Security Research – Page 6 – WindowsTechs.com

Russian-speaking hackers target Russian organizations with industrial spying tools

Posted on October 8, 2020 by Sean Lyngaas

A previously undisclosed, Russian-speaking hacking group has for the last two years been conducting targeted espionage against Russian-speaking organizations, researchers said Thursday. The type of tailored malicious code that Russian security company Kaspersky uncovered is often reserved for spying on diplomats or infiltrating telecom firms rather than corporations, researchers asserted. But these attackers have been stalking unnamed corporations, looking to siphon off certain Microsoft Office and Adobe documents. The discovery adds to a growing body of public reporting on corporate hacking that has often focused on Chinese-speaking hackers. U.S. government officials and security researchers have accused China of economic espionage for years — a charge Beijing denies. In this case, however, the hackers may be pretending to be Chinese but are really Russian speakers, according to Kaspersky. They set up online accounts for communicating with cloud computing infrastructure that “pretend to be of Chinese origin,” the researchers said. To lure their victims, […]

The post Russian-speaking hackers target Russian organizations with industrial spying tools appeared first on CyberScoop.

Continue reading Russian-speaking hackers target Russian organizations with industrial spying tools→

Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says

Posted on October 5, 2020 by Sean Lyngaas

Spies have long coveted the ability to compromise a computer’s booting process and, with it, the ability to control just about every part of the machine. The booting process — how a computer powers on — offers access to the machine’s operating system and all of the accompanying sensitive data. The crucial computing code that manages that booting process, known as UEFI firmware, represents a valuable target for hackers, though also one that remains difficult to infiltrate. Researchers from security company Kaspersky on Monday revealed what they described as the second case of malicious UEFI firmware found in use in the wild. Security specialists found UEFI implants that appeared to be part of a larger hacking operation carried out by Chinese-speaking operatives against diplomatic organizations and non-governmental organizations in Africa, Asia and Europe, researchers said. It’s an apparent case of cyber-espionage that took place from 2017 to 2019, with the evident aim of gathering information related to North Korea. All of the […]

The post Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says appeared first on CyberScoop.

Continue reading Rare case of UEFI hacking hit targets interested in North Korea, Kaspersky says→

Before targeting Belarus, Eastern Europe-focused hackers flew under the radar

Posted on October 2, 2020 by Sean Lyngaas

A mysterious cyber-espionage group, active for nearly a decade but documented in detail by private researchers for the first time Friday, has been hacking into government organizations in Eastern Europe in search of secrets. The hacking group has targeted military organizations, foreign ministries and private firms in Russia, Ukraine, Belarus and the Balkans with pinpoint espionage. Researchers from the anti-virus firm ESET, which claimed the discovery and christened the group “XDSpy,” said the attackers have been scouring a few dozen computers in search of sensitive PDF and Microsoft Word documents. One of the few other public indicators that XDSpy was on the prowl came from a February advisory from the Belarusian government’s National Computer Emergency Response Team. That statement listed four Belarusian government email accounts that had been compromised by the attackers, but warned that various government officials had been targeted. The broader region has long been subject to cyber-espionage activity, as hackers from […]

The post Before targeting Belarus, Eastern Europe-focused hackers flew under the radar appeared first on CyberScoop.

Continue reading Before targeting Belarus, Eastern Europe-focused hackers flew under the radar→

A new ransomware gang is aiming at big Russian targets, researchers say

Posted on September 23, 2020 by Joe Warminsky

Medical labs, banks, manufacturers and software developers in Russia are the prime targets for a new ransomware gang that began operating with custom tools as early as March of this year, according to researchers at the security vendor Group-IB. The attackers insert their hacking tools into networks via malware downloaded through spearphishing emails, then encrypt files and hold them ransom for about $50,000, Group IB says. The group, dubbed OldGremlin, has only targeted Russian companies so far, Group-IB says. It’s rare for a Russian-speaking ransomware group to aim at targets inside Russia but there are precedents, according to Group-IB senior digital forensics analyst Oleg Skulkin, who identified the hacking groups Silence and Cobalt as previous perpetrators. “What distinguishes OldGremlin from other Russian-speaking threat actors is their fearlessness to work in Russia,” Skulkin said. “This indicates that the attackers are either fine-tuning their techniques benefiting from home advantage before going global … or […]

The post A new ransomware gang is aiming at big Russian targets, researchers say appeared first on CyberScoop.

Continue reading A new ransomware gang is aiming at big Russian targets, researchers say→

After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later

Posted on September 15, 2020 by Sean Lyngaas

Nothing brings urgency to a software vulnerability like an exploit demonstrating its potency. That’s what happened Monday when researchers at Dutch cybersecurity company Secura released a “proof of concept” exploit for a vulnerability in the Netlogon protocol that Microsoft employs to authenticate users and updated passwords within a domain. The vulnerability could allow “an attacker with a foothold on your internal network to essentially become [domain administrator] with one click,” as Secura analysts put it. That means an attacker could “impersonate any computer, including the domain controller itself, and execute remote procedure calls on their behalf.” Within hours of Secura publishing its analysis, U.S. government officials were telling corporations and agencies to pay attention and apply the patch that Microsoft issued last month. The episode highlights how, with thousands of software vulnerabilities released each year, some matter much more than others and prompt influential voices in the industry to sound […]

The post After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later appeared first on CyberScoop.

