Category Archives: Security Research

Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date

Posted on by

Several U.S. Supreme Court justices, including some of President Donald Trump’s appointees, skeptically questioned a broad interpretation of the main federal anti-hacking law during oral arguments Monday. The hearing represented one of the final steps in the biggest case to come before the nation’s highest court involving the Computer Fraud and Abuse Act (CFAA), written in the 1980s. The case centers on when an individual “exceeds authorized access” to a computer, as defined by that law. The law has long held a contentious place in the cybersecurity world, where it’s viewed as hopelessly vague, outdated and overly punitive. One CFAA prosecution that drew particular criticism was that of Aaron Swartz, an internet activist who took his own life before he was scheduled to stand trial for allegedly downloading articles from an academic database, in a case where he faced decades in prison if convicted. The case now before the Supreme Court involves defendant Nathan […]

The post Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date appeared first on CyberScoop.

Continue reading Supreme Court considers scope of federal anti-hacking law in biggest cyber case to date

‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities

Posted on by

Holiday shoppers looking for a wireless-connected doorbell might want to take a closer look at the device’s security features. The U.K.-based security company NCC Group and consumer advocacy group Which? have found vulnerabilities in 11 “smart” doorbells sold on popular platforms like Amazon and eBay. One flaw could allow a remote attacker to break into the wireless network by swiping login credentials. Another critical bug, which has been around for years, could enable attackers to intercept and manipulate data on the network. The investigation focused on doorbells made by often obscure vendors, but which nonetheless earned top reviews and featured prominently on Amazon and eBay. The researchers raised concerns that some of the devices were storing sensitive data, including location data and audio and video captured by the doorbell’s camera, on insecure servers. One device made by a company called Victure, for example, sent a user’s wireless name and password, […]

The post ‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities appeared first on CyberScoop.

Continue reading ‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities

Symantec implicates APT10 in sweeping hacking campaign against Japanese firms

Posted on by

A Chinese government-linked hacking group whose operatives have been indicted by the U.S. and sanctioned by the European Union is suspected in a year-long effort to steal sensitive data from numerous Japanese companies and their subsidiaries, security researchers said Tuesday. The attackers, known as APT10 or Cicada, have been burrowing into the networks of companies in the automotive, pharmaceutical and engineering sectors, according to researchers from antivirus provider Symantec. They have sometimes lingered for months before trying to extract data and have targeted domain controllers, the servers that act as gatekeepers for organizations’ network traffic. While Symantec did not identify specific targets, the company said many of the organizations have links to Japan, or Japanese companies. China and Japan are, respectively, the second and third biggest economies in the world. The two Asian countries have long had territorial disputes, and Japanese organizations have been a frequent target of alleged Chinese cyber-espionage. […]

The post Symantec implicates APT10 in sweeping hacking campaign against Japanese firms appeared first on CyberScoop.

Continue reading Symantec implicates APT10 in sweeping hacking campaign against Japanese firms

Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Posted on by

Three hacking groups connected to the Russian and North Korean governments targeted COVID-19 vaccine and treatment researchers across five nations in recent months, and some of their attacks were successful, Microsoft said Friday. The hackers went after seven prominent companies in Canada, France, India, South Korea and the United States, according to Microsoft. The hacking groups are the Russia-linked Fancy Bear, which Microsoft refers to as Strontium; the North Korea-connected organization Lazarus Group, which Microsoft calls Zinc; and a third North Korean group that Microsoft has not previously mentioned publicly, which it calls Cerium. Microsoft’s alert deepens the breadth of warnings from government agencies and cybersecurity companies: Hackers affiliated with some of the U.S.’s biggest adversaries in cyberspace are hard at work to hack others’ vaccine research. “Among the targets, the majority are vaccine makers that have Covid-19 vaccines in various stages of clinical trials,”  Tom Burt, Microsoft’s corporate vice president for customer security and […]

The post Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says appeared first on CyberScoop.

Continue reading Russian, North Korean hackers targeted COVID-19 vaccine researchers — and some attacks got through, Microsoft says

Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds

Posted on by

A web and mobile phone application that the Philippines government uses to track coronavirus cases contained a flaw that could have allowed access to the names of tens of thousands of health care providers that use the app in that country, according to new research. The flaw has been fixed, but it stands out as another cautionary tale of how software tools used to combat the pandemic can open up new fronts in data insecurity. Multinational company Dure Technologies and officials from the World Health Organization and the Philippines Department of Health developed the app to efficiently report COVID-19 cases and help with contact tracing, and released it in June. But when researchers from the University of Toronto’s Citizen Lab investigated the app’s code, they found pressing security issues. A web version of the app, which is known as COVID-KAYA, had a flaw in its authentication logic that revealed the […]

The post Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds appeared first on CyberScoop.

