Tim Starks – Page 62 – WindowsTechs.com

Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors

Posted on November 18, 2020 by Tim Starks

Halloween may have been last month, but IBM researchers revealed Wednesday that they discovered a way ghosts could haunt Cisco Webex meetings. The vulnerabilities in the video conferencing platform — since the subject of a Cisco patch — would permit uninvited guests to join a meeting without showing up on the participant list, stay in a meeting even after the host expels them and gather information about other attendees without joining. Unwelcome guests are often more commonly associated with a Webex competitor, Zoom, which led to the coining of the term “Zoombombing” and Zoom wrestling with the problem. But the IBM research shows that with so many meetings happening online during the pandemic, Zoom isn’t alone. Webex registered a record 324 million users in March, and saw usage grow 451% from mid-February to mid-June. IBM Research found that invaders could exploit the “handshake” process whereby Webex connects meeting participants. “A malicious actor […]

The post Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors appeared first on CyberScoop.

Continue reading Ghost in the machine: Researchers find Webex vulnerabilities allow hidden visitors→

Financial system not keeping up with cyberthreats, new report says

Posted on November 18, 2020 by Tim Starks

Four years after the biggest bank hack ever, the global financial system remains vulnerable to cyberattacks that could cause severe disruptions, according to a report Wednesday that draws advice from government officials, the financial industry and other experts. The assessment from the Carnegie Endowment for International Peace and the Word Economic Forum is the culmination of years of work, with touchstones ranging from the 2016 Bangladesh Bank heist where hackers made off with $81 million to a recent Chilean bank ransomware attack that shut down all of its branches. “Our big concern is that if you look at what’s happened during the pandemic, but even before with the escalating threat that’s targeting the financial system from the Bangladesh incident to the Chile outage back in September, we’re clearly not keeping up with the threat and how quickly it’s evolving,” said Tim Maurer, director of Carnegie’s Cyber Policy Initiative. “The government and industry need […]

The post Financial system not keeping up with cyberthreats, new report says appeared first on CyberScoop.

Continue reading Financial system not keeping up with cyberthreats, new report says→

Zoom pushes new tools meant to counter ‘Zoombombing’

Posted on November 16, 2020 by Tim Starks

Zoom on Monday unveiled a trio of security tools the video conferencing company and its users can deploy to defend against unwelcome intruders who “Zoombomb” meetings. The announcement is the latest in a blitz that began this spring, when Zoom’s daily usage skyrocket at the onset of the coronavirus outbreak, and the company admitted it was caught off guard by the resulting security woes — among them, uninvited users posting offensive materials. Last week, Zoom reached a settlement with the Federal Trade Commission over its encryption claims. The company has since begun rolling out end-to-end encryption for all users. Multiple state attorneys general also had pressed Zoom to do more about Zoombombing. The company reached an agreement with New York in May to increase security. “Suspend Participant Activities,” one of the three tools Zoom detailed in a blog post, allows Zoom hosts to pause meeting functions to report disruptive attendees. Afterward, the host can resume video, audio, screen sharing and other […]

The post Zoom pushes new tools meant to counter ‘Zoombombing’ appeared first on CyberScoop.

Continue reading Zoom pushes new tools meant to counter ‘Zoombombing’→

TikTok gets extensions on US sale order, ban enforcement

Posted on November 13, 2020 by Tim Starks

The Trump administration is giving Beijing-based ByteDance 15 more days to divest in popular video-sharing app TikTok, the Treasury Department said Friday. The Treasury Department statement is the second executive branch reprieve in as many days for TikTok, which the Trump administration has sought to ban in the United States. The Commerce Department also said Thursday that it wouldn’t start enforcing a TikTok ban as a court battle continues. The Trump administration cited the national security threat posed by the China-based company as a reason for the ban, given the vast amounts of personal information TikTok collects. TikTok has said it doesn’t share data with the Chinese government. Thursday was the date the Commerce Department had set to implement an executive order that would have forbidden U.S. companies from providing internet and content delivery services to TikTok, which would have effectively shut down its ability to operate in the U.S. […]

The post TikTok gets extensions on US sale order, ban enforcement appeared first on CyberScoop.

Continue reading TikTok gets extensions on US sale order, ban enforcement→

Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Posted on November 13, 2020 by Tim Starks

Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,” Tom Burt, Microsoft’s corporate vice president for customer security and […]

The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.

Continue reading Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says→

Cybercriminal offers email implant software that dodges traditional security platforms

Posted on November 12, 2020 by Tim Starks

Imagine if cybercriminals didn’t have to send a malicious email for their victims to get the message anyway. That’s a tool one hacker is advertising on a dark web forum, according to research Gemini Advisory released Wednesday. And because the email can be implanted rather than sent, it has the potential to bypass security that inspects messages as they’re en route to their destination server, researchers said. “The software poses a significant threat as it raises the success rate of malware attacks, allows for more sophisticated phishing and business email compromise (BEC) campaigns, and opens the door for technically simple ransomware-like attacks,” according to a blog post from the Miami-based threat intelligence company. The trick to implanting the email via the “Email Appender” software goes like this, Gemini Advisory explained: First, attackers must obtain valid email addresses and associated passwords, often available on the dark web at a low cost. Then the attacker has to upload the compromised credentials into Email […]

The post Cybercriminal offers email implant software that dodges traditional security platforms appeared first on CyberScoop.

