Zaid Shoorbajee – Page 26 – WindowsTechs.com

North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans

Posted on December 18, 2017 by Zaid Shoorbajee

A clever spearphishing campaign linked to North Korea has been taking advantage of a surge in public interest surrounding cryptocurrencies, like Bitcoin, in order to spread malware to people interested or involved in the budding industry, according new research from at least three different cybersecurity firms. The campaign appears to be carried out by a hacking group known as the “Lazarus Group,” which researchers have linked to North Korea in previous attacks, such as the 2014 Sony breach, an $81 million Bangladesh cyber heist in 2016 and the WannaCry worldwide ransomware attack in May. This scam focuses on convincing victims to download a Microsoft Word document that masquerades as a job posting for a position at a British cryptocurrency company. Once downloaded, the document prompts the user to “enable editing” and “enable content functions.” If the victim enables the prompt, a macro installs a backdoor that allows the attackers to install […]

The post North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans appeared first on Cyberscoop.

Continue reading North Korean hackers are impersonating a cryptocurrency company to target Bitcoin fans→

Wyden asks White House to get more involved in boosting election cybersecurity

Posted on December 13, 2017 by Zaid Shoorbajee

Sen. Ron Wyden has asked the White House to quickly improve the security of election systems, saying that leaving the matter to states “is irresponsible and a total abdication of the federal government’s primary role in matters of national security.” In a letter to White House National Security Adviser H.R. McMaster, Wyden, D-Ore., asks that the White House to do the following: Designate a senior official to oversee election cybersecurity and have that official brief Congress regularly about cyberthreats. Direct the Secret Service to include cybersecurity in its oversight of a presidential candidate’s security. Direct the National Institute of Standards and Technology and Department of Homeland Security to create a standard by which to “grade” states on their election cybersecurity. Ask DHS to make political campaigns a part of the country’s critical infrastructure and provide them with cybersecurity assistance if they ask for it. Earlier this year, DHS notified 21 states that […]

The post Wyden asks White House to get more involved in boosting election cybersecurity appeared first on Cyberscoop.

Continue reading Wyden asks White House to get more involved in boosting election cybersecurity→

Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable

Posted on December 12, 2017 by Zaid Shoorbajee

Facebook has paid a group of researchers a bug bounty prize for notifying the company of a severe vulnerability based on a slight modification of an encryption bug from 1998 that was until now presumed to be patched by most major websites, Forbes reported. The researchers say many more websites could be vulnerable. The trio of researchers – Hanno Böck and Juraj Somorovsky from Germany, and Craig Young from the United States – dubbed the vulnerability “ROBOT” in a blog post published on Tuesday and say that it could affect subdomains on 27 of the top 100 websites on Alexa, the web traffic analytics website. The bug can let a hacker sit between a user and a website’s server and intercept private information, such as passwords. The vulnerability is based on the 19-year-old Bleichenbacher attack, by which an attacker can figure how to break through a websites’s encryption using a barrage of queries. […]

The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.

Continue reading Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable→

Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable

Posted on December 12, 2017 by Zaid Shoorbajee

The post Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable appeared first on Cyberscoop.

Continue reading Facebook patches security flaw based on 19-year-old bug; other sites may still be vulnerable→

U.K. cyber agency tells government to handle Russian anti-virus software with caution

Posted on December 4, 2017 by Zaid Shoorbajee

The United Kingdom’s national cyberthreat monitoring agency is advising some of the country’s agencies to quit using Russian anti-virus software. The warning is a change in tone from the National Cyber Security Centre’s longstanding position that the agency does not mandate or ban any products. NCSC head Ciaran Martin sent a public letter on Friday to the U.K.’s permanent secretaries about the “supply chain risk in cloud-based products.” Moscow-based cybersecurity company Kaspersky Lab has been under particular scrutiny in the United States for supposedly enabling Russians to steal information from intelligence authorities through software backdoors. The U.S. Department of Homeland Security ordered in September that all federal agencies purge Kaspersky software from their networks. “The specific country we are highlighting in this package of guidance is Russia,” Ciaran writes. “The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft. This includes espionage, disruption and influence operations. Russia has the intent to […]

The post U.K. cyber agency tells government to handle Russian anti-virus software with caution appeared first on Cyberscoop.

Continue reading U.K. cyber agency tells government to handle Russian anti-virus software with caution→

Uber security executives leave company amid lawsuit and breach investigation

Posted on December 1, 2017 by Zaid Shoorbajee

Two top Uber data security officials are resigning from the company and another has taken medical leave in the wake of two major security scandals concerning the ridesharing company, Reuters first reported. Security chief of staff Pooja Ashok and senior security engineer Prithvi Rai are leaving Uber, and Global Threat Operations head Mat Henley is taking medical leave, Reuters said, citing an Uber spokesperson and a separate source. All three employees were working at Uber at the time of an October 2016 breach the company disclosed last month, according to their LinkedIn profiles. The departures follow the dismissal of Chief Security Officer Joe Sullivan and company lawyer Craig Clark in relation to the beach. Sullivan and Clark coordinated to pay hackers $100,000 to delete the data of 57 million users that was maliciously obtained. The breach has prompted outcry from U.S. lawmakers and an an investigation by New York Attorney General […]

The post Uber security executives leave company amid lawsuit and breach investigation appeared first on Cyberscoop.

