Tim Starks – Page 50 – WindowsTechs.com

IRS, GAO at odds over cybersecurity requirements on tax preparers

Posted on June 14, 2021 by Tim Starks

The Internal Revenue Service hasn’t put in place a structure to issue cybersecurity dictates to paid tax preparers because it doesn’t believe it has the authority to do so — but the Government Accountability Office begs to differ. The government watchdog recommended the IRS establish a security structure in a 2019 report, but the agency contended Congress would need to take action to give the IRS more power. As of January of this year, the IRS still believes it needs statutory authority, the GAO said in a report released Monday. The GAO’s suggestion is that IRS should create a governance structure or steering committee to “to coordinate all aspects of IRS’s efforts to protect taxpayer information while at third-party providers.” Hackers have targeted tax preparation companies for years in identity theft and tax return theft schemes, as the IRS itself has repeatedly warned. In one recent case, a U.S. court […]

The post IRS, GAO at odds over cybersecurity requirements on tax preparers appeared first on CyberScoop.

Continue reading IRS, GAO at odds over cybersecurity requirements on tax preparers→

Burgeoning ransomware gang Avaddon appears to shut down, mysteriously

Posted on June 11, 2021 by Tim Starks

A ransomware gang has apparently disappeared just as its fortunes were rising. Ransomware experts said Avaddon shut down as of Friday. The operators left no explanation for why they might have done so, and they’re letting their remaining victims off the hook. Avaddon sent Bleeping Computer 2,934 decryption keys, after which the security firm Emsisoft produced a free, public decryption tool. After last month’s ransomware attack on Colonial Pipeline caused disruptions in the U.S. on fuel delivery, Avaddon became one of the most prolific posters of victim data to its extortion site, compared to other such groups. “This is great news,” tweeted Allan Liska, a Recorded Future analyst specializing in ransomware. “Avaddon was considered a second tier ransomware operator, but since the Colonial Pipeline attack they have been tied with Conti in terms of number of victims posted to their extortion site.” But with success has come attention. The FBI […]

The post Burgeoning ransomware gang Avaddon appears to shut down, mysteriously appeared first on CyberScoop.

Continue reading Burgeoning ransomware gang Avaddon appears to shut down, mysteriously→

Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident

Posted on June 9, 2021 by Tim Starks

Lawmakers repeatedly challenged Colonial Pipeline CEO Joseph Blount on Wednesday about the steps it took to work with the government after a May ransomware attack, often suggesting the company fell short. A long string of House Homeland Security Committee members questioned Blount about his assertion that Colonial had not, as reported, refused voluntary Transportation Security Administration cybersecurity reviews. Instead, the company delayed them due to COVID-19 restrictions and a physical move to a new building, he said. “Delaying these assessments for so long amounts to declining them, sir,” said Rep. Bonnie Watson Coleman, D-N.J., citing communications that began in March of 2020. “It raises serious questions,” she said, while noting that her information says that Colonial turned down even a virtual assessment offers before the ransomware attack that led to fuel delivery slowdowns last month. Colonial has now scheduled a TSA review for late July, Blount said. Blount’s answers about government […]

The post Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident appeared first on CyberScoop.

Continue reading Congress pummels Colonial Pipeline CEO over government coordination after disruptive ransomware incident→

Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.

Posted on June 7, 2021 by Tim Starks

A city in California didn’t disclose a ransomware payment for more than two years after its insurer covered the cost, the city manager acknowledged amid yet another ransomware attack on the municipality. In 2018, officials in Azusa, Calif. paid $65,000 through its insurer Chubb to free up its most vital system and used a free decryption key to unlock the others, City Manager Sergio Gonzalez said. The hackers took control of the city’s police dispatch system for more than a week in the fall that year, he said. State-by-state data breach notification laws have different triggers for when hacking victims must report publicly on what happened. “We did not make a public statement and did not have to file anything legally because we could confirm that no data was migrated out” of police servers, Gonzalez said, according to local new accounts. In an interview with CyberScoop, Gonzalez said the city […]

The post Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive. appeared first on CyberScoop.

Continue reading Insurer Chubb paid $65,000 to help a city unlock ransomware in 2018. A second hack was more expensive.→

DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack

Posted on June 7, 2021 by Tim Starks

The Justice Department announced Monday that it had retrieved $2.3 million in cryptocurrency payments Colonial Pipeline made in the DarkSide ransomware attack. In May, Colonial — which delivers an estimated 45% of fuel consumed on the East Coast — paid its attackers $4.4 million worth of cryptocurrency in an incident that propelled ransomware into visibility it didn’t previously have in the U.S. On Monday, pursuant to a seizure warrant issued by the United States District Court for the Northern District of California, the department got some of that payment back, DOJ officials said at a news conference. “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies,” Deputy Attorney General Lisa Monaco said. “Today we turned the tables on DarkSide.” It’s not the first time DOJ has seized cryptocurrency […]

The post DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack appeared first on CyberScoop.

