Tim Starks – Page 53 – WindowsTechs.com

Facebook tackles hacking groups with apparent ties to Palestine, Hamas

Posted on April 21, 2021 by Tim Starks

Facebook on Wednesday detailed steps it took to counter two groups of alleged Palestinian hackers, one with suspected ties to the Palestinian state and another reportedly linked to the Hamas militant group. The hackers linked to Preventive Security Service (PSS), the Palestinian Authority’s internal intelligence organization, targeted victims primarily in the Palestinian territories and Syria, Facebook said. To a lesser degree, they targeted Turkey, Iraq, Lebanon and Libya. Those attackers went after groups and individuals seemingly viewed as a threat to the Fatah-led government, including journalists, dissidents and human rights activists. They also also aimed at military organizations such as the Syrian opposition and Iraqi military, Facebook said. The alleged Hamas-linked hackers, dubbed Arid Viper, by contrast, targeted victims associated with the Palestinian Authority, government organizations and backers of the Fatah-led government, Facebook said. Facebook periodically conducts takedowns of hacking-related activity, most recently related to a campaign that targeted Uighurs […]

The post Facebook tackles hacking groups with apparent ties to Palestine, Hamas appeared first on CyberScoop.

Continue reading Facebook tackles hacking groups with apparent ties to Palestine, Hamas→

‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions

Posted on April 19, 2021 by Tim Starks

Russian hackers have a long history of going after organizations in Ukraine, but one group especially has tunnel vision for the former Soviet republic. And recently, it looks like those hackers returned with a new campaign targeting Ukrainian government officials, threat researchers say. Gamaredon — also known as Primitive Bear — is behind the malicious cyber activity, Anomali concluded with “high confidence” in research shared with CyberScoop in advance of its publication. The campaign first appeared in January and ran through at least mid-March, Anomali said. Publication of the research coincides with escalating tensions between the two nations, with a Russian troop buildup along the Ukrainian border. “This one is interesting because the alignment of real world events is just another indication of potential hybrid warfare that Russia is known to engage in,” said Gage Mele, lead cyber threat intelligence analyst at Anomali. It caps a busy period for Gamaredon, […]

The post ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions appeared first on CyberScoop.

Continue reading ‘Gamaredon’ hackers target Ukrainian officials amid rising Russian tensions→

A push for cybersecurity philanthropic giving launches

Posted on April 16, 2021 by Tim Starks

Over nearly a decade, cybersecurity-related philanthropic giving has constituted a fraction of one percent of the billions of dollars devoted to peace and security causes. An open letter Friday signed by trade associations, non-profits, charitable foundations, think tanks and well-known cybersecurity professionals aims to change that trend as part of what could be a series of future steps. “We believe that private philanthropy is ideally suited to support the development of an emerging field of theorists and practitioners across cybersecurity domains,” reads the letter. “Anyone who cares about national security, innovation, economic development, personal privacy, or civil liberties should care about cybersecurity. Private philanthropy is a critical missing piece to meet this urgent need.” The William Flora and Hewlett Foundation, Craig Newmark Philanthropies, and Gula Tech Foundation led the effort to organize the letter, signed by 30 different organizations and individuals. They include former White House cyber coordinator and current […]

The post A push for cybersecurity philanthropic giving launches appeared first on CyberScoop.

Continue reading A push for cybersecurity philanthropic giving launches→

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Posted on April 13, 2021 by Tim Starks

Banking groups have objected to elements of a proposed U.S. cyber incident notification rule, saying that its threshold for mandatory disclosure of such events to regulators is overly broad and would lead to over-reporting of incidents. Under the proposed regulation from the Treasury Department and other regulators, banks would have to notify their regulators within 36 hours of certain kinds of attacks, and bank service providers would have to notify their customers of particularly damaging incidents as well. “While we support the policy goals of the proposed rule, we believe that, as currently drafted, the proposed rule calls for notification of incidents well below the intended threshold of critical cybersecurity incidents,” wrote the American Bankers Association, Bank Policy Institute, Institute of International Bankers, and the Securities Industry and Financial Markets Association. “As a result, the proposed rule would lead to significant and burdensome over-reporting to the Agencies, contrary to its […]

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’→

Banking organizations dub proposed US cyber notification regulation ‘burdensome’

Posted on April 13, 2021 by Tim Starks

The post Banking organizations dub proposed US cyber notification regulation ‘burdensome’ appeared first on CyberScoop.