Continue reading After researchers test Microsoft Netlogon exploit, feds tell users to patch now or suffer later→

Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

Posted on September 14, 2020 by Sean Lyngaas

A group of high-profile cybersecurity specialists doesn’t want mobile voting firm Voatz to have the last word before the Supreme Court takes up a case with major implications for computer research. The security practitioners, including computer scientists and vulnerability disclosure experts, on Monday criticized Voatz’s argument that a federal anti-hacking law should only authorize researchers with clear permission to probe computer systems for vulnerabilities. An amicus brief filed by Voatz earlier this month, the security specialists charged, “fundamentally misrepresents widely accepted practices in security research and vulnerability disclosure.” At issue is the Computer Fraud and Abuse Act (CFAA), a more than 30-year-old law that legal experts say could be abused to target good-faith researchers who break systems while trying to them more secure. The Supreme Court is set to consider whether corporate terms of service can be considered an inviolable boundary under the CFAA when it resumes in October. Legal experts and technologists see the […]

The post Security researchers slam Voatz brief to the Supreme Court on anti-hacking law appeared first on CyberScoop.

Continue reading Security researchers slam Voatz brief to the Supreme Court on anti-hacking law→

CISA orders agencies to set up vulnerability disclosure programs

Posted on September 2, 2020 by Sean Lyngaas

Out of scores of federal civilian agencies, only a handful of them have official programs to work with outside security researchers to find and fix software bugs — a process that is commonplace in the private sector. Now, to put an end to the feet-dragging, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency is giving agencies six months to set up the programs, known as vulnerability disclosure policies (VDPs). CISA on Wednesday issued a directive requiring agencies to establish VDPs that foreswear legal action against researchers who act in good faith, allow participants to submit vulnerability reports anonymously and cover at least one internet-accessible system or service. It’s the latest sign that federal officials are warming to white-hat hackers from various walks of life. “We believe that better security of government computer systems can only be realized when the people are given the opportunity to help,” CISA Assistant Director […]

The post CISA orders agencies to set up vulnerability disclosure programs appeared first on CyberScoop.

Continue reading CISA orders agencies to set up vulnerability disclosure programs→

Router vendor has patched some zero-days, but leaves others wide open

Posted on September 2, 2020 by Sean Lyngaas

In April, security researcher Rich Mirch got a text from a friend who had just switched to a new wireless router and was raving about its high-speed internet. You have to try it, the friend told Mirch. Curious, Mirch downloaded the router’s firmware and started picking it apart. He found that the device, made by an obscure Canada-based company called MoFi Network, had multiple password-related vulnerabilities packed into its code. But Mirch wanted to delve deeper. So the senior adversarial engineer at Texas-based security firm CriticalStart ordered the router online and rolled up his sleeves. He ended up finding 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys. “Some of these vulnerabilities have probably existed since 2015,” said Mirch, who published his findings on Wednesday. The research points to a longstanding […]

The post Router vendor has patched some zero-days, but leaves others wide open appeared first on CyberScoop.

Continue reading Router vendor has patched some zero-days, but leaves others wide open→

U.S. military researchers may have found a more productive vulnerability discovery process

Posted on August 24, 2020 by Shannon Vavra

A study from the U.S. government shows there is proof of a way to be more efficient when looking for flaws in software. Security researchers of all expertise levels do better with an improved, automated analysis that better allocates human resources during investigations, U.S. military researchers from the National Security Agency, Cyber Command, Navy, Air Force, and Army posit in new research published this month. This differs from a common approach taken when researchers are more naturally inclined to zero in on a given piece of software to try to find flaws. “There is a cognitive bias in the hacker community to select a piece of software and invest significant human resources into finding bugs in that software without any prior indication of success,” they write in the paper. This status quo, which the researchers call the “depth-first” approach, places more of a burden on experienced researchers while beginners get […]

The post U.S. military researchers may have found a more productive vulnerability discovery process appeared first on CyberScoop.

Continue reading U.S. military researchers may have found a more productive vulnerability discovery process→

Ohio becomes first state to release vulnerability policy for election-related websites

Posted on August 7, 2020 by Sean Lyngaas

Ohio’s secretary of state has established guidelines for security experts to find and help fix software flaws in the state’s election-related websites, the first such move by a state as the 2020 election approaches. The vulnerability disclosure policy (VDP) covers registration websites for Ohio residents and overseas and military voters, among other sites, and provides legal liability protections for researchers. The program will bolster the efforts of Ohio Secretary of State Frank LaRose’s security team at a time when threats to election infrastructure “have never been greater,” the policy states. Under the policy, researchers are required to wait four months after reporting a vulnerability to Ohio officials before going public with it. “We believe that public disclosure of vulnerabilities is an essential part of the vulnerability disclosure process, and that one of the best ways to make software better is to enable everyone to learn from each other’s mistakes,” the […]

The post Ohio becomes first state to release vulnerability policy for election-related websites appeared first on CyberScoop.

Continue reading Ohio becomes first state to release vulnerability policy for election-related websites→