public Schools, Kriner Cash, said in a statement. The attackers, who encrypted the school’s computers, have not made any ransom demands yet, The Buffalo News reported. But the FBI has determined that the hackers’ demand is likely between $100,000 and $300,000, according to the The Buffalo News. GreyCastle, a cybersecurity firm, is reportedly assisting the investigation. GreyCastle did not immediately […]

The post Buffalo Public Schools cancels classes after cyberattack appeared first on CyberScoop.

Continue reading Buffalo Public Schools cancels classes after cyberattack

As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak

Posted on by

Nobody likes to hurry up and wait. It’s exactly how security professionals are urging vulnerable organizations to protect themselves, though, against a cavalcade of nation-state and criminal hacking groups reportedly working to exploit Microsoft Exchange Server flaws that were announced earlier this month. Suspected Chinese government-linked hackers were the first to allegedly exploit the Microsoft vulnerabilities. As soon as the company released a fix for the bugs, though, taking the issue public, a range of other hacking groups also appeared to try leveraging the flaw. At least ten different advanced threat groups are working to exploit the vulnerabilities now, according to ESET research, while other hackers have stolen email data and others have tried to generate financial revenue. With potentially tens of thousands of victims, the U.S. government — including the National Security Agency, the Department of Homeland Security’s cybersecurity agency, the FBI and the White House — has spent days […]

The post As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak appeared first on CyberScoop.

Continue reading As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak

FBI alert warns of Russian, Chinese use of deepfake content

Posted on by

The FBI warned in an alert Wednesday that malicious actors “almost certainly” will be using deepfakes to advance their influence or cyber-operations in the coming weeks. The alert notes that foreign actors are already using deepfakes or synthetic media — manipulated digital content like video, audio, images and text — in their influence campaigns. “Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft,” states the alert obtained by CyberScoop. The warning comes amid concern that if manipulated media is allowed to proliferate unabated, conspiracy theories and maligned influence will become more and more mainstream. Lawmakers have recently enacted a series of laws that address deepfake technology, which frequently is used to harass women. The National Defense Authorization Act of 2021, for […]

The post FBI alert warns of Russian, Chinese use of deepfake content appeared first on CyberScoop.

Continue reading FBI alert warns of Russian, Chinese use of deepfake content

FIN8 cybercrime group resurges with improved hacking tool

Posted on by

A financially-motivated hacking group that appeared to drop off the map a year-and-a-half ago is back with a new and improved backdoor, according to BitDefender research published Wednesday. Over the last year the criminal hacking group, known as FIN8, has primarily targeted companies in retail, technology, chemical and insurance industries with its updated point-of-sale malware, and has compromised organizations in the U.S., Canada, South Africa, Puerto Rico, Panama and Italy, according to the research. FIN8, which FireEye researchers first observed in operation in 2016, has historically targeted organizations in the retail, restaurant and hospitality industries with emails containing malicious Microsoft Word documents. The updated backdoor, known as BADHATCH, has incorporated screen capturing, proxy tunneling and fileless execution, the researchers write. The backdoor has also likely added in credential-stealing capabilities, according to the research. BitDefender does not identify which organizations have been compromised. An earlier version of BADHATCH, which researchers at […]

The post FIN8 cybercrime group resurges with improved hacking tool appeared first on CyberScoop.

Continue reading FIN8 cybercrime group resurges with improved hacking tool

Amid widespread Exchange Server attacks, Microsoft issues patch for older versions

Posted on by

Microsoft issued a patch late Monday evening for older, unsupported versions of Microsoft Exchange servers in an attempt to lessen the blow of hackers exploiting recently uncovered software flaws. Microsoft released a security update earlier this month to address the four zero-day flaws in Exchange Server email software, which suspected Chinese hackers are actively exploiting as part of an espionage operation aimed at stealing the contents of targets’ emails. But those updates only addressed Exchange Server versions 2013 to 2019. “This is intended only as a temporary measure to help you protect vulnerable machines right now,” the Exchange Team at Microsoft warned in a blog post. The best course of action would be to update to the latest version and apply the patch, the company said. System administrators should be advised that the updates for unsupported Exchange Servers only address the four zero-day flaws revealed early this month, Microsoft said. […]

The post Amid widespread Exchange Server attacks, Microsoft issues patch for older versions appeared first on CyberScoop.

Continue reading Amid widespread Exchange Server attacks, Microsoft issues patch for older versions