Category Archives: Financial

HackerOne, Verizon weigh pros and cons of making live hacking contests virtual

Posted on by

Among all the ways COVID-19 has affected the cybersecurity world, perhaps nothing is more impossible than live hacking events, which were once a staple of the industry. The coronavirus forced bug bounty company HackerOne and Verizon Media into hosting two online hacking events together since the outbreak, and they recently completed what they billed as the world’s largest live hacking contest. Live hacking events, whether virtual or in-person, give companies a chance to lure ethical hackers to find their security flaws before the attackers do, and can serve as recruiting opportunities for corporate positions, too. What made the most recent competition stand out was its massive size, and what the experiment could mean for the rest of the bug bounty community. The HackerOne/Verizon Media duo wasn’t the first to move live hacking events online. Pwn2Own made a similar transition in March. With more than 3,000 people from 59 countries registering […]

The post HackerOne, Verizon weigh pros and cons of making live hacking contests virtual appeared first on CyberScoop.

Continue reading HackerOne, Verizon weigh pros and cons of making live hacking contests virtual

Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

Posted on by

Hackers breached the Commerce Department, and reportedly have infiltrated the Treasury Department and other U.S. agencies, in incidents that government security officials said on Sunday that they were fighting to contain. “We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. The spokesperson added that Commerce has asked the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency “and the FBI to investigate, and we cannot comment further at this time.” Reuters reported that foreign nation-backed hackers have been monitoring email traffic at the Treasury Department and Commerce Department’s National Telecommunications and Information Administration, and the attackers apparently used similar tools to breach other agencies. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the White House’s National […]

The post Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers appeared first on CyberScoop.

Continue reading Commerce Department breached as Treasury, others reportedly victimized by suspected Russian hackers

As FireEye grapples with breach investigation, questions remain

Posted on by

FireEye’s announcement this week that hackers breached its systems has sent shockwaves through the cybersecurity community, raising new questions about how one of the most influential security firms in the U.S. grappled with an apparently state-sponsored attack. It also has triggered policy discussions about whether the U.S. government should do more to protect cyber industry titans like FireEye, one of the top cybersecurity firms in the world with customers that counts Fortune 500 companies among its clients. The hack adds FireEye to the list of cybersecurity companies that have experienced their own breaches, a roster stretching back to at least the beginning of the last decade. “This news has rocked the cybersecurity industry to our core, unlike anything since the RSA hack” from 2011, said Tom Bossert, president of Trinity Cyber and the former homeland security adviser to President Donald Trump. “It’s a pretty big deal.” FireEye revealed on Tuesday […]

The post As FireEye grapples with breach investigation, questions remain appeared first on CyberScoop.

Continue reading As FireEye grapples with breach investigation, questions remain

Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Posted on by

Security experts at Microsoft on Thursday detailed how internet attackers are abusing some of the world’s most popular web browsers for a fraud campaign, which at its height has affected more than 30,000 devices per day. The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program. Microsoft did not identify who was responsible for the attacks, or how much money they had netted. The malicious campaign, which Microsoft said began in May, uses extensions on popular web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge and Russian-language Yandex to reach as many internet users as possible. “[T]he fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how […]

The post Scammers use Chrome, Firefox extensions in widespread ad fraud campaign appeared first on CyberScoop.

Continue reading Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Dragos raises $110 million from Koch Industries, Saudi Aramco, National Grid investment arms

Posted on by

Dragos, a Maryland-based industrial cybersecurity company, said Tuesday it raised $110 million, the latest sign that investors are pouring money into securing the critical infrastructure frequently targeted by hackers. The Series C funding round comes courtesy of the investment arms of chemical manufacturing giant Koch Industries; multinational electricity and gas utility National Grid; Saudi Aramco, one of the world’s largest oil companies; and Hewlett Packard Enterprise. Once an obscure field for investors, the security of industrial control systems (ICS) — the ruggedized computer systems that help run global factories and power plants — is now prompting some of the world’s richest companies to open their checkbooks. The investment shows that the security of such critical technology “is a large market that is something that the companies out there, the world leaders, really care about,” said Dragos CEO Robert M. Lee. It also shows that major industrial organizations are aware that state-affiliated hackers […]

The post Dragos raises $110 million from Koch Industries, Saudi Aramco, National Grid investment arms appeared first on CyberScoop.