Continue reading Cybercriminal offers email implant software that dodges traditional security platforms→

Biden transition efforts on cybersecurity uncertain as Trump administration throws up obstacles

Posted on November 10, 2020 by Tim Starks

Former Department of Homeland Security chiefs cautioned Tuesday that President Donald Trump is endangering national security by blocking the transition to Joe Biden’s presidency, as the standoff stretched days after news organizations declared Biden the victor. “At this period of heightened risk for our nation, we do not have a single day to spare to begin the transition,” said the four former DHS secretaries Tom Ridge, Michael Chertoff, Janet Napolitano and Jeh Johnson. “For the good of the nation, we must start now.” Biden nonetheless plowed ahead with his plans to take over the executive branch, announcing agency review teams sprinkled with former U.S. government cybersecurity officials. But the Trump administration is so far making it difficult, and the dispute potentially stands to hamper cybersecurity on multiple fronts. One of those fronts: The Office of the Director of National Intelligence (ODNI) indicated that it would not work with the Biden transition until after […]

The post Biden transition efforts on cybersecurity uncertain as Trump administration throws up obstacles appeared first on CyberScoop.

Continue reading Biden transition efforts on cybersecurity uncertain as Trump administration throws up obstacles→

Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events

Posted on November 10, 2020 by Tim Starks

There’s a relatively small swath of cyberattacks mixed among the more common variety that are truly extreme, costing tens of million of dollars and beyond, or exposing millions of records. A report out Tuesday identified a little over 100 that fit that description over the past five years. The researchers learned that these massive events cost a median of $47 million and usually came via straightforward hacks or ransomware. They appear to be growing more frequent, and nation-state hackers are behind them to a surprising degree, the report says. But the report from the Cyentia Insitute, a data science firm, also found that these extreme attacks don’t affect all their targets in the same way. Some cost companies nearly 100 times their revenue, while others were still just a drop in the bucket, costing as little as 0.1 % of their revenue. And the financial, information and manufacturing sectors accounted for more than half of the 103 incidents. “What […]

The post Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events appeared first on CyberScoop.

Continue reading Not all cyberattacks are created equal: What researchers learned from 103 ‘extreme’ events→

Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed

Posted on November 6, 2020 by Tim Starks

A possible North Korean government-connected cyber-espionage campaign that targeted the defense industry stretched further than originally known when it was inititally uncovered this summer, researchers said. “Operation North Star” went beyond targeting South Korea to include Australia, India, Israel and Russia, McAfee said in a report out Friday. And its motives and methods seem to be clearer now, too, according to researchers. Israel’s Ministry of Defense had previously blamed Lazarus Group, which the U.S. government calls Hidden Cobra, for sending phony job offers in its defense sector — a tactic that lined up with McAfee’s earlier description of Operation North Star tactics. Additionally, the campaign used a previously undiscovered implant called Torisma that it deployed to burrow further into victims’ systems, McAfee said. The tactic represents the kind of digital spying technique that would have given hackers access to machines belonging to job applicants positioned near military organizations — just the kind of targets that a […]

The post Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed appeared first on CyberScoop.

Continue reading Suspected North Korean hackers who targeted job applicants prove more ambitious than first believed→

DOJ seizes $1 billion in cryptocurrency tied to Silk Road dark web market

Posted on November 5, 2020 by Tim Starks

The Department of Justice said Thursday that it seized approximately $1 billion worth of bitcoin, its biggest cryptocurrency seizure ever. The announcement solves a a years-old mystery about the shuttered Silk Road dark web market for illegal drugs and other unlawful goods, widely regarded as the largest and most extensive dark web marketplace of its time before its 2013 demise. The law enforcement action solves another riddle about a bitcoin wallet that just saw a nearly identically valued amount of cryptocurrency withdrawn after sitting dormant for a long time. “The successful prosecution of Silk Road’s founder in 2015 left open a billion-dollar question. Where did the money go?” said U.S. Attorney David Anderson. “Today’s forfeiture complaint answers this open question at least in part. $1 billion of these criminal proceeds are now in the United States’ possession.” Motherboard reported Wednesday on the Election Day emptying of the wallet. Then the complaint, filed Thursday, detailed […]

The post DOJ seizes $1 billion in cryptocurrency tied to Silk Road dark web market appeared first on CyberScoop.

Continue reading DOJ seizes $1 billion in cryptocurrency tied to Silk Road dark web market→