Tim Starks – Page 54 – WindowsTechs.com

DeepDotWeb boss pleads guilty to laundering millions

Posted on March 31, 2021 by Tim Starks

The administrator of a dark web marketplace that served as a gateway for purchasing heroin, firearms and hacking tools pleaded guilty to money laundering charges on Wednesday. The Justice Department said that Tal Prihar administered DeepDotWeb, where he received $8.4 million in kickbacks from dark web marketplaces for providing prospective customers with direct links to those sites, which sold illegal goods but weren’t easily found via search engines. When law enforcement indicted Prihar and an alleged co-conspirator in 2019, authorities hailed it as “the single most significant law enforcement disruption of the Darknet to date.” French law enforcement captured Prihar, an Israeli native who had lived in Brazil. Israeli law enforcement arrested the alleged co-owner of the site, Michael Phan, who handled day-to-day operations. U.S. authorities previously seized DeepDotWeb. “For six years, DeepDotWeb was a gateway to facilitate the illegal purchase of items to include dangerous drugs, weapons, and malicious […]

The post DeepDotWeb boss pleads guilty to laundering millions appeared first on CyberScoop.

Continue reading DeepDotWeb boss pleads guilty to laundering millions→

Hacker team-ups pose 2021 threat to financial industry, group cautions

Posted on March 30, 2021 by Tim Starks

An information sharing group for the financial sector warned on Tuesday that banks will encounter growing danger this year from converging nation-state and criminal hackers, as well as supply chain risks and cross-border attacks. The report from the Financial Services Information Sharing and Analysis Center serves as a recap of threats the industry endured last year, as well as a forecast for 2021. Ransomware and other kinds of extortion attacks were among the biggest hazards for the financial services industry last year, FS-ISAC said. The organization said it expects further use of the increasingly common ransomware method of hackers leaking partial data to incentivize higher victim payments, and it said that more than 100 financial companies received distributed denial-of-service extortion threats last year. The organization also suggested that state-sponsored groups would leverage access or other techniques established by financially motivated scammers to boost their own operations. FS-ISAC did not point […]

The post Hacker team-ups pose 2021 threat to financial industry, group cautions appeared first on CyberScoop.

Continue reading Hacker team-ups pose 2021 threat to financial industry, group cautions→

Senator hammers Facebook, Instagram over COVID-19 misinformation

Posted on March 26, 2021 by Tim Starks

One day after a House panel grilled social media executives about misinformation on their platforms, a top senator blasted Facebook for its “continued amplification of harmful” posts about COVID-19, especially via Facebook-owned Instagram. Senate Intelligence Chairman Mark Warner, D-Va., wrote Facebook CEO Mark Zuckerberg on Friday, saying the company needed to do more to eradicate misinformation about the COVID-19 vaccine than promising action. “Facebook’s enforcement of its own policies is consistently and demonstrably insufficient, a trend we have seen in other areas where Facebook has pledged to address misuse of its products or instances of its products amplifying harmful content,” Warner said in the letter. Warner juxtaposed Facebook’s February update of its policies on medical misinformation with the fact that on the day it announced them, some of the top search results for “COVID vaccine” on Instagram lead to anti-vaccine accounts. In particular, Warner said he was disturbed by a […]

The post Senator hammers Facebook, Instagram over COVID-19 misinformation appeared first on CyberScoop.

Continue reading Senator hammers Facebook, Instagram over COVID-19 misinformation→

Top insurer CNA disconnects systems after cyberattack

Posted on March 24, 2021 by Tim Starks

CNA, one of the U.S.’s top providers of cybersecurity insurance, is struggling with a cyberattack that prompted it to disconnect its systems from its network. Its website hasn’t been working for the last couple days, and at press time displayed the message, “The attack caused a network disruption and impacted certain CNA systems, including corporate email.” The Chicago-based firm reported more than $10 billion in revenue in 2020, and is in the top 15 U.S. property and casualty insurers and top 10 U.S. providers of cyber insurance, according to recent measurements. If the attack proves to include policyholder data, a cyber insurance industry expert warned, it could enable particularly devastating further incidents that hackers could use as leverage in extortion attempts. If that’s the case, CNA said, it will keep customers updated. The company said it discovered the intrusion on March 21, adding that it is working with forensics experts […]

The post Top insurer CNA disconnects systems after cyberattack appeared first on CyberScoop.

Continue reading Top insurer CNA disconnects systems after cyberattack→

IT consultant sentenced to 2 years in revenge-hacking case

Posted on March 23, 2021 by Tim Starks

A U.S. judge has sentenced a man to two years in prison for hacking into a company and deleting 1,200 Microsoft user accounts as part of a revenge plot. Deepanshu Kher had worked for an IT consulting firm that deployed him to a Carlsbad, Calif. company in 2017 to help it migrate to Microsoft Office 360. The company provided bad reviews to Kher’s employer, which then pulled him from the assignment and later fired him, according to a Justice Department news release, which named neither Kher’s employer or the firm he pleaded guilty to hacking. After his firing, Kher, an Indian national, returned there and in 2018 accessed the California company’s server to delete nearly all of its 1,500 Microsoft user accounts, prompting the firm to have to completely shutter operations for two days. It then experienced longer-lasting troubles that stretched for three months. “They could not access their email, […]

The post IT consultant sentenced to 2 years in revenge-hacking case appeared first on CyberScoop.

