Author Archives: Tim Starks

US charges Russian GRU officers for NotPetya, other major hacks

Posted on by

A federal grand jury returned an indictment against six alleged Russian intelligence officers who, collectively, were responsible for “conducting the most disruptive and destructive series of computer attacks ever attributed to a single group,” the Justice Department announced Monday. Their attacks spanned the globe, including the worldwide 2017 NotPetya outbreak that did more than $1 billion in damage to a number of U.S. organizations, according to the indictment. The six accused hackers work for the Russian Main Intelligence Directorate, commonly known as the GRU, that’s been connected to interference in the 2016 U.S. election and other major cyberattacks. “No country has weaponized its cyber capabilities as maliciously or irresponsibly as Russia, wantonly causing unprecedented damage to pursue small tactical advantages and to satisfy fits of spite,” said Assistant Attorney General for National Security John Demers. “Today the Department has charged these Russian officers with conducting the most disruptive and destructive series of […]

The post US charges Russian GRU officers for NotPetya, other major hacks appeared first on CyberScoop.

Continue reading US charges Russian GRU officers for NotPetya, other major hacks

Twitter updates hacked materials policy following blow-up over New York Post story

Posted on by

Twitter said it would modify its policy on hacked materials amid a controversy about a disputed news article about Democratic presidential nominee, clarifying it would only remove that kind of content if “directly shared by hackers or those acting in concert with them.” Additionally, Twitter pledged not to block related links from being shared and instead label tweets, said Vijaya Gadde, the company’s global lead for legal, policy, and trust and safety. Twitter’s late Thursday move came after outrage from conservatives over its handling of a dicey New York Post story about Joe Biden’s son, Hunter. Twitter originally said it blocked links to the Post story based on its hacked materials policy. It never said how it came to the conclusion that anything was hacked in connection with the article. The article cites emails that were saved on a laptop that purportedly had been left in a computer repair shop. Both […]

The post Twitter updates hacked materials policy following blow-up over New York Post story appeared first on CyberScoop.

Continue reading Twitter updates hacked materials policy following blow-up over New York Post story

TikTok unveils bug bounty program, scraps with US government in court over looming ban

Posted on by

TikTok announced a global bug bounty program Thursday amid an ongoing court battle to continue operating in the U.S. The program, a partnership with HackerOne, is an expansion of a more limited vulnerability disclosure program for the popular video-sharing app. “This partnership will help us to gain insight from the world’s top security researchers, academic scholars and independent experts to better uncover potential threats and make our security defenses even stronger,” TikTok wrote in a blog post. Researchers who uncover vulnerabilities can make between $50 and $14,800, depending on the severity of the flaw. TikTok has previously worked with security research companies to fix flaws they found. A range of high profile companies have relied on bug bounty programs to solicit reports about vulnerabilities for which internal security personnel failed to account. Often, success depends on the firms’ ability to fix those flaws, and reward outside researchers in a way that doesn’t […]

The post TikTok unveils bug bounty program, scraps with US government in court over looming ban appeared first on CyberScoop.

Continue reading TikTok unveils bug bounty program, scraps with US government in court over looming ban

Zoom to begin end-to-end encryption rollout with month-long preview

Posted on by

Zoom says it will preview its end-to-end encryption feature for all users, free and paid, as the first phase of its plan to fully roll out the security technology. It’s the latest security step for a video conferencing platform that took off in the early days of the COVID-19 pandemic, but also underwent criticism over its user data protection mechanisms. The technical preview of end-to-end encryption is the inaugural phase of four, the company said Wednesday, with the idea that it will solicit user feedback during a 30-day period. End-to-end encryption means that no outsiders can access a call, not even law enforcement or Zoom itself. “In typical meetings, Zoom’s cloud generates encryption keys and distributes them to meeting participants using Zoom apps as they join,” the company explained in a blog post. “With Zoom’s E2EE, the meeting’s host generates encryption keys and uses public key cryptography to distribute these keys to the other meeting participants. Zoom’s […]

The post Zoom to begin end-to-end encryption rollout with month-long preview appeared first on CyberScoop.

Continue reading Zoom to begin end-to-end encryption rollout with month-long preview

Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion

Posted on by

Researchers have pieced together details about a newly-identified, financially-motivated hacking group they say is behind bold, large and long-running malware campaigns. And it’s only getting worse: The hackers have expanded their range of targets the past two years while using increasingly aggressive ransomware attacks, according to research published Tuesday by FireEye’s threat intelligence unit, Mandiant. The company dubbed the group FIN11, a designation it gives financial crime groups. That makes it the first group to get the FIN label since FIN10 three years ago. The hackers are notable for “removing the last vestiges of restraint” in their ransomware and extortion targeting, said John Hultquist, senior director of analysis for Mandiant Threat Intelligence, a unit of FireEye. They’ve gone after pharmaceutical companies and other health care targets during the COVID-19 pandemic. More broadly, the health care industry has encountered a barrage of attacks from hackers during the pandemic, including ransomware attacks that authorities say have hit hospitals and health […]

The post Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion appeared first on CyberScoop.