Continue reading Dragos raises $110 million from Koch Industries, Saudi Aramco, National Grid investment arms

TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices

Posted on by

The malicious software known as TrickBot has morphed again, this time with a module that probes booting process firmware for vulnerabilities, possibly setting the stage for attacks that could ultimately destroy devices, researchers say. Two cybersecurity companies, Eclypsium and Advanced Intelligence (Advintel), dubbed the TrickBot add-on module “TrickBoot,” since it targets the UEFI/BIOS firmware. Firmware is permanent code programmed into a hardware device, while UEFI and BIOS are two kinds of specifications that manage a device’s start-up. TrickBoot, then, is s a “significant step in the evolution of TrickBot,” the researchers say, that could make TrickBot especially pesty. “Since firmware is stored on the motherboard as opposed to the system drives, these threats can provide attackers with ongoing persistence even if a system is re-imaged or a hard drive is replaced,” they wrote.”Equally impactful, if firmware is used to brick a device, the recovery scenarios are markedly different (and more difficult) than recovery […]

The post TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices appeared first on CyberScoop.

Continue reading TrickBot adds firmware tool that researchers say could lead to ‘bricking’ devices

Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims

Posted on by

An Interpol-helmed operation led to the arrest of three suspected cybercriminal gang members in Nigeria whose outfit has allegedly targeted victims in more than 150 countries, including schemes that involved offering COVID-19 aid. The sting, announced Wednesday, was part of Operation Falcon, a year-long investigation that teamed with cybersecurity company Group-IB and the Nigeria Police Force. “This group was running a well-established criminal business model,” said Craig Jones, Interpol’s cybercrime director. “From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits.” The gang, dubbed TMT, is divided into numerous subgroups, according to Vesta Matveeva, head of Group-IB’s APAC Cyber Investigations Team. The three suspects arrested in Lagos tallied 50,000 victims in government and industry, the company said. Matveeva said via email that TMT overall might have compromised more than 500,000 victims since 2017. TMT’s speciality is business email compromise (BEC), where the attackers pose […]

The post Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims appeared first on CyberScoop.

Continue reading Accused email scammers busted in Nigeria for alleged fraud against 50,000 victims

Home Depot to pay states $17.5 million over massive 2014 data breach

Posted on by

U.S. states have reached a settlement over the mammoth 2014 Home Depot breach that will net them $17.5 million, plus an agreement from the home improvement retailer to strengthen its data security practices. The breach, which compromised 56 million payment card across the U.S., still ranks among the biggest data breaches ever. It’s been an expensive cleanup. Years after the attack, Home Depot estimated the cost at about $179 million and said it was likely to continue growing. The settlement with 46 states and the District of Columbia adds to the tally. It also comes one month after Home Depot suffered a data breach of its Canadian customers that was much smaller than the 2014 breach that was the subject of the U.S. settlement. “Instead of building a secure system, The Home Depot failed to protect consumers and put their data at risk,” New York Attorney General Letitia James said about the 2014 incident. […]

The post Home Depot to pay states $17.5 million over massive 2014 data breach appeared first on CyberScoop.

Continue reading Home Depot to pay states $17.5 million over massive 2014 data breach

Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Posted on by

Stolen credit card numbers sometimes spill onto the dark web for the most mundane reason: People carelessly give them up. According to researchers with Gemini Advisory, a China-based e-commerce scam appears to be harvesting payment information not through direct hacks on companies or using pernicious malware to skim data, but with a simpler approach. The fraudsters set up hundreds of websites that appear to sell legitimate goods, but instead capture card numbers for sale on the dark web, Gemini says. It ends up being a double-dip for the crooks: In addition to vending the card data and other information about shoppers in cybercriminal forums, they also collect money for items that are “faulty, counterfeit, or nonexistent,” Gemini says in a report published Thursday. The dark web sales have led to profits upwards of $500,000 over the past six months, but the total take is “likely significantly larger,” considering all the money the scammers […]

The post Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says appeared first on CyberScoop.

Continue reading Double-dipping scammers don’t need malware to grab card numbers and turn a profit, report says

Financial system not keeping up with cyberthreats, new report says

Posted on by

Four years after the biggest bank hack ever, the global financial system remains vulnerable to cyberattacks that could cause severe disruptions, according to a report Wednesday that draws advice from government officials, the financial industry and other experts. The assessment from the Carnegie Endowment for International Peace and the Word Economic Forum is the culmination of years of work, with touchstones ranging from the 2016 Bangladesh Bank heist where hackers made off with $81 million to a recent Chilean bank ransomware attack that shut down all of its branches. “Our big concern is that if you look at what’s happened during the pandemic, but even before with the escalating threat that’s targeting the financial system from the Bangladesh incident to the Chile outage back in September, we’re clearly not keeping up with the threat and how quickly it’s evolving,” said Tim Maurer, director of Carnegie’s Cyber Policy Initiative. “The government and industry need […]

The post Financial system not keeping up with cyberthreats, new report says appeared first on CyberScoop.

Continue reading Financial system not keeping up with cyberthreats, new report says