New York Times profiles one of its own security experts

Last week, the New York Times published a brief profile of privacy and security researcher Runa Sandvik.
Well known in the security community, Sandvik has been working at the New York Times since March 2016, boosting the security and privacy of journal… Continue reading New York Times profiles one of its own security experts

FireEye denies ‘hack back’ claims detailed in new book

The company that authored a watershed report on how Chinese hackers operate is pushing back against claims in a new book that the research was conducted through the use of illegal offensive hacking techniques. In “The Perfect Weapon: War, Sabotage, and Fear in the Cyber Age,”  New York Times national security correspondent David Sanger writes that the U.S.-based cybersecurity firm Mandiant penetrated a Chinese military cyber unit after it hacked into one of its customer’s systems in order to nail down attribution. According to Sanger, while Mandiant observed Chinese hackers breaching a client several years ago, they used it as an opportunity to target the attackers’ systems, which allowed access to a video camera that exposed the hackers’ faces:  [Then CEO Kevin Mandia] was certain the hackers were part of Unit 61398, but he also knew that accusing the Chinese military directly would constitute a huge step for his company. Over seven years, he […]

The post FireEye denies ‘hack back’ claims detailed in new book appeared first on Cyberscoop.

Continue reading FireEye denies ‘hack back’ claims detailed in new book

The Shared Security Weekly Blaze – MyHeritage Data Breach, Facebook’s Data Sharing Partnership, Apple iOS 12 and macOS Updates

This is the Shared Security Weekly Blaze for June 11, 2018 sponsored by Security Perspectives – Your Source for Tailored Security Awareness Training and Assessment Solutions, Silent Pocket and CISOBox.  This episode was hosted… Continue reading The Shared Security Weekly Blaze – MyHeritage Data Breach, Facebook’s Data Sharing Partnership, Apple iOS 12 and macOS Updates

Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

Adrian Lamo, the hacker probably best known for breaking into The New York Times’s network and for reporting Chelsea Manning’s theft of classified documents to the FBI, was found dead in a Kansas apartment on Wednesday. Lamo was widely reviled and criticized for turning in Manning, but that chapter of his life eclipsed the profile of a complex individual who taught me quite a bit about security over the years.

Adrian Lamo, in 2006. Source: Wikipedia.
I first met Lamo in 2001 when I was a correspondent for Newsbytes.com, a now-defunct tech publication that was owned by The Washington Post at the time. A mutual friend introduced us over AOL Instant Messenger, explaining that Lamo had worked out a simple method allowing him to waltz into the networks of some of the world’s largest media companies using nothing more than a Web browser. Continue reading Adrian Lamo, ‘Homeless Hacker’ Who Turned in Chelsea Manning, Dead at 37

High-severity vulnerability found in SecureDrop system

A high severity vulnerability found in SecureDrop, a whistleblower submission system used by newsrooms and advocacy groups, prompted a patch from developers and coordination with dozens of prominent news organizations that use the software to communicate with sensitive sources. The bug, blamed on developer error, leaves the system unable to verify key packages and can grant remote code execution against targets. Some SecureDrop users, including the New York Times, are reinstalling the software as part of a general update. Other organizations “decided that the chance of an attack was so remote that they do not believe a reinstall is necessary,” SecureDrop developers explained. The vulnerability has not been spotted in the wild and “would be incredibly difficult to pull off,” according to a bulletin posted on Tuesday afternoon. While stressing the difficulty of exploitation, SecureDrop developers said it’s “likely that only a nation-state actor with network-level access would have the ability to conduct […]

The post High-severity vulnerability found in SecureDrop system appeared first on Cyberscoop.

Continue reading High-severity vulnerability found in SecureDrop system

Alleged Spam King Pyotr Levashov Arrested

Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins.

Spanish police arrested Pyotr Levashov under an international warrant executed in the city of Barcelona, according to Reuters. Russian state-run television station RT (formerly Russia Today) reported that Levashov was arrested while vacationing in Spain with his family.

According to numerous stories here at KrebsOnSecurity, Levashov was better known as “Severa,” the hacker moniker used by a pivotal figure in many popular Russian-language cybercrime forums. Severa was the moderator for the spam subsection of multiple online communities, and in this role served as the virtual linchpin connecting virus writers with huge spam networks that Severa allegedly created and sold himself. Continue reading Alleged Spam King Pyotr Levashov Arrested