Continue reading IT consultant sentenced to 2 years in revenge-hacking case→

SpaceX engineer makes a first with dark web securities violations case

Posted on March 19, 2021 by Tim Starks

First, U.S. authorities say, SpaceX engineer James Roland Jones tried to fake his way into a dark web insider trading forum, but that didn’t work out very well. Afterward, he still managed to sell fake insider trading information on the dark web anyway, according to the Securities and Exchange Commission. And on top of that, he bought sensitive personal information from a hard-to-reach forum with the goal of making transactions based on purported insider info, according to the Justice Department. (U.S. authorities did not disclose the names of the companies from which Jones claimed to have inside information.) Now, after the FBI used some of Jones’ own methods on him, he has pleaded guilty on charges of conspiracy to commit securities fraud. And the SEC has filed a complaint against the man who also went by the name “MillionaireMike” seeking to recoup his ill-gotten gains and civil penalties. It’s all […]

The post SpaceX engineer makes a first with dark web securities violations case appeared first on CyberScoop.

Continue reading SpaceX engineer makes a first with dark web securities violations case→

Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says

Posted on March 18, 2021 by Tim Starks

In one of the bluntest assessments of U.S. government security shortcomings around the SolarWinds hack, a top Department of Homeland Security official told senators on Thursday that federal defenses simply aren’t aligned properly to detect advanced attackers. The testimony before the Senate Homeland Security and Governmental Affairs Committee on federal cybersecurity weaknesses points to a forthcoming reorientation of how DHS’s Cybersecurity and Infrastructure Security Agency protects agencies from threats. It’s a shift resulting from the fallout from the hack at federal contractor SolarWinds that resulted in breaches at numerous federal agencies and major technology companies. And it’s a shift that Congress is aiding with $650 million that it recently appropriated for CISA. “Part of the challenge is that you can only secure what you can see,” Brandon Wales, acting director of the agency, told committee Chairman Gary Peters, D-Mich. “Over the past decade our system of protection has largely relied […]

The post Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says appeared first on CyberScoop.

Continue reading Feds aren’t well prepared to spot SolarWinds-style hacks at agencies, CISA official says→

Biden administration mulls software security grades after SolarWinds

Posted on March 12, 2021 by Tim Starks

The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday. “There will be ideas coming on both of those in an executive action in the next few weeks,” the official said, briefing reporters on the condition of anonymity about simultaneous major security incidents that continue to roil the country: the SolarWinds supply chain attack, and the exploitation of Microsoft Exchange Server vulnerabilities. The concept of government labeling and grading in cybersecurity isn’t entirely new. Some experts have long coveted an Energy Star-style rating system resembling the program that the Environmental Protection Agency and Energy Department use to promote energy-efficient devices. Among them: the Cybersecurity Solarium Commission, which last year recommended that Congress establish a National Cybersecurity Certification and […]

The post Biden administration mulls software security grades after SolarWinds appeared first on CyberScoop.

Continue reading Biden administration mulls software security grades after SolarWinds→

Molson Coors says cyberattack disrupted beer brewing

Posted on March 11, 2021 by Tim Starks

Molson Coors confirmed in a regulatory filing on Thursday that it suffered a cyberattack that disrupted its beer production, and it may not be out of the woods yet. “Although the Company is actively managing this cybersecurity incident, it has caused and may continue to cause a delay or disruption to parts of the Company’s business, including its brewery operations, production, and shipments,” the company said in a Securities and Exchange Commission disclosure. The SEC filing also said that Molson Coors had contacted “leading forensic information technology firms and legal counsel” and was “working around the clock” to restore full operations. The company reported net sales of nearly $12 billion in 2020, and is one of the largest beer brewers in the U.S. The company was remarkably vague. It didn’t say what kind of attack, where it happened, which systems were affected or when it began. Local media near a […]

The post Molson Coors says cyberattack disrupted beer brewing appeared first on CyberScoop.

Continue reading Molson Coors says cyberattack disrupted beer brewing→

F5 releases patches for nearly two dozen vulnerabilities, some critical

Posted on March 10, 2021 by Tim Starks

F5 Networks, a leading provider of enterprise networking equipment, disclosed four critical vulnerabilities and 17 others on Wednesday as the recent parade of major flaws needing patches marches ahead. Three of the vulnerabilities would allow hackers to remotely execute code on target networks. It’s the second time in in two years that F5 has disclosed such a flaw. In 2020, both Cyber Command and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued warnings about the earlier reported vulnerabilities. F5 joins Microsoft, SolarWinds and Accellion on the list of companies that have needed to release major patches in recent months. In the case of F5 so far, “We are not aware of any active exploits for these vulnerabilities,” spokesperson Rob Gruening said. The flaws affect both the F5 BIG-IP local traffic manager and BIG-IQ centralized management software. The company announced fixes for all of the vulnerabilities. Despite the […]

The post F5 releases patches for nearly two dozen vulnerabilities, some critical appeared first on CyberScoop.

Continue reading F5 releases patches for nearly two dozen vulnerabilities, some critical→