Continue reading Banking organizations dub proposed US cyber notification regulation ‘burdensome’→

Financial industry preps for proposal that would require 36-hour breach notification

Posted on April 9, 2021 by Tim Starks

A milestone date for an ambitious federal banking industry cybersecurity regulation that debuted at the tail end of the Trump administration has nearly arrived. Monday, April 12 marks the deadline for comments on an initial proposal that would mandate how a wide range of financial firms would need to report more kinds of cyber incidents to regulators within 36 hours. That’s a more stringent timeline that many comparable regulations; Europe’s General Data Protection Regulation notification window is twice as long, at 72 hours. The relatively quick notification requirement generated most of the attention when the Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation, and Treasury’s Office of the Comptroller of the Currency announced the rule in December. It’s expected to receive significant blowback from the financial services industry as an overly aggressive demand. Some analysts, though, cite the types of incident reports that need to be […]

The post Financial industry preps for proposal that would require 36-hour breach notification appeared first on CyberScoop.

Continue reading Financial industry preps for proposal that would require 36-hour breach notification→

No honor among thieves: Scammers target stolen credit card hubs

Posted on April 8, 2021 by Tim Starks

Two online hubs for stolen credit cards found themselves on the receiving end of hack-and-leak operations last month. User data from the card store Swarmshop was posted to a different underground forum on March 17, exposing hundreds of thousands of compromised payment card records, security vendor Group-IB said in a report out Thursday. That follows news from last month that another forum, Carding Mafia, had been hacked, also exposing hundreds of thousands of user accounts. Word of the nefarious activity only is the latest drama to emerge from the cybercriminal underground. Another notorious forum, Joker’s Stash, recently shut down after attention from global law enforcement officials. In an unrelated case, a Russian man pleaded guilty in January to running an illicit hosting service meant to further fraud schemes. In the case of Swarmshop, it’s also actually the second time cybercriminals have targeted it. “While the source of the breach remains unclear, […]

The post No honor among thieves: Scammers target stolen credit card hubs appeared first on CyberScoop.

Continue reading No honor among thieves: Scammers target stolen credit card hubs→

Wine scams spiked during COVID-19 lockdown

Posted on April 7, 2021 by Tim Starks

Absolute monsters. Wine-themed domain registrations rose once COVID-19 lockdowns took hold, some of them malicious and used in phishing campaigns, Recorded Future and Area 1 Security said in a joint report out Wednesday. “As the interest in virtual happy hours and get-togethers increased so did the increase in wine-themed domain registrations,” the report states. Amid the COVID outbreak, alcohol has proven itself a target for hackers — but it hasn’t been clear before that scammers were trying to exploit people who were staying home and imbibing more. Alcohol delivery service Drizly, for instance, suffered a breach in July, while ransomware hit liquor and wine maker Brown-Forman around the same time. Recorded Future observed a mild jump in wine domain registrations in March of 2020, from the usual 3,000 to 4,000 per month up to nearly 5,500. April saw a bigger leap, to almost 7,200, and the numbers took off in […]

The post Wine scams spiked during COVID-19 lockdown appeared first on CyberScoop.

Continue reading Wine scams spiked during COVID-19 lockdown→

CNA shares details about ransomware attack, recovery effort

Posted on April 2, 2021 by Tim Starks

Major U.S. insurer CNA confirmed this week that it was the victim of a ransomware attack and that it has taken several steps on the road to recovery. The company, one of the biggest players in cybersecurity insurance specifically, had previously acknowledged an attack, but stopped short of specifying exactly what kind. In an update on Thursday, the company said it had restored normal email operations after a ransomware attack, adding that it instituted multi-factor authentication and a security platform for detecting and blocking threats. “Our team deployed additional endpoint detection and monitoring tools for an added layer of security and visibility across our network,” the update reads. “We expect that there will be a number of other remediation and infrastructure enhancements.” The attack has proven a source of misery for the company since hackers hit on March 21. Like other insurers, CNA would represent a tempting target for hackers […]

The post CNA shares details about ransomware attack, recovery effort appeared first on CyberScoop.

Continue reading CNA shares details about ransomware attack, recovery effort→

Biden’s cyber executive order to include new rules for federal agencies, contractors

Posted on April 1, 2021 by Tim Starks

Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said. The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, response to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said. Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish […]

The post Biden’s cyber executive order to include new rules for federal agencies, contractors appeared first on CyberScoop.

Continue reading Biden’s cyber executive order to include new rules for federal agencies, contractors→