Remote Work Trends: How Cloud Computing Security Changed

Looking back on 2020, we can honestly say it was a year like no other. We faced wildfires, hurricanes, a raucous election season and, of course, a pandemic that forced millions of people to work, socialize and attend school from home. For cybersecurity teams, 2020 presented a unique challenge. How do you continue to offer […]

The post Remote Work Trends: How Cloud Computing Security Changed appeared first on Security Intelligence.

Continue reading Remote Work Trends: How Cloud Computing Security Changed

After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach of software made by Juniper Networks, a major provider of firewall devices for the federal government. Juniper revealed its incident in December 2015, saying that hackers had slipped unauthorized code into the firm’s software that could allow access to firewalls and the ability to decrypt virtual private network connections. Despite repeated inquiries from Capitol Hill— and concern in the Pentagon about the potential exposure of its contractors to the hack — there has been no public U.S. government assessment of who carried out the hack, and what data was accessed. Lawmakers are […]

The post After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case appeared first on CyberScoop.

Continue reading After SolarWinds breach, lawmakers ask NSA for help in cracking Juniper cold case

International sting shuts down ‘favorite’ VPN of cybercriminals

The latest international action against cybercrime infrastructure involves the takedown of a virtual private network (VPN) used to hide the activities of ransomware gangs and other illegal operations. The FBI and European police announced the sting against the Safe-Inet service Tuesday morning. The VPN company was billed as “cybercriminals’ favorite” by Europol. The FBI said three Web domains associated with the service — safe-inet.com, safe-inet.net and insorg.org — had been seized and then plastered with notices from police. Officials said that taking down Safe-Inet was disruptive to major active cybercriminal campaigns, but they did not specify what those were. “Active for over a decade, Safe-Inet was being used by some of the world’s biggest cybercriminals, such as the ransomware operators responsible for ransomware, E-skimming breaches and other forms of serious cybercrime,” according to a news release from Europol, the top police agency for the European Union. “This VPN service was […]

The post International sting shuts down ‘favorite’ VPN of cybercriminals appeared first on CyberScoop.

Continue reading International sting shuts down ‘favorite’ VPN of cybercriminals

Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say

Cybersecurity experts and privacy advocates said Friday that TikTok and WeChat users should probably stop using the applications in the coming days, given that the Trump administration’s new ban on them will effectively block users from downloading updates. Updates, of course, provide security fixes and not just new features. In just the last year, TikTok has had to issue multiple patches for vulnerabilities that could allow hackers to capture users’ data without their permission or send them malicious links, for instance. WeChat has also had to address several flaws in the last year. “The order … harms the privacy and security of millions of existing TikTok and WeChat users in the United States by blocking software updates, which can fix vulnerabilities and make the apps more secure,” the Director of the American Civil Liberties Union’s National Security Project, Hina Shamsi, said in a statement. After Sunday, when some of the restrictions are […]

The post Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say appeared first on CyberScoop.

Continue reading Lame-duck versions of TikTok and WeChat are definitely a problem, security experts say

Taiwan accuses Chinese hackers of aggressive attacks on government agencies

The Taiwanese government on Wednesday accused Chinese government-linked hackers of targeting 10 Taiwanese government agencies and 6,000 email accounts of officials in an escalation of Beijing’s long-running espionage on the island. Over the course of two years, Chinese hackers have infiltrated a variety of Taiwanese government offices in an effort to steal sensitive documents, Liu Chia-zung, an official in the Taiwan Investigation Bureau’s Cyber Security Investigation Office, said at a press conference. Liu conceded that with the breach of key IT infrastructure, at least some data may have been exposed. It is only the latest in a wave of suspected Chinese hacking campaigns to hit Taiwan, which China considers its territory. The Taiwanese semiconductor industry, a centerpiece of the global supply chain for smartphones, has also come under sustained assault from hackers that appear to be based in China, private researchers said earlier this month. And in May, Taiwan suggested that a broad […]

The post Taiwan accuses Chinese hackers of aggressive attacks on government agencies appeared first on CyberScoop.

Continue reading Taiwan accuses Chinese hackers of aggressive attacks on government agencies

Twitter, VPN services in Belarus disrupted during violent crackdown

Belarus’ crackdown on protests following the re-election of an authoritarian leader also appears to include widespread internet blackouts and traffic throttling on major websites. Twitter confirmed Monday it was experiencing blocking and throttling in Belarus amid ongoing protests disputing the results of the presidential election. The company didn’t specifically attribute the disruptions to the government, though it said “Internet shutdowns are hugely harmful. They fundamentally violate basic human rights & the principles of the #OpenInternet.” The statement from Twitter comes after a number of journalists and demonstrators in the region reported that virtual private networks appeared to be blocked, and NetBlocks.org, which tracks digital disruptions, said shutdowns had stretched for nearly 24 hours at press time. Independent media sites, alternative voting resources and roughly half the foreign traffic typically entering the country also had been blocked, according to Access Now, a digital rights organization. Update: It has been almost 24 […]

The post Twitter, VPN services in Belarus disrupted during violent crackdown appeared first on CyberScoop.

Continue reading Twitter, VPN services in Belarus disrupted during violent crackdown

New VPN