Tonya Riley – Page 36 – WindowsTechs.com

UK judge gives US a shot to appeal denial of Julian Assange’s extradition

Posted on July 7, 2021 by Tonya Riley

Britain’s top court has granted the U.S. government a chance to appeal a January decision denying its request to extradite WikiLeaks founder Julian Assange to the United States to face espionage charges. The appeal process comes after a U.K. judge denied U.S. prosecutors’ original request for extradition. Judge Vanessa Baraitser ruled that U.S. prosecutors met the bar for extradition, but she sided with Assange’s lawyers that the WikiLeaks ringleader was likely to commit suicide if sent to a U.S. prison. The appeal will be limited as to whether or not the court was right to deny the extradition on the basis of Assange’s mental health, Bloomberg News reported. Assange faces 18 counts of endangering U.S. national security, including conspiring to obtain and disclose hundreds of thousands of classified and sensitive government documents. He was charged under the Espionage Act for his role in allegedly publishing classified Department of Defense documents […]

The post UK judge gives US a shot to appeal denial of Julian Assange’s extradition appeared first on CyberScoop.

Continue reading UK judge gives US a shot to appeal denial of Julian Assange’s extradition→

25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors

Posted on July 7, 2021 by Tonya Riley

Scammers are pushing fake cryptomining apps in order to make a buck off of victims interested in virtual currency. Security researchers at Lookout identified more than 170 apps that advertise themselves as providing cryptocurrency-mining services on the cloud for a fee. Unlike other popular cryptocurrency scams on mobile, the criminals aren’t seeking to empty a user’s wallet or download malicious software. Instead, the apps simply charge users for a service that doesn’t exist. Similar scams have existed in desktop form for a while, but this is the first time researchers have noticed apps designed to conduct such a fraud. “The apps themselves are really essentially empty shells with what look like purchasing functionalities,” said Christoph Hebeisen, director of security intelligence research at Lookout. “There is no way to tell if there is actually mining going on in the background or not because that happens on the cloud side, that doesn’t […]

The post 25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors appeared first on CyberScoop.

Continue reading 25 bogus Google Play store apps promised to mine cryptocurrency for a fee, scamming wannabe investors→

White House rebukes ransomware gang as number of apparent REvil victims remains uncertain

Posted on July 6, 2021 by Tonya Riley

The White House responded to Russia-based ransomware group REvil’s most recent attack against a U.S. company with a promise to take on cybercriminals if the Kremlin will not. “As the president made clear to President Putin when they met, if the Russian government cannot or will not take action against criminal actors in Russia we will take action or reserve the right,” White House Press Secretary Jen Psaki said Tuesday when asked about a major data breach at Florida-based IT software firm Kaseya. Psaki noted that the U.S. intelligence community has not attributed the attack on Kaseya to the REvil group. However the recent hack — in which hundreds of businesses were affected, according to the company — adds to escalating tensions with Russia over its apparent willingness to tolerate ransomware gangs. Psaki said that the White House will meet with high-level Russian officials to discuss ransomware attacks next week. […]

The post White House rebukes ransomware gang as number of apparent REvil victims remains uncertain appeared first on CyberScoop.

Continue reading White House rebukes ransomware gang as number of apparent REvil victims remains uncertain→

Kaseya hit with suspected cyberattack, raising fears of major supply chain incident

Posted on July 2, 2021 by Tonya Riley

IT and security management services company Kaseya reported an attack against a “small number” of customers Friday afternoon, but a bigger supply chain incident might be afoot heading into the July 4 holiday weekend. The attack, which some researchers believe to be the work of ransomware group REvil or one of its affiliates, could be the beginning of a mass ransomware event with the potential to strike a wide swath of industry and local government. The FBI in June blamed the Russia-based group for a ransomware attack against global meat supplier JBS. Vaseya said the incident is affecting its VSA software platform used by managed services providers. “We are investigating a potential attack against the VSA that indicates to have been limited to a small number of our on-premises customers only. We have proactively shut down our SaaS [software as a service] servers out of an abundance of caution,” Dana […]

The post Kaseya hit with suspected cyberattack, raising fears of major supply chain incident appeared first on CyberScoop.

Continue reading Kaseya hit with suspected cyberattack, raising fears of major supply chain incident→

Chinese hackers suspected of using Dropbox to snoop on Afghan officials

Posted on July 1, 2021 by Tonya Riley

Hackers with ties to China have been targeting the emails of Afghan security officials with malware meant to scoop up everything on their desktop, according to a Thursday report from researchers at Check Point. In an example shared by researchers, a hacker sent a malicious file to an official at the Afghanistan National Security Council posing as someone from the administrative office of the president of Afghanistan. The email requested the recipient review an attachment that was purportedly about an upcoming press conference. Once clicked, that attachment opened the first file on the victim’s desktop while simultaneously opening a backdoor onto the computer, Check Point said. From there, hackers had access to victim’s files and executed a scanner tool popular with multiple hacking groups, including the Chinese government-linked group APT10. Based on the malware used by hackers, though, researchers believe with medium to high confidence that the attack was executed […]

The post Chinese hackers suspected of using Dropbox to snoop on Afghan officials appeared first on CyberScoop.

