Collaborate Disseminate
By Light Professional IT Services announced a major expansion of its EmberSec portfolio of advanced cybersecurity technical service offerings by entering into a strategic alliance with FireEye, the intelligence-led security company and winner of the pr… Continue reading By Light partners with FireEye to expand its EmberSec portfolio
International hacking groups are exploiting vulnerabilities in virtual private network technologies to steal user credentials and monitor sensitive traffic, the United Kingdom’s National Cyber Security Centre said, amid recent warnings that the Chinese government has used similar tactics to collect intelligence. The NCSC, an offshoot of Britain’s intelligence agency, the GCHQ, said on Oct. 2 hackers are leveraging outdated versions of Palo Alto Networks, Fortinet and Pulse Secure products. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency published its own advisory on the vulnerabilities, which attackers could use to take over an affected system, on Oct. 4. Neither warning speculates on who may be behind the attack, though the alerts come after Microsoft in August said Manganese, a Chinese hacking collective also known as APT5, was focusing attacks on Pulse Secure and Fortinet products. Pulse Secure, Palo Alto and Fortinet have each released security updates for all of […]
The post APT groups are exploiting outdated VPNs to spy on international targets, U.K. and U.S. warn appeared first on CyberScoop.
FireEye, the intelligence-led security company, announced a free new election security public resource to include the latest cyber security recommendations and informational materials to help governments enforce free and fair elections. Building on exi… Continue reading FireEye’s election security public resource helps governments enforce free and fair elections
Cyber Command’s largest-ever upload to VirusTotal exposes malware linked with North Korean government hackers, according to security researchers. #CNMF has posted multiple new malware samples: https://t.co/fSgk1xpG8t — USCYBERCOM Malware Alert (@CNMF_VirusAlert) September 8, 2019 Several of the malware samples have been tied to Lazarus Group, a group the U.S. government has linked with the North Korean government. Specifically, the samples look to be what’s known as “HOPLIGHT,” a trojan that has been used to gather information on victims’ operating systems and uses a public SSL certificate for secure communications with attackers. Cyber Command uploaded 11 malware samples in all. FireEye Managing Principal Threat Analyst Andrew Thompson said the upload signals to North Korea‘s government that it can’t remain anonymous in cyberspace. “Will this deter intelligence activities? Of course not. That’s foolish. What it does do is articulate [North Koreans] aren’t operating free from attribution, which limits the range of activities they should see as […]
The post Cyber Command’s biggest VirusTotal upload looks to expose North Korean-linked malware appeared first on CyberScoop.
Malicious code first discovered nine years ago that has historically been used by groups associated with Chinese state-backed hacks has made a comeback, according to new research from Cisco’s Security and Intelligence Research Group, Talos. The hacking tool is web shell known as China Chopper. A web shell is a script that allows attackers to remotely access servers running web applications. This particular web shell has long been known to be an exploit that’s often impervious to being outed and detected. “China Chopper is a slick little web shell that does not get enough exposure and credit for its stealth,” FireEye researchers wrote in 2013 in their blog on the matter. China Chopper’s code as historically been small, according to security researcher Keith Tyler, who wrote on the tool in 2012. That much appears to be the same now — Talos researchers note the most recent campaign has been “extremely simple,” containing just one […]
The post ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries appeared first on CyberScoop.
Continue reading ‘China Chopper’ web shell makes a comeback in Lebanon, other Asian countries
After China’s cancer rate surged in recent years, Chinese authorities went looking for an answer to the problem. They appear to have found a useful tool in the country’s cyber capabilities. Over the last two years, Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions, cybersecurity company FireEye said in a report published Wednesday. In at least one case, more than one group has gone after the same organization — evidence of a relentless pursuit of research data. “It makes sense when you look at the larger context that China’s operating in,” said Luke McNamara, principal analyst at FireEye, referring to the cancer scourge in China and the resulting social costs. In one incident in April, Chinese hackers targeted a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT41 spearphished employees of […]
The post Chinese spies have their sights on cancer research appeared first on CyberScoop.
Continue reading Chinese spies have their sights on cancer research
Members of a Chinese-state-sponsored hacking group have been using their skills to enrich themselves for years in operations targeting the gaming industry, cybersecurity company FireEye announced Wednesday. By day, the group, dubbed APT41, conducts espionage in the health care, telecommunications, and education sectors, FireEye said. By night, those same hackers have manipulated virtual currency in the gaming sector and, in one case, tried to deploy ransomware, to line their pockets. In a first for China-based group, the company said, the hackers are using malware typically reserved for spying for personal gain. “Their aggressive and persistent operations for both espionage and cybercrime purposes distinguish APT41 from other adversaries and make them a major threat across multiple industries,” said Sandra Joyce, FireEye’s senior vice president of global threat intelligence. APT41’s unveiling comes as the U.S. and China are locked in a bitter trade dispute, and after years of U.S. officials alleging that the […]
The post Meet APT41, the Chinese hackers moonlighting for personal gain appeared first on CyberScoop.
Continue reading Meet APT41, the Chinese hackers moonlighting for personal gain
FireEye, the intelligence-led security company, announced the availability of two new software releases – FireEye Network Security 8.3 and FireEye Endpoint Security 4.8. These new versions allow for enhanced detection and investigation of advanced atta… Continue reading FireEye’s new software releases allow for detection and investigation of attacks against servers
FireEye, the intelligence-led security company, announced the availability of two new software releases – FireEye Network Security 8.3 and FireEye Endpoint Security 4.8. These new versions allow for enhanced detection and investigation of advanced atta… Continue reading FireEye’s new software releases allow for detection and investigation of attacks against servers
The hackers who breached corporate VPN service provider Citrix last year used an unsophisticated technique that throws commonly used, weak passwords at a system until one works, the company’s investigators has confirmed. The “password spraying” ploy allowed the hackers to steal business files from a Citrix network drive along with a drive linked with its consulting practice, Citrix President David Henshall wrote in a blog post last week. The attackers had access to the drives for a “limited number of days,” between October 2018 and March 2019, he said. Henshall did not say who carried out the hack or what their ultimate objective was. VPN providers could be an enticing target for any set of hackers looking for a foothold in a corporation’s network. “The cybercriminals also may have accessed the individual virtual drives and company email accounts of a very limited number of compromised users and launched without further exploitation […]
The post Hackers used password spraying to breach Citrix, investigation confirms appeared first on CyberScoop.
Continue reading Hackers used password spraying to breach Citrix, investigation confirms