Collaborate Disseminate
The new threatscape report by Accenture iDefense highlights five factors shaping the cyberthreat landscape – and we reviewed it to surface those most related to network security.
The post 5 Network Security Takeaways from the 2019 Threatscape Rep… Continue reading 5 Network Security Takeaways from the 2019 Threatscape Report
After adapting their code, a group of Russian-government-linked hackers last month launched a phishing campaign against embassies and foreign affairs ministries of countries in Eastern Europe and Central Asia, researchers said Tuesday. The hackers, dubbed Sednit by Slovakian cybersecurity company ESET, haven’t been too discreet in their attempts to breach the diplomatic organizations: No less than six malicious packages of code are dropped on the target computer before the payload is executed, ESET researchers said in a blog post. Each of those bursts of activity is an opportunity for the target organization to detect the hackers. The malware takes screenshots of target desktop computers. The end goal is dropping a malicious “backdoor” on the computer that allows the attackers persistent access. The hackers seem to be implementing their malicious code in various programming languages to try to avoid being detected, according to ESET. “It’s probably easier that way and it […]
The post Russian hackers go after diplomatic targets in Eastern Europe and Central Asia, researchers say appeared first on CyberScoop.
Over the last 14 months, a determined group of hackers has breached IT companies in Saudi Arabia in a likely attempt to gain access to their customers, security researchers said Wednesday. The group, dubbed Tortoiseshell, has struck at least 11 organizations, most of them in Saudi Arabia, since July 2018 and was active as recently as July 2019, according to cybersecurity company Symantec. Targeting Saudi IT providers and collecting data on their networks makes perfect sense for anyone looking for persistent access to those suppliers’ clients. Symantec did not speculate on which organizations the attackers have been targeting further upstream in the supply chain. Nor would the researchers describe the nature of the IT services the hacked organizations provide. Jon DiMaggio, senior threat intelligence analyst for Symantec Security Response, said the IT providers have a “large presence in Saudi Arabia” and have lots of customers. The IT providers “have that trust relationship with these customers,” DiMaggio told CyberScoop. […]
The post A persistent group of hackers has been hitting Saudi IT providers, Symantec says appeared first on CyberScoop.
Continue reading A persistent group of hackers has been hitting Saudi IT providers, Symantec says
Thanks to USENIX for publishing the USENIX Enigma 2019
outstanding conference videos on their YouTube Channel
Permalink
The post USENIX Enigma 2019, Max Smeets’ ‘Countering Adversarial Cyber Campaigns’ appeared first on Security Bou… Continue reading USENIX Enigma 2019, Max Smeets’ ‘Countering Adversarial Cyber Campaigns’
Thanks to USENIX for publishing the USENIX Enigma 2019
outstanding conference videos on their YouTube Channel
Permalink
The post USENIX Enigma 2019, Munish Walther-Puri’s ‘Learning From The Dark Web Dimension Of Data’ appeared first… Continue reading USENIX Enigma 2019, Munish Walther-Puri’s ‘Learning From The Dark Web Dimension Of Data’
Thanks to USENIX for publishing the USENIX Enigma 2019
outstanding conference videos on their YouTube Channel
Permalink
The post USENIX Enigma 2019, Anita Nikolich’s ‘Grey Science’ appeared first on Security Boulevard.
Continue reading USENIX Enigma 2019, Anita Nikolich’s ‘Grey Science’
An Iran-linked hacking group whose operatives the U.S. government indicted last year has launched a phishing operation to steal login credentials against computer users at over 60 universities in the United States, the United Kingdom, and elsewhere, researchers said Wednesday. The campaign, whose aim is likely intellectual property theft, sees victims redirected to spoofed login pages, where their passwords are stolen, said Secureworks, a Dell-owned cybersecurity company that discovered the activity. “The threat actors have not changed their operations despite law enforcement activity, multiple public disclosures, and takedown activity,” Secureworks said in a blog post. The most high-profile attempt to disrupt the hackers was the charges the U.S. Department of Justice announced in March 2018 against nine Iranian nationals for breaching the networks of multiple U.S. universities, federal government agencies and U.S. companies. And yet the hacking group, which Secureworks dubs Cobalt Dickens, has used some of the same domains in their new […]
The post ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say appeared first on CyberScoop.
Continue reading ‘Cobalt Dickens’ group is phishing universities at scale again, researchers say
Hackers with possible ties to an advanced persistent threat (APT) group are trying to steal usernames and passwords of Chinese government officials as part of an apparent cyber-espionage effort, according to findings provided exclusively to CyberScoop prior to scheduled publication Thursday. Researchers from the threat intelligence company Anomali have uncovered malicious websites with registrations dating back to November 2018 that impersonate email login pages from the Chinese Ministry of Foreign Affairs; China’s National Development and Reform Commission, an economic management agency under the State Council; and the National Aero-Technology Import and Export Corporation, a Chinese state-owned defense company. While it’s not clear who exactly is behind the effort, CyberScoop independently verified the findings with three external threat intelligence practitioners, two of whom said with confidence the attack resembles a nation-state effort. All three spoke only on the condition of anonymity because they were not authorized to speak to reporters. Upon […]
The post A phishing campaign with nation-state hallmarks is targeting Chinese government agencies appeared first on CyberScoop.
It’s no secret that Microsoft’s Remote Desktop Services (RDS) software is a natural target for hackers. The same remote access that the popular program gives to clients also piques the interest of would-be attackers. That also makes fixing a bug in the software a good opportunity for both ends of the cybersecurity profession — offensive and defensive — to collaborate. One RDS discovery in particular prompted close, behind-the-scenes cooperation between Microsoft and an outside researcher. They will share what they learned about detection and remediation next week at the Black Hat conference in Las Vegas. “This attack was very hard to detect,” recalled Dana Baril, a security software engineer at Microsoft. “The behavior didn’t stand out as unusual for the user.” A hacker exploiting the bug would be making network connections that looked a lot like whatever a normal person might do with RDS. Baril had received a report through Microsoft’s bug bounty program. She reached out to Eyal […]
The post How offense and defense came together to plug a hole in a popular Microsoft program appeared first on CyberScoop.
Continue reading How offense and defense came together to plug a hole in a popular Microsoft program
In a world of hackable things, protocols in surveillance cameras sometimes get overlooked. The cameras used in commercial buildings aren’t necessarily a priority for researchers looking for the next big intrusion, and the devices are often seen as one-dimensional targets that only yield the data they collect. But that misses the point of how a camera can be a gateway to other devices in a building. Hacking an internet-connected camera could give an attacker a pathway to a device controlling physical access to a facility, for example. That concern prompted researchers at Forescout Technologies to dissect surveillance cameras in their test lab in the Netherlands. What they found were widely used cameras using weak communication protocols to transmit data over unencrypted channels. The researchers were able to carry out a “man-in-the-middle attack,” which intercepts and manipulates data, to replace footage recorded by the camera with their own. Altering security footage at an airport, for example, could be […]
The post Camera obscura: Researchers say weak protocols are Achilles’ heel of surveillance cameras appeared first on CyberScoop.