Enterprise security attackers are one password away from your worst day

IT organizations must shift their enterprise security strategy to detect credential-based attacks before they become a problem. Continue reading Enterprise security attackers are one password away from your worst day

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Continue reading Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Continue reading Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

The widespread compromise affecting key government agencies is ongoing, according to the U.S. government. Continue reading Feds Pinpoint Russia as ‘Likely’ Culprit Behind SolarWinds Attack

NSA warns defense contractors of potential SolarWinds fallout

It’s been widely reported that the suspected hacking team behind the massive and rapidly snowballing SolarWinds breach is linked with the Russian government. But the U.S. has not publicly named any one culprit behind the espionage operation, in which hackers concealed malware in SolarWinds network management tool updates, possibly infecting thousands of organizations across the U.S. federal government and the private sector. The National Security Agency, the U.S. Department of Defense’s foreign signals intelligence agency, on Thursday warned about an ongoing Russian state-sponsored hacking campaign that could by exacerbated by the SolarWinds breach.  The NSA issued an alert warning defense contractors and Pentagon IT staff that the SolarWinds Orion compromise could be used in concert with a previously identified Russian state-sponsored hacking effort to access contractors’ data. The NSA did not claim that Russian hackers, who have been exploiting a VMWare flaw to access data, are involved in the SolarWinds […]

The post NSA warns defense contractors of potential SolarWinds fallout appeared first on CyberScoop.

Continue reading NSA warns defense contractors of potential SolarWinds fallout

Report: U.S. Cyber Command Behind Trickbot Tricks

A week ago, KrebsOnSecurity broke the news that someone was attempting to disrupt the Trickbot botnet, a malware crime machine that has infected millions of computers and is often used to spread ransomware. A new report Friday says the coordinated attack was part of an operation carried out by the U.S. military’s Cyber Command. Continue reading Report: U.S. Cyber Command Behind Trickbot Tricks

NSA Mass Surveillance Program Illegal, U.S. Court Rules

The NSA argued its mass surveillance program stopped terrorist attacks – but a new U.S. court ruling found that this is not, and may have even been unconstitutional. Continue reading NSA Mass Surveillance Program Illegal, U.S. Court Rules

NSA Warns Smartphones Leak Location Data

The agency known for its own questionable surveillance activity advised how mobile users can limit others’ ability to track where they are. Continue reading NSA Warns Smartphones Leak Location Data

Someone is trying to catfish women by pretending to be Paul Nakasone

Gen. Paul Nakasone, the director of the National Security Agency and head of U.S. Cyber Command, is a busy man. He oversees vast, technical surveillance efforts in the U.S. and abroad, while also commanding a military outfit charged with launching cyberattacks. Emailing random women from an outpost in Syria is probably not on his to-do list. So when, Susan, a woman from the New York City area, started receiving correspondence from a “Paul Nakasone” this week, she wondered why the self-proclaimed “head of U.S. Army Cyber Command” was trying to flirt with her. “I Googled this guy and I’m like, ‘Are you kidding me?’” Susan, who asked to be identified by only her first name, told CyberScoop. “And it was very flirtatious, but I’m a married woman.” Susan ultimately realized, that, no, she was not talking to the real Paul Nakasone. She and her friend were actually dealing with scammers who were posing as top […]

The post Someone is trying to catfish women by pretending to be Paul Nakasone appeared first on CyberScoop.

Continue reading Someone is trying to catfish women by pretending to be Paul Nakasone

New Bill Proposes NSA Surveillance Reforms

The newly-introduced bill targets the Patriot Act’s Section 215, previously used by the U.S. government to collect telephone data from millions of Americans. Continue reading New Bill Proposes NSA Surveillance Reforms