Category Archives: U.S. Cyber Command

Cyber Command boss acknowledges US military actions against ransomware groups

Posted on by

The U.S. military has taken offensive measures against ransomware groups, U.S. Cyber Command leader General Paul M. Nakasone confirmed Saturday. “Before, during and since, with a number of elements of our government, we have taken actions and we have imposed costs,” Nakasone told The New York Times in an interview Saturday. “That’s an important piece that we should always be mindful of.” CNN confirmed the offensive cyber operations to disrupt foreign ransomware groups with a U.S. Cyber Command spokesperson. U.S. Cyber Command, the military’s top hacking unit, has reportedly been going after criminal hacking groups dating back to before the 2020 election, when it attempted to knock out TrickBot, a network of infected computers used to deliver malware. More recently, U.S. Cyber Command had role in shutting down ransomware group REvil’s operations, working with foreign governments to redirect traffic from the group’s website, The Washington Post first reported in November. Both […]

The post Cyber Command boss acknowledges US military actions against ransomware groups appeared first on CyberScoop.

Continue reading Cyber Command boss acknowledges US military actions against ransomware groups

CISA director unveils cyber defense collaborative center for pre-attack planning

Posted on by

Cybersecurity and Infrastructure Security Director Jen Easterly announced the launch of a cyber defense center Thursday that will seek to foster collaboration before cyberattacks, rather than afterward, between federal agencies, the private sector and state and local governments. Speaking at the Black Hat security conference in Las Vegas in one of her first public appearances since the Senate confirmed her last month to lead the Department of Homeland Security’s cyber wing, Easterly said the Joint Cyber Defense Collaborative (JCDC) would try to enhance teamwork that often happens only after a major incident, such as the past year’s high-profile attacks on companies like SolarWinds or Kaseya. “While some of this work is happening in pockets, most of it is reactive,” Easterly said in prepared remarks. “The unique value add of the JCDC is to create a proactive capability for government and private sector to work together closely before an incident occurs […]

The post CISA director unveils cyber defense collaborative center for pre-attack planning appeared first on CyberScoop.

Continue reading CISA director unveils cyber defense collaborative center for pre-attack planning

White House weighs cracking down on secret ransomware payments, pursuing hackers

Posted on by

Going on offense against attackers and penetrating the secrecy surrounding attacks are two ways the Biden administration is pondering to tackle ransomware, a top White House official said on Tuesday. Anne Neuberger, the deputy national security adviser, said that that a joint FBI, U.S. Cyber Command and private sector effort to cripple the Trickbot botnet, a hacking tool that U.S. officials had feared would disrupt 2020 election season, should be the kind of operation used to tackle ransomware gangs in the future. “Certainly that serves as a model to say where we identify actors and infrastructure that are used … to conduct ransomware attacks, we want to ensure that we make it a lot harder for those actors to operate,” Neuberger said at an event hosted by the Silverado Policy Accelerator, a nonprofit think tank. In advance of the 2020 election, Cyber Command and Microsoft led missions to weaken Trickbot, […]

The post White House weighs cracking down on secret ransomware payments, pursuing hackers appeared first on CyberScoop.

Continue reading White House weighs cracking down on secret ransomware payments, pursuing hackers

US Cyber Command, CISA warn of hackers exploiting critical VMware flaw

Posted on by

Hackers have been leveraging a critical flaw in the software that Silicon Valley vendor VMware uses to manage virtual machines in large data centers, U.S. Cyber Command warned on Saturday. The flaw allows an attacker to execute code remotely and potentially infiltrate sensitive computing environments that run on VMware’s widely used server management software. Security fixes have been available since May 25, but the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and Cyber Command, a U.S. military unit, urged users to update their software after researchers discovered at least one public exploit for the vulnerability. “Please patch immediately!” the command tweeted on Saturday. VMware itself issued an urgent advisory telling clients to apply the patch on May 25. As corporations and government agencies increasingly use cloud computing to consolidate data, the value of flaws in code built by VMware and other vendors has only grown. Bad Packets, a […]

The post US Cyber Command, CISA warn of hackers exploiting critical VMware flaw appeared first on CyberScoop.

Continue reading US Cyber Command, CISA warn of hackers exploiting critical VMware flaw

Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence

Posted on by

When companies become aware they have been targeted by criminal or nation-state hackers, they need to fess up and come to the U.S. government with information to help feds get a better handle on foreign nation-state hacking, FBI Director Chris Wray emphasized during testimony on Capitol Hill Wednesday. Wray noted that companies coming forward when they are impacted in cyberattacks is a crucial part of developing a sort of early-warning system for foreign hackers working to conduct sweeping cyber-operations against multiple American companies and government entities. “We need that first company [impacted]. Someday you’re going to be the first company, if you’re the CEO and someday you’re going to be the second, third or fourth company,” Wray told the Senate Intelligence Committee during the intelligence community’s global threats briefing. “We need in every instance those companies to be stepping forward promptly and reaching out to government so that we can […]

The post Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence appeared first on CyberScoop.