Continue reading DOJ seizes $2.3 million in cryptocurrency payments from Colonial Pipeline ransomware attack→

Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches

Posted on June 4, 2021 by Tim Starks

Three weeks ago, the U.S. Chamber of Commerce — the most powerful business lobby in the country — called on the federal government to take several steps to combat ransomware. This week, the White House’s deputy national security adviser penned a letter to industry … urging them to take several steps to combat ransomware. Those are two of the latest moves in a long dance between the feds and private sector over cybersecurity, with a tempo that has hastened considerably since the Colonial Pipeline ransomware attack. Even as both sides say the respective calls for action on ransomware in the oft-hailed “public-private partnership” are well-received, they’re redoubling their messages to each other. As the ransomware challenge looms increasingly large and has proven difficult to wrestle, two of the largest players are trying to find their footing. “While businesses need to do what they can to enhance their security, the government […]

The post Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches appeared first on CyberScoop.

Continue reading Government, industry scramble to prioritize ransomware amid fallout from pipeline, JBS breaches→

First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard

Posted on June 3, 2021 by Tim Starks

The ElectionGuard technology that Microsoft touts as a way to make elections more secure and verifiable is taking its biggest step yet: Hart InterCivic, one of the big three election vendors, says it will incorporate ElectionGuard into one of its voting systems. The ElectionGuard open-source software development kit gives voters a unique code to track their encrypted vote and confirm it wasn’t manipulated, and it offers a way for third parties to validate election results, according to Microsoft. The two companies jointly announced the partnership on Thursday. Hart InterCivic is the biggest partner to date for ElectionGuard, as one of three vendors — alongside Election Systems & Software and Dominion Voting Systems — that dominate the marketplace for voting machine technology. “We believe we must constantly re-imagine how technology can make voting more secure and also more transparent, and this partnership with Microsoft is a strong step in that direction,” […]

The post First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard appeared first on CyberScoop.

Continue reading First major voting vendor, Hart InterCivic, partners with Microsoft on ambitious software security tool ElectionGuard→

Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler

Posted on June 1, 2021 by Tim Starks

A seller on a popular cybercrime forum appears to be offering up source code and a database they say belongs to DDoS-Guard, the Russia-based hosting site that helped right-leaning social media company Parler get back online after Amazon Web Services banished it. Parler billed itself as an alternative to Twitter after that social media firm cracked down on alt-right misinformation and disinformation, but found itself shunned by AWS and others after complaints about its safeguards against hate speech and calls for violence after the the Jan. 6 insurrection. Security vendor Group-IB, which noticed the listing, said that while DDoS-Guard offers hosting services and protection against distributed denial-of-service attacks, it also has been labeled a “bulletproof hosting” provider — one that’s lenient toward cybercriminals and other shady operators. The seller listed the DDoS-Guard database and source code for $350,000 on exploit.in, a long-running forum used mainly by Russian-speaking scammers that birthed […]

The post Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler appeared first on CyberScoop.

Continue reading Cybercrime forum advertises alleged database, source code from Russian firm that helped Parler→

Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber

Posted on May 28, 2021 by Tim Starks

President Joe Biden’s fiscal 2022 budget blueprint released Friday proposes $750 million for the federal government to respond to “lessons learned” from the SolarWinds supply chain hack that compromised nine agencies. In all, the budget proposes $9.8 billion in federal civilian cybersecurity funding, a 14% increase from the spending levels allocated for the current fiscal year, according to a summary. That number doesn’t take into account Defense Department funding requests, which would represent another large chunk of money, though that amount isn’t precisely spelled out in four documents shared Friday with reporters in advance of public release. “Cybersecurity is a top priority for this Administration, and recent events, such as the SolarWinds cyber incident, have shown that adversaries continue to target Federal systems,” one budget document reads. The blueprint also requests $15 million for the recently-created national cyber director office in the White House, and $20 million for a new […]

The post Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber appeared first on CyberScoop.

Continue reading Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber→

Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery

Posted on May 27, 2021 by Tim Starks

It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure. The emails purport to be from the the United States Agency for International Development, with targets including government agencies, research institutions and nongovernmental organizations in the U.S. and Europe. Volexity said it had concluded, with moderate confidence, that Cozy Bear — the group also known as APT29 or the Dukes — was behind the emails. If true, it would be a return to an old favorite subject for Cozy Bear, which the U.S. government and others implicated in the 2016 hacks of the Democratic National Committee and Hillary Clinton’s presidential campaign, among other election interference efforts. More recently, Cozy Bear has garnered attention from the Biden […]

The post Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery appeared first on CyberScoop.

Continue reading Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery→