Tim Starks – Page 51 – WindowsTechs.com

Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population

Posted on May 27, 2021 by Tim Starks

Researchers say that suspected Chinese hackers are posing as the United Nations and a fake human rights organization in an ongoing campaign to target Uyghurs, an ethnic group that’s repeatedly been on the receiving end of surveillance and cyberattacks this year. “We believe that these cyber-attacks are motivated by espionage, with the end-game of the operation being the installation of a backdoor into the computers of high-profile targets in the Uyghur community,” said Lotem Finkelsteen, head of threat intelligence at Check Point, which published the research on Wednesday along with fellow security firm Kaspersky. Researchers observed targeting of the Turkic ethnic group in China, Pakistan and China’s Xinjiang Uyghur Autonomous Region. In one attack method, the hackers use malicious documents bearing the name of the United Nations Human Rights Council. They also erected a website for a non-existent Turkic Culture and Heritage Foundation, luring would-be grant applicants to download a […]

The post Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population appeared first on CyberScoop.

Continue reading Possible Chinese hackers pose as UN, human rights group to eavesdrop on beleaguered Uyghur population→

Belgium uproots cyber-espionage campaign with suspected ties to China

Posted on May 26, 2021 by Tim Starks

A Belgian government ministry said this week that it was the victim of a cyber-espionage campaign that began two years ago, one that has apparent links to Beijing. The Federal Public Service Interior said it began an investigation in March after Microsoft revealed that Chineses state-sponsored hackers had used zero-days to attack its Exchange Server technology. The ministry called in the Centre for Cyber Security Belgium for aid. “The complexity of this attack indicates an actor who has cyber capacities and extensive resources,” the ministry aid in a statement on it website Tuesday. “The perpetrators acted in a targeted manner, which suggests espionage.” A ministry spokesperson didn’t immediately answer a message about whether the attack it endured dating back to 2019 were explicitly linked to the espionage Microsoft first alleged two months ago, instead of merely triggering a probe that uncovered a separate campaign. The earliest reported attacks exploiting the […]

The post Belgium uproots cyber-espionage campaign with suspected ties to China appeared first on CyberScoop.

Continue reading Belgium uproots cyber-espionage campaign with suspected ties to China→

How Hydra, a Russian dark net market, made more than $1 billion in 2020

Posted on May 25, 2021 by Tim Starks

Russian-speaking dark web bazaar Hydra has dominated the illicit marketplace since 2018, thanks in part to the demise of a rival business as well as its imposition of restrictive policies on sellers, according to research published Tuesday. Hydra administrators have made transactions on the site more difficult to track by forcing users to transact in difficult-to-track Russian currencies, along with regional financial operators and service providers, according to the research. Dark web markets have typically relied on a variety of methods for withdrawing funds, from ATMs to escrow services. It adds up to a headache for law enforcement, potential competitors and other entities with an interest in disrupting Hydra, concludes the joint report by dark web intelligence firm Flashpoint and cryptocurrency-watching software company Chainalysis. Hydra specializes in narcotics sales. “Money laundering trails to Hydra are difficult, near impossible, to trace,” the companies said. “While the illicit trade of narcotics is problematic […]

The post How Hydra, a Russian dark net market, made more than $1 billion in 2020 appeared first on CyberScoop.

Continue reading How Hydra, a Russian dark net market, made more than $1 billion in 2020→

Conti ransomware gang victimized US health care, first-responder networks, FBI says

Posted on May 21, 2021 by Tim Starks

The FBI tracked at least 16 Conti ransomware attacks that struck U.S. health care and first-responder networks within the last year, the bureau said in an alert this week. That accounting only factors in attacks in the past year, and incidents that the FBI itself identified. In all, the alert said Conti has hit 400 organizations, nearly 300 of which were in the U.S. The recent first responder victims include law 9-1-1 dispatch centers, emergency medical services, law enforcement agencies and municipalities, the FBI said. The Conti gang has sought as much as $25 million to decrypt systems it locked up, according to the alert. The FBI warning comes as the Irish health care system is contending with its own Conti ransomware attack. It also comes shortly after a report that CNA Insurance paid a $40 million extortion demand — the biggest yet revealed, as extortionists continue to ratchet up […]

The post Conti ransomware gang victimized US health care, first-responder networks, FBI says appeared first on CyberScoop.

Continue reading Conti ransomware gang victimized US health care, first-responder networks, FBI says→

SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern

Posted on May 19, 2021 by Tim Starks

SolarWinds saw signs of hackers invading their networks as early as January of 2019, about eight months earlier than the previously publicly disclosed timeline for the sweeping cyber-espionage campaign, and nearly two years before anyone discovered the breach. SolarWinds CEO Sudhakar Ramakrishna said in an appearance at the 2021 RSA Conference that while the federal contractor had once estimated the hackers’ first suspicious activity at around September or October of 2019, the company has “recently” learned that the attackers may have in fact “been in our environment” much earlier. “As we look back, they were doing very early [reconnaissance] activities in January of 2019,” he said. Ramakrishna’s revelation provides a deeper understanding yet of the stealthy nature of what U.S. government officials and cybersecurity firms have labeled an incredibly sophisticated attack, even by the standards of the alleged Russian government-connected hackers behind the effort. By leveraging seemingly trustworthy updates of SolarWinds […]

The post SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern appeared first on CyberScoop.

Continue reading SolarWinds CEO reveals much earlier hack timeline, regrets company blaming intern→

National security officials outline hopes for national data breach notification law

Posted on May 18, 2021 by Tim Starks

Top U.S. national security officials on Tuesday explained some ideal elements to a potential national data breach reporting law, describing the idea as one pathway to stopping massive security incidents like the SolarWinds hack. A national data breach reporting law would need to be clear and concise for companies to follow it, and generally not be a huge burden, said Tonya Ugoretz, deputy assistant director of the FBI. It also might function as an alternative to government surveillance of private sector networks, a controversial idea previously suggested as a means of detecting cyber-espionage. Such a law should be focused on receiving reports about only especially sensitive breaches, such as those which jeopardize national security and critical infrastructure or that compromise U.S. government information, Ugoretz said during a prerecorded segment that aired at the virtual 2021 RSA Conference. However, Ugoretz and Adam Hickey, the deputy assistant attorney general and the Justice […]

The post National security officials outline hopes for national data breach notification law appeared first on CyberScoop.

Continue reading National security officials outline hopes for national data breach notification law→

Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees

Posted on May 17, 2021 by Tim Starks

Ransomware gangs have now struck two cybersecurity insurers in as many months, with AXA confirming over the weekend that an attack had affected its Asian operations. AXA joins CNA Insurance, which in April confirmed that a ransomware incident had forced the company to take its operations offline. The attack on AXA, though, comes shortly after the French insurer said it would no longer reimburse ransomware payments under new policies it writes in that country, although a source familiar with the attack said there was no connection between AXA’s decision and the attack on its own networks. The so-called Avaddon ransomware operators posted screenshots of information online that they said they obtained from AXA’s Asia Assistance subsidiary. The screenshots include a claim that the operators stole three terabytes of data, such as customer medical reports and claims, customer IDs and bank account papers, payments to customers and other health information. “Asia […]

The post Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees appeared first on CyberScoop.

Continue reading Ransomware strikes AXA shortly after insurer announces it will stop covering extortion fees→

Rapid7 says attacker accessed its source code in Codecov supply chain hack

Posted on May 13, 2021 by Tim Starks

An unauthorized party accessed Rapid7 source code via the Codecov supply chain compromise, the cybersecurity company said Thursday, making it the latest confirmed victim known to be swept up in the attack. Rapid7 said it made limited use of Codecov’s affected Bash Uploader tool, used to share code reports with the software auditing company, as part of its managed detection and response program. After conducting an internal investigation, Rapid7 determined to what degree any outsiders might have infiltrated Rapid7 repositories. “A small subset of our source code repositories for internal tooling for our MDR service was accessed by an unauthorized party outside of Rapid7,” the company wrote in a blog post. “We have contacted the small subset of customers who may be impacted by this incident to ensure they take appropriate steps to mitigate any potential risk,” the blog post continued. “Note: If you haven’t been contacted by us about […]

The post Rapid7 says attacker accessed its source code in Codecov supply chain hack appeared first on CyberScoop.

Continue reading Rapid7 says attacker accessed its source code in Codecov supply chain hack→

Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing

Posted on May 11, 2021 by Tim Starks

Colonial Pipeline didn’t notify the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency of its ransomware incident, and CISA still didn’t have technical details about the attack as of Tuesday morning, the agency’s top official told senators. Acting director Brandon Wales also said he didn’t think Colonial would have reached out to CISA if the FBI hadn’t alerted his agency, he said in testimony before the Homeland Security and Governmental Affairs Committee. That exchange — and others over the course of a hearing that touched on several major recent security incidents — served as yet another reminder that despite the constant drumbeat for improved cybersecurity information sharing between industry and government, it still doesn’t happen fully in even some of the most dire circumstances. “This is potentially the most substantial and damaging attack on U.S. critical infrastructure ever,” said Ohio Sen. Rob Portman, the top Republican on the panel, in […]

The post Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing appeared first on CyberScoop.

Continue reading Colonial Pipeline didn’t tell CISA about ransomware incident, highlighting questions about information sharing→