Continue reading Chinese hackers suspected of using Dropbox to snoop on Afghan officials→

Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress

Posted on June 30, 2021 by Tonya Riley

The Justice Department is abusing secret subpoenas to collect cloud user data at alarming rates, a top Microsoft executive testified in front of the House Judiciary Committee on Wednesday. Tom Burt, Microsoft’s vice president of customer security and trust, told lawmakers that the company currently receives between 2,400 to 3,500 secrecy orders each year. That’s roughly a third of the total number of requests that federal law enforcement sends to Microsoft, and it’s a number that has grown as more companies and organizations rely on cloud providers to serve as their virtual offices. The hearing comes on the heels of a revelation earlier this month that the Justice Department had used such gag orders to secretly subpoena Microsoft and Apple for data from two members of Congress, Capitol Hill staffers and some family members. “If law enforcement wants to secretly search someone’s physical office, it must meet a heightened burden […]

The post Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress appeared first on CyberScoop.

Continue reading Feds use gag orders to collect cloud data in secret, Microsoft executive tells Congress→

US watchdog urges federal law enforcement to better track facial recognition amid accuracy concerns

Posted on June 29, 2021 by Tonya Riley

More than a dozen U.S. federal agencies where law enforcement officers use facial recognition technology are unable to account for which systems their employees use, according to a federal watchdog report released Tuesday. The U.S. Secret Service, Customers and Border Protection and the FBI are among the agencies that don’t track the type of facial recognition technologies used used from sources other than the federal government, according to a Government Accountability Office report examining use of the surveillance technology. The examination provides an unprecedented look at the use of facial recognition systems in the federal government, and illuminates a lack of accountability could lead to increased privacy risks for the public, government auditors concluded. “In particular, these risks can relate to privacy and the accuracy of a system,” the agency warned. That concern stems from a growing body of evidence that facial recognition technologies, which are unregulated by the federal […]

The post US watchdog urges federal law enforcement to better track facial recognition amid accuracy concerns appeared first on CyberScoop.

Continue reading US watchdog urges federal law enforcement to better track facial recognition amid accuracy concerns→

Cybercriminals are deploying legit security tools far more than before, researchers conclude

Posted on June 29, 2021 by Tonya Riley

Financially motivated cybercriminals are increasingly turning to Cobalt Stike, a legitimate tool that cybersecurity professionals use to test system security, researchers at Proofpoint found. The cybersecurity firm declined to disclose specific numbers but reported a 161% increase in attacks using Cobalt Strike in 2020 compared to 2019. Proofpoint researchers have already seen tens of thousands of organizations targeted by the tool this year and expect those numbers to climb in 2021, according to the report the firm released Tuesday. Threat groups are able to get ahold of the tool from pirated versions circulating the dark web, according to Sherrod DeGrippo, senior director of threat research and detection at Proofpoint. Cobalt Strike is a popular tool for security testing because of the variety of attacks it enables. Most notable among them is Cobalt Strike Beacon, a malware that allows hackers to mask their activity and communications with a system once it’s infiltrated. Russian hackers […]

The post Cybercriminals are deploying legit security tools far more than before, researchers conclude appeared first on CyberScoop.

Continue reading Cybercriminals are deploying legit security tools far more than before, researchers conclude→

Hackers are using bootleg copies of ‘Grand Theft Auto V’ game to mine Monero

Posted on June 25, 2021 by Tonya Riley

Hackers are infecting torrented copies of popular video games with malware that disables antivirus programs, in order to leverage gamers’ computers to mine cryptocurrency, according to a recent report from Avast. The malware, which researchers have named “Crackonosh,” has infected over 220,000 unique devices since 2020. Using the coin miner known as XMRig, cybercriminals have been able to make a total of roughly $2 million worth of Monero cryptocurrency with the malware. Infected files used to install the malware included malicious copies of popular games including The Sims 4, Grand Theft Auto V and Fallout 4. By duping users who download free versions of games that normally cost upwards of $50, fraudsters prey on unwitting users to borrow their computing power. Malicious traffic against the video game industry grew more than any other industry over the past year, according to a recent report from researchers at Akamai Technologies. Criminals are […]

The post Hackers are using bootleg copies of ‘Grand Theft Auto V’ game to mine Monero appeared first on CyberScoop.

Continue reading Hackers are using bootleg copies of ‘Grand Theft Auto V’ game to mine Monero→

Senate fails to confirm new CISA director before two-week break, drawing criticism

Posted on June 24, 2021 by Tonya Riley

The Senate’s failure to confirm a new director for DHS’s top cybersecurity agency before the chamber goes on a two-week recess has raised ire from cybersecurity leaders who say the role is too important to leave unfilled. President Joe Biden nominated Jen Easterly, a former U.S. National Security Agency official, for CISA director and Chris Inglis as national cyber director in April. The Senate confirmed Inglis last week. Easterly will be tasked with leading the agency at a critical time for U.S. cybersecurity. The agency is still dealing with the aftermath of a high-profile Russian hack of nine federal agencies. It also faces a growing ransomware crisis, including recent high-profile attacks on fuel provider Colonial Pipeline and meat supplier JBS. “It’s completely irresponsible for Republicans to block Jen Easterly’s confirmation and delay getting her on the job at a time when we need all hands on deck to protect against […]

The post Senate fails to confirm new CISA director before two-week break, drawing criticism appeared first on CyberScoop.

Continue reading Senate fails to confirm new CISA director before two-week break, drawing criticism→