Continue reading Uber security executives leave company amid lawsuit and breach investigation→

Senator questions DHS about surveillance technology used in U.S. by foreign spies

Posted on November 27, 2017 by Zaid Shoorbajee

Sen. Ron Wyden, D-Ore., is requesting information from the Department of Homeland Security concerning the use of foreign cell phone surveillance devices in the U.S., according a letter posted Monday to the Senator’s website. Wyden’s inquiry specifically looks at issues surrounding the use of IMSI catchers, also known as international mobile subscriber identity collectors. An IMSI catcher is an inexpensive spying tool that can essentially act as a fake cell phone tower to intercept calls, text messages and other location information that normally emits from mobile phones. The letter, dated Nov. 17, asks Christopher Krebs, an acting DHS undersecretary, if the agency is aware of foreign-operated IMSI catchers in the Washington, D.C. area or in other major cities. “I am very concerned by this threat and urge the Department of Homeland Security (DHS) to improve its efforts to detect such activity,” Wyden writes. “Foreign government surveillance of senior American political and […]

The post Senator questions DHS about surveillance technology used in U.S. by foreign spies appeared first on Cyberscoop.

Continue reading Senator questions DHS about surveillance technology used in U.S. by foreign spies→

Senators introduce election cybersecurity bill to improve information sharing

Posted on October 31, 2017 by Zaid Shoorbajee

Two U.S. senators are introducing a bill that aims to increase states’ preparedness for cyber interference in federal elections amid concerns about foreign meddling in the 2016 election, Reuters reported. Sens. Susan Collins, R-Maine, and Martin Heinrich, D-N.M., announced the the Securing America’s Voting Equipment (SAVE) Act on Tuesday, which would authorize the Director of National Intelligence (DNI) to issue security clearances to state officials in charge of running federal elections. The clearance would allow the DNI to share classified intelligence about election threats with those officials. The legislation would also authorize a grant program to let states upgrade their election technology. While the Department of Homeland Security designated election systems as “critical infrastructure” in January, this bill would reiterate that designation as legislation. The DHS last month notified 21 states that their election systems were scanned by Russian hackers looking for vulnerabilities. However some of those states challenged that notion and said their systems were never scanned […]

The post Senators introduce election cybersecurity bill to improve information sharing appeared first on Cyberscoop.

Continue reading Senators introduce election cybersecurity bill to improve information sharing→

U.S. allies refuse to say whether they will support Washington’s war on Kaspersky

Posted on October 31, 2017 by Zaid Shoorbajee

U.S. allies do not appear to be following D.C.’s lead as the federal government continuously distances itself from Kaspersky Lab, a Russian cybersecurity company. Based on public statements and actions, in addition to interviews conducted by CyberScoop, multiple foreign governments seem to be paying little heed to the U.S. government’s suspicions concerning the Moscow-based anti-virus maker. Kaspersky has been repeatedly accused of enabling Russian hackers to spy on U.S. authorities through its software. Hackers reportedly stole sensitive National Security Agency tools from a private computer by leveraging their access to Kaspersky’s platform. The company denies the existence of an improper relationship with the Russian government. The U.S. Department of Homeland Security ordered on Sept. 13 that all federal agencies begin removing Kaspersky software from their computers within 90 days. Of nine U.S. allies CyberScoop contacted with repeated requests for comment, four responded and only one directly answered whether its government agencies have any Kaspersky products installed. CyberScoop […]

The post U.S. allies refuse to say whether they will support Washington’s war on Kaspersky appeared first on Cyberscoop.

Continue reading U.S. allies refuse to say whether they will support Washington’s war on Kaspersky→

Massive voter registration database found to have major security flaws

Posted on October 24, 2017 by Zaid Shoorbajee

For several years, a nationwide voter-fraud prevention coalition has been using poor security methods in sending and storing millions of voter registration records, according to an advocacy group’s examination of official emails pertaining to the program. Officials running the Interstate Voter Registration Crosscheck Program have been using email to send state election officials usernames, passwords and decryption codes for databases containing records of all voters in about 30 states, reports Indivisible Chicago, a nonprofit progressive advocacy group. The states participating in Crosscheck — which originated in the office of Kansas’ secretary of state more than a decade ago — use the program to cross-reference voter registration records and determine whether individuals are registered in multiple states. Indivisible Chicago, which has been leading a campaign to end Crosscheck, found that the voter records shared by the program are hosted on an insecure server and that login credentials are sent in plain text in emails to […]

The post Massive voter registration database found to have major security flaws appeared first on Cyberscoop.

Continue reading Massive voter registration database found to have major security flaws→