Continue reading Lawmakers press spy leaders on lagging efforts to block foreign hackers, deterrence

US to publish details on suspected Russian hacking tools used in SolarWinds espionage

Posted on by

U.S. military and security officials are preparing to publish one of their most detailed analyses yet of the hacking tools used by suspected Russian spies in a campaign that the Biden administration has labeled a national security threat. The “malware analysis report” from U.S. Cyber Command and the Department of Homeland Security, which CyberScoop obtained, spotlights 18 pieces of malicious code allegedly used by Russian hackers, who exploited software made by the federal contractor SolarWinds and other vendors on their way to infiltrating nine U.S. government agencies and 100 companies. The report, slated for public release Wednesday afternoon, sheds light on a historic espionage campaign that U.S. officials have, at times, been cautious to publicly detail. It’s an analysis from U.S. government cybersecurity specialists of how the alleged Russian operatives moved from network to network, and builds on private sector reporting. Cyber Command and DHS’s Cybersecurity and Infrastructure Security Agency […]

The post US to publish details on suspected Russian hacking tools used in SolarWinds espionage appeared first on CyberScoop.

Continue reading US to publish details on suspected Russian hacking tools used in SolarWinds espionage

The “Russia Small Group” – A Step in the Right Direction or a Dangerous Game to Play With?

Posted on by

It has recently came clear that the U.S DoD in direct cooperation with the NSA have been busy working on the so called “Russia Small Group” which aims to analyze and properly respond to the growing threat of foreign influence operations launched and co… Continue reading The “Russia Small Group” – A Step in the Right Direction or a Dangerous Game to Play With?

F5 releases patches for nearly two dozen vulnerabilities, some critical

Posted on by

F5 Networks, a leading provider of enterprise networking equipment, disclosed four critical vulnerabilities and 17 others on Wednesday as the recent parade of major flaws needing patches marches ahead. Three of the vulnerabilities would allow hackers to remotely execute code on target networks. It’s the second time in in two years that F5 has disclosed such a flaw. In 2020, both Cyber Command and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued warnings about the earlier reported vulnerabilities. F5 joins Microsoft, SolarWinds and Accellion on the list of companies that have needed to release major patches in recent months. In the case of F5 so far, “We are not aware of any active exploits for these vulnerabilities,” spokesperson Rob Gruening said. The flaws affect both the F5 BIG-IP local traffic manager and BIG-IQ centralized management software. The company announced fixes for all of the vulnerabilities. Despite the […]

The post F5 releases patches for nearly two dozen vulnerabilities, some critical appeared first on CyberScoop.

Continue reading F5 releases patches for nearly two dozen vulnerabilities, some critical

For Microsoft, cybersecurity has become bigger than business

Posted on by

Since the cybersecurity firm FireEye hired Microsoft to help investigate a hack at the federal contractor SolarWinds, Microsoft has helped clean up the mess, alerted victims and distributed other details meant to fend off alleged Russian spies. Microsoft did all of that as it wrestled with its own probe of how hackers infiltrated its systems. Yet the company’s role in the SolarWinds investigation, while significant, represents a fraction of the cybersecurity-focused work Microsoft has done in recent years, including some behind the scenes and some in globe-spanning public relations campaigns. Once viewed as a traditional tech behemoth, Microsoft has evolved into a firm that fights cybersecurity battles in court, in election administration, in the international sphere, in the marketplace and elsewhere. The entirety of that perspective gives Microsoft a unique — if imperfect — place in the cybersecurity universe. The size of the company, and its level of visibility into […]

The post For Microsoft, cybersecurity has become bigger than business appeared first on CyberScoop.

Continue reading For Microsoft, cybersecurity has become bigger than business

Cyber Command, NSA warn to patch decade-old sudo vulnerability

Posted on by

U.S. intelligence officials are urging Amrican companies and security workers to fix a software flaw that, if exploited, would give attackers deep access to a victim machine. The vulnerability, which now has a patch, would have allowed unauthorized users to gain what’s known as root privileges on vulnerable hosts as early as 2011 when the flaw was introduced, researchers at the security firm Qualys found. Root access would enable at hacker to obtain administrative privileges over a machine, and quietly collect sensitive information. The vulnerability has existed for 10 years in sudo, a common tool found on nearly all Unix and Linux-based operating systems that generally allows system administrators to give some approved users root privileges. The flaw affects legacy versions from 1.8.2 to 1.8.31p2 and all default versions from 1.9.0 to 1.9.5p1, according to Qualys. The National Security Agency warned this week of how prevalent and damaging this issue […]

The post Cyber Command, NSA warn to patch decade-old sudo vulnerability appeared first on CyberScoop.

Continue reading Cyber Command, NSA warn to patch decade-old sudo vulnerability