Category Archives: SEC

Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

Posted on by

A Eastern European hacking group hijacked U.S. state government servers to dispense malware through phishing emails that were designed to appear like they had come from the Securities and Exchange Commission, according to research by Cisco’s Talos team and an analysis by other cybersecurity experts familiar with the activity. The technical findings connect a known advanced persistent threat (APT) group, codenamed FIN7 by U.S. cybersecurity firm FireEye, to a sophisticated intrusion technique that was detected in a recent wave of spoofed emails that mimicked the SEC’s domain. The messages carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system. FIN7 is believed to represent a eastern European criminal enterprise that speaks Russian and operates internationally. Emails tied to this campaign were “highly targeted” and only sent to a small, select group of U.S. businesses in several different industry sectors, including finance, insurance and information technology, said Craig Williams, a senior […]

The post Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies appeared first on Cyberscoop.

Continue reading Cybercriminals hijacked a government server to send sophisticated malware to U.S. companies

All 3 billion of Yahoo’s users were impacted by 2013 hack

Posted on by

Every single one of Yahoo’s 3 billion users was impacted by a data breach in 2013, despite the company previously saying only 1 billion accounts were impacted, illustrating that the company is still wrestling with the full scope and details of the enormous breach. The company, now part of Verizon’s Oath, disclosed the information in a quiet update to its account security update page. “Based on an analysis of the information with the assistance of outside forensic experts, Yahoo has determined that all accounts that existed at the time of the August 2013 theft were likely affected,” Yahoo’s page reads. The new conclusion comes based on “recently obtained new intelligence,” according to a statement from the company. “While this is not a new security issue, Yahoo is sending email notifications to the additional affected user accounts. The investigation indicates that the user account information that was stolen did not include passwords in […]

The post All 3 billion of Yahoo’s users were impacted by 2013 hack appeared first on Cyberscoop.

Continue reading All 3 billion of Yahoo’s users were impacted by 2013 hack

SEC admits 2016 breach exposed personally identifiable information

Posted on by

The Securities and Exchange Commission announced Monday that the personal information of two people had been compromised in a database breach announced last month. The announcement reverses Chairman Jay Clayton’s previous statements about whether the breach exposed anyone’s personal information. “The ongoing staff investigation of the 2016 intrusion has now determined that an EDGAR test filing accessed by third parties as a result of that intrusion contained the names, dates of birth and social security numbers of two individuals,” an SEC press release published Monday notes. The SEC said that its ongoing investigation uncovered this new information after Clayton initially disclosed the breach in a Sept. 20 statement. The agency is offering the two unidentified individuals “identity theft protection and monitoring services,” according to the aforementioned press release. The commission has two separate, ongoing investigations into how the breach occurred and whether it resulted in illicit trading. The SEC said it is also […]

The post SEC admits 2016 breach exposed personally identifiable information appeared first on Cyberscoop.

Continue reading SEC admits 2016 breach exposed personally identifiable information

Amid data breach crisis, SEC head tells Congress he doesn’t know much

Posted on by

Securities and Exchange Commission chairman Jay Clayton told a panel of Senators on Tuesday that an investigation into his agency’s recently revealed data breach is ongoing and that he is looking to hire additional staff to help protect the agency’s network and data. Sitting before the Senate Banking, Housing and Urban Affairs Committee, Clayton fielded questions about the SEC breach as well as the Equifax breach, which occurred last month. In a lengthy written statement released last week, Clayton said that the SEC detected a breach into its EDGAR system in 2016. The database houses corporate disclosures that are not always immediately available to the public, meaning it could be used for insider trading. Clayton told the committee that the breach was made possible by a defect in a custom piece of software used by the independent regulator. While an exact timeline of the breach is unclear, a fix was pushed […]

The post Amid data breach crisis, SEC head tells Congress he doesn’t know much appeared first on Cyberscoop.

Continue reading Amid data breach crisis, SEC head tells Congress he doesn’t know much

Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock

Posted on by

A hacker broke into an Israeli-based security researcher’s personal email account one year ago, but waited until the day before his employer, U.S. cybersecurity firm FireEye, announced earnings to publish the stolen material in an effort designed to damage the company’s stock value, people familiar with the matter told CyberScoop. While the investigation is ongoing, it’s believed that the attacker’s underlying motive was to cause financial and reputational damage to FireEye. The incident highlights how a hacker can stoke fears of a corporate breach to negatively affect the stock price of a specific, targeted company. The attacker behind this widely publicized incident, dubbed operation “LeakTheAnalyst,” first started posting evidence on July 31 of breached email and social media accounts belonging to a single analyst who worked for Mandiant, a FireEye subsidiary. FireEye posted earnings for their second fiscal quarter the next day. The hacker’s first message included a cache of documents, […]

The post Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock appeared first on Cyberscoop.

Continue reading Hacker posted stolen material from Mandiant researcher in attempt to damage FireEye stock

Israeli hacking firm Ability under SEC investigation, adding to its woes

Posted on by

At a glance, the private hacking and surveillance industry is rich and getting richer. Yet that industry boom doesn’t mean every company is raking in millions. Amid the high demand for surveillance tech, there is a multimillion-dollar Israeli firm whose future is very much in doubt. Ability Inc. is staring at a mountain of business and legal challenges. The 23-year-old company is currently under investigation by the Securities and Exchange Commission for allegedly lying about products and finances. It’s also facing an investor lawsuit for many of the same allegations, was nearly delisted from NASDAQ and has watched nearly a dozen board members resign in the last year. At the heart of the lawsuits are allegations that Ability lied for years about the company’s ability to develop, sell and deploy its flagship product. The tool, which is spyware designed to eavesdrop on any mobile phone, was not developed by Ability nor does the company […]

The post Israeli hacking firm Ability under SEC investigation, adding to its woes appeared first on Cyberscoop.

Continue reading Israeli hacking firm Ability under SEC investigation, adding to its woes