Continue reading Flaw in Philippines’ contact-tracing app served up data on 30K health care providers, research finds

Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Posted on by

Apple has issued fixes for three critical bugs in its software for iPhones, iPads and iPods that could allow an attacker to burrow into the inner sanctum of a device’s operating system and steal data. The researchers who found the flaws said that attackers were actively exploiting them. Two of the bugs affect the kernel, the core of the device’s operating system which handles interactions between hardware and software. Apple users are protected if they update their software, which the company encouraged them to do on Thursday. Project Zero, Google’s team of security researchers that found the vulnerabilities, said hackers exploited the flaws in targeted attacks, but did not disclose the victims or perpetrators. Shane Huntley, of Google’s Threat Analysis Group, said the activity was not related to the U.S. election. Vulnerabilities in iPhone software are coveted by spies and criminals alike because of the popularity of the phones around the world, and the resources […]

The post Apple releases patches for 3 iOS zero days that hackers used for targeted attacks appeared first on CyberScoop.

Continue reading Apple releases patches for 3 iOS zero days that hackers used for targeted attacks

Why, and how, Turla spies keep returning to European government networks

Posted on by

Turla, a group of suspected Russian hackers known for pinpoint espionage operations, have used updated tools to breach the computer network of an unnamed European government organization, according to new research. The research from consulting giant Accenture shows how, despite a large body of public data on Turla techniques, and a warning from Estonian authorities linking the hackers with Russia’s FSB intelligence agency, the group remains adept at infiltrating European government networks. The hacking tools are tailored to the victim organization, which Accenture did not name, and have been used over the last few months to burrow into the internal network and then ping an external server controlled by the attackers. The stealth is typical of Turla, which is known for stalking embassies and foreign affairs ministries in Europe and elsewhere for sensitive data. Turla’s tools are associated with a damaging breach of U.S. military networks in the mid-to-late 1990s, and an attack on […]

The post Why, and how, Turla spies keep returning to European government networks appeared first on CyberScoop.

Continue reading Why, and how, Turla spies keep returning to European government networks

Google’s Waze Can Allow Hackers to Identify and Track Users

Posted on by

The company already patched an API flaw that allowed a security researcher to use the app to find the real identity of drivers using it. Continue reading Google’s Waze Can Allow Hackers to Identify and Track Users

Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process

Posted on by

Five researchers who found 55 vulnerabilities in Apple’s online services and assets, some of which were critical vulnerabilities, received nearly $300,000 from the Silicon Valley giant Thursday – but it was a journey to get there. At first, the researchers were only paid a fraction of that, and the road to a larger payment — which appears to align more with typical Apple vulnerability research rewards — has been frustrating and confusing, according to one of the researchers involved. The experience offered a window into Apple’s relatively nascent bug bounty initiative, in its infancy compared to other major tech companies’ programs after just fully opening to the public just last year. The vulnerabilities, which the researchers investigated over the last three months, included 11 critical and 29 high-severity flaws. One would allow attackers to compromise victims’ iCloud accounts without any user interaction. Another would allow remote code execution via authorization and authentication bypass. Apple said it does not appear that […]

The post Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process appeared first on CyberScoop.

Continue reading Researchers’ experience with Apple offers peek at ‘confusing’ vulnerability award process

Android ransomware authors have a new trick to go with an old shakedown technique

Posted on by

Mobile ransomware scams — in which crooks lock your phone and demand money — are nothing new. But they are getting more clever as cybercriminals find new ways to circumvent security. The latest example is a ransomware scheme targeting Android phones that Microsoft made public Thursday. According to the research, the malicious code gets around security checks that Google, which owns Android, has instituted against previous ransomware kits. Instead of abusing a permission feature that controls what apps can do on the phone, as other mobile ransomware scams have, this one triggers an incoming call notice to display the ransom note. It’s “the latest variant of a ransomware family that’s been in the wild for a while but has been evolving non-stop,” Dinesh Venkatesan, a Microsoft researcher, wrote in a blog. Mobile ransomware generally isn’t as profitable as ransomware attacks on PCs or enterprise networks. But Allan Liska, an analyst at threat […]

The post Android ransomware authors have a new trick to go with an old shakedown technique appeared first on CyberScoop.

Continue reading Android ransomware authors have a new trick to go with an old shakedown technique