Tonya Riley – Page 26 – WindowsTechs.com

CISA to brief critical infrastructure companies about urgent new Log4j vulnerability

Posted on December 13, 2021 by Tonya Riley

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency will host a call with critical infrastructure stakeholders Monday afternoon about a critical vulnerability affecting products with the Log4j software library, according to a statement. CISA sent out an alert Friday that the agency had added the flaw to its list of exploited vulnerabilities, and urged federal and civilian organizations to patch and take steps to mitigate harm immediately. Log4j is a widely-used open-source logging tool popular in numerous cloud and enterprise apps including Minecraft, Apple Cloud, Cloudflare and Twitter, making the extent of the zero-day’s potential damage likely wide-reaching. “CISA is working closely with our public and private sector partners to proactively address a critical vulnerability affecting products containing the log4j software library,” CISA director Jen Easterly said in a statement. “This vulnerability, which is being widely exploited by a growing set of threat actors, presents an urgent challenge to network defenders given its broad use.” Cybersecurity researchers noted over the weekend that […]

The post CISA to brief critical infrastructure companies about urgent new Log4j vulnerability appeared first on CyberScoop.

Continue reading CISA to brief critical infrastructure companies about urgent new Log4j vulnerability→

Telehealth app Doxy.me is fixing a leak that exposed patient data to Facebook, Google

Posted on December 10, 2021 by Tonya Riley

Telehealth platform Doxy.me is fixing an issue that allowed three third-party firms to access the names of some patients’ providers, the company told CyberScoop after it notified the company of the problem. The company, which self-reports as holding 30% of the growing U.S. telemedicine market and is currently used by over 1 million providers worldwide, appeared to also be sharing IP addresses and unique device identification numbers with Google, Facebook and the marketing software company HubSpot, privacy researcher Zach Edwards found after examining the platform. The sensitive user data was accessible when patients clicked on a link to the platform’s “virtual waiting room” service, which connects patients with medical professionals. Providers can choose the name of their waiting room, which is often their name or the name of their medical practice. (In a sample observed by CyberScoop, the URL included the name of a provider.) It appears that Doxy.me tried […]

The post Telehealth app Doxy.me is fixing a leak that exposed patient data to Facebook, Google appeared first on CyberScoop.

Continue reading Telehealth app Doxy.me is fixing a leak that exposed patient data to Facebook, Google→

Emotet’s comeback is getting a boost from fellow botnet TrickBot

Posted on December 8, 2021 by Tonya Riley

The resurgence of botnet Emotet after a law enforcement takedown earlier this year is getting a boost from fellow crime group TrickBot, researchers at Check Point have found. Since November, Check Point has identified 113 new Emotet targets in the first week of December, nearly half its infection right before it was taken down. Emotet attempted to infect 657 new organizations (219 per week) during January 2020. And it was already at 113 new targets in the first week of December 2020. This means that in 3 weeks since its comeback, Emotet already gained 50% of its infection rate before it was taken down. The samples of the Emotet malware are being delivered via servers that TrickBot infected in mid-November. A number of other researchers have confirmed Emotet’s return and have observed TrickBot distributing the malware. Emotet received a series of debilitating blows last year at the hands of law […]

The post Emotet’s comeback is getting a boost from fellow botnet TrickBot appeared first on CyberScoop.

Continue reading Emotet’s comeback is getting a boost from fellow botnet TrickBot→

Cyber Command boss acknowledges US military actions against ransomware groups

Posted on December 6, 2021 by Tonya Riley

The U.S. military has taken offensive measures against ransomware groups, U.S. Cyber Command leader General Paul M. Nakasone confirmed Saturday. “Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” Nakasone told The New York Times in an interview Saturday. “That’s an important piece that we should always be mindful of.” CNN confirmed the offensive cyber operations to disrupt foreign ransomware groups with a U.S. Cyber Command spokesperson. U.S. Cyber Command, the military’s top hacking unit, has reportedly been going after criminal hacking groups dating back to before the 2020 election, when it attempted to knock out TrickBot, a network of infected computers used to deliver malware. More recently, U.S. Cyber Command had role in shutting down ransomware group REvil’s operations, working with foreign governments to redirect traffic from the group’s website, The Washington Post first reported in November. Both […]

The post Cyber Command boss acknowledges US military actions against ransomware groups appeared first on CyberScoop.

Continue reading Cyber Command boss acknowledges US military actions against ransomware groups→

The Justice Department is ramping up its crackdown on money mules

Posted on December 3, 2021 by Tonya Riley

U.S. law enforcement recovered nearly $3.7 million in fraud proceeds and charged more than 30 individuals for their alleged involvement in receiving or transferring illicit proceeds over the past 10 weeks. The arrests, announced Friday, were part of the Justice Department’s “Money Mule Initiative,” which is aimed at cracking down on Americans who assist international fraudsters in moving funds from victims of a wide variety of fraud efforts, including romance scams and business email compromise schemes. The initiative in total targeted 4,757 individuals involved in “money mule” activity, more than twice the number of individuals reached by last year’s initiative. Actions were taken in all 50 states. Twenty-five members of Europol also cooperated in the action. “Every time an individual who has previously been operating as a money mule stops doing so, foreign fraudsters are forced to expend time and effort rebuilding that infrastructure differently,” said a Justice Department official […]

The post The Justice Department is ramping up its crackdown on money mules appeared first on CyberScoop.

Continue reading The Justice Department is ramping up its crackdown on money mules→

Rail industry gets new cyber directives from TSA

Posted on December 2, 2021 by Tonya Riley

U.S. rail companies must commit more attention and resources to cybersecurity under Transportation Security Administration directives announced Thursday by the Department of Homeland Security. The new requirements include that surface rail owner and operators designate a cybersecurity coordinator; report a cybersecurity incident to DHS’s cybersecurity agency within 24 hours; complete a vulnerability assessment; and create a plan to respond to cybersecurity incidents. The directives will cover approximately 80 percent of freight rail and 90 percent of passenger rail, according to a DHS official. DHS Secretary Alejandro Mayorkas announced that TSA would be rolling out directives for surface transportation in an October speech at the Billington cybersecurity summit. Early plans for the directives, which would have required companies to report incidents within 12 hours, received criticism from industry and Republicans. In October, Republicans led by Sen. Rob Portman of Ohio called for DHS’s OIG to investigate the directives, citing industry complaints that […]

The post Rail industry gets new cyber directives from TSA appeared first on CyberScoop.

Continue reading Rail industry gets new cyber directives from TSA→

Former Ubiquiti employee charged with stealing data, extorting employer

Posted on December 2, 2021 by Tonya Riley

The FBI arrested a former employee of a U.S. technology company for allegedly breaching and stealing confidential data from his employer and then extorting the company for nearly $2 million. The defendant, Nickolas Sharp, after allegedly stealing sensitive information posed as a whistleblower to plant misleading news about the company’s breach, according to an indictment released Wednesday. The articles caused the company’s share price to drop, costing it to lose market value, according to the Justice Department. The indictment does not mention the company where Sharp worked, though the timeline and details of the incident match up with a breach of router company Ubiquiti discovered in January. An anonymous whistleblower accused the company of covering up the incident in March, matching with the FBI’s account of Sharp’s actions. Sharp’s LinkedIn confirms he worked at Ubiquiti at the time. The company did not immediately respond to a request for comment Thursday. […]

The post Former Ubiquiti employee charged with stealing data, extorting employer appeared first on CyberScoop.

Continue reading Former Ubiquiti employee charged with stealing data, extorting employer→

Meta scrubbed a fake scientist’s account that spread bogus COVID-19 claims

Posted on December 1, 2021 by Tonya Riley

On July 24, 2021 a Swiss biologist, Wilson Edwards, claimed on Facebook and Twitter that the United States was pressuring the World Health Organization to blame the origin of COVID-19 on the Chinese government. Within an hour, Chinese officials were promoting the message on social media, using the apparent claim to turn public opinion against the U.S. after China attracted scrutiny for reportedly rejected further investigation into the origins of the virus. But Wilson Edwards wasn’t real, the Swiss Embassy in Beijing announced on Twitter on August 10. Instead, the ruse was a part of an elaborate coordinated campaign based in China to discredit the U.S., researchers at Meta, which is owned by Facebook, revealed in a report out Wednesday. What researchers found was a “hall of mirrors,” Ben Nimmo, global information operations threat intelligence lead at Facebook said in the report. In total, Facebook removed 524 Facebook accounts, 20 pages, […]

The post Meta scrubbed a fake scientist’s account that spread bogus COVID-19 claims appeared first on CyberScoop.

Continue reading Meta scrubbed a fake scientist’s account that spread bogus COVID-19 claims→

FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate

Posted on December 1, 2021 by Tonya Riley

The FBI in August seized approximately $2.3 million worth of cryptocurrency from a hacker affiliated with the REvil ransomware gang, according to a court filing unsealed Tuesday. The money seized was derived from payments to ransomware attacks involving REvil malware between April 2019 and June 2021 in the U.S. and elsewhere. REvil affiliates generated some $200 million dollars during that time from in ransom payments, according to the FBI. The attacks were allegedly carried out by Aleksandr Sikerin, who is charged with multiple counts of conspiracy and money laundering. Bleeping Computer first reported on the court documents. It’s unclear if the seizure is related to the U.S. actions in November, in which officials seized $6 million in ransom payments from alleged Russian hacker Yevgeniy Polyanin. Authorities also arrested Yaroslav Vasinksyi, a 22-year-old Ukrainian national, when he was entering Poland. Vasinskyi is accused of involvement in the July REvil attack against […]

The post FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate appeared first on CyberScoop.

Continue reading FBI seized $2.3 million in cryptocurrency from REvil ransomware affiliate→