Continue reading Meet FIN11, a cybercrime outfit going after pharma companies while leaning on extortion

US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

Posted on by

If a Treasury Department advisory threatening financial penalties against anyone paying ransomware hackers was intended to send a clear message, it may have done the exact opposite. The Oct. 1 advisory from the Office of Foreign Assets Control warned that paying or helping to pay ransoms to anyone on its cyber sanctions list could incur civil penalties. Across some of the industries mentioned in the advisory — like cybersecurity incident response firms and insurance providers — reactions have ranged from confusion to silence, from yawns to raised eyebrows, from praise to fear of a blizzard of potentially unintended consequences. The worst case scenarios involve ransomware victims in the health sector having to make a life-or-death decision on whether to pay to unlock their systems while at risk of incurring Treasury’s wrath, or situations where victims try even harder to keep attacks quiet to avoid OFAC fines, which sometimes total millions […]

The post US advisory meant to clarify ransomware payments only spotlights widespread uncertainty appeared first on CyberScoop.

Continue reading US advisory meant to clarify ransomware payments only spotlights widespread uncertainty

As voters cast their ballots, courts nationwide issue election security edicts

Posted on by

Legal battles with election security implications raged across the country over the holiday weekend, even with early voting well underway at historic levels in many states. In no state did those two things coincide more than in Georgia. Peach State voters amassed in lines marked by reports of 10-hour waits on Tuesday, following two key court rulings. Northern District of Georgia Judge Amy Totenberg on Sunday denied a bid to scuttle touch screen voting machines over cybersecurity vulnerabilities. On Monday, she also denied a request to require a specific number of emergency ballots to be on hand at Georgia polling sites. The ruling Sunday represented a setback for election integrity advocates who contend that Georgia’s machines have not been secure enough, and still aren’t. Totenberg ruled last year that Georgia must phase out its existing paperless voting machines, citing doubts about cybersecurity safeguards for direct-recording election equipment tabulations that couldn’t be audited without a paper record. […]

The post As voters cast their ballots, courts nationwide issue election security edicts appeared first on CyberScoop.

Continue reading As voters cast their ballots, courts nationwide issue election security edicts

Facebook removes fake accounts it linked to Turning Point USA

Posted on by

Facebook said it removed hundreds of fake accounts and pages on Thursday that had denigrated Democratic presidential candidate Joe Biden while boosting GOP President Donald Trump. The company also said it had banned a marketing agency as part of the influence operation that it linked to prominent, youth-driven conservative organization Turning Point USA. The marketing firm, Rally Forge, also worked to undermine mail-in voting with comments on news stories posted to its platform, Facebook said. In all, the social media giant took down 200 Facebook accounts and 55 pages, as well as 76 Instagram accounts. The removal is a reminder that, with just weeks before Election Day, social media companies still are contending with the deliberate spread of misinformation from both foreign and domestic sources. Facebook in recent months has taken action against networks of white supremacists, and alleged Russian propagandists, among other networks. Other Silicon Valley firms, such as Twitter, also have taken […]

The post Facebook removes fake accounts it linked to Turning Point USA appeared first on CyberScoop.

Continue reading Facebook removes fake accounts it linked to Turning Point USA

SEC settles with trader accused of illegal trades using hacked data

Posted on by

The U.S. Securities and Exchange Commission agreed to settle charges with one of the traders who relied on hacked data from an SEC company filing system to collectively make millions of dollars, the agency said in a federal court filing on Wednesday. The SEC settlement includes both Sungjin Cho, the trader, and Kyungja Cho, his mother. Sungjin Cho made 66 illegal trades under his own name relying on the hacked information, and placed or directed four more under accounts in his mother’s name, according to the original complaint. Last year, the SEC and Justice Department filed charges against alleged hackers and the group of traders whom they said benefited from the scheme dating back to 2016 to steal secrets from EDGAR. EDGAR is a filing system for public companies that sometimes contains information that has not yet been made public. The scheme netted at least $4.1 million for the traders, according to the SEC. Among the […]

The post SEC settles with trader accused of illegal trades using hacked data appeared first on CyberScoop.

Continue reading SEC settles with trader accused of illegal trades using hacked data

Hackers exploit Trump’s COVID-19 diagnosis to spread a different kind of virus

Posted on by

Opportunistic hackers have seized on President Donald Trump’s illness from COVID-19 to fool email recipients into clicking on malware, researchers found, in what was a quick turnaround from the news that dominated the weekend and beyond. Proofpoint said it had detected an active, “medium volume” email campaign on Wednesday sent to several hundred U.S. and Canadian organizations. The messages are designed to bamboozle victims into downloading the BazaLoader backdoor, a kind of trojan commonly linked to the developers of the TrickBot hacking tool. Scammers frequently seize on major news events to try duping victims into providing access to their sensitive data. The apparent TrickBot gang email campaign comes less than a week after Proofpoint highlighted another that swiped Democratic National Committee website language in a bid to infect potential party volunteers. In this case, emails contain subject lines like “Recent materials pertaining to the president’s illness.” The body of the messages contain a hyperlink to an attached […]

The post Hackers exploit Trump’s COVID-19 diagnosis to spread a different kind of virus appeared first on CyberScoop.

Continue reading Hackers exploit Trump’s COVID-19 diagnosis to spread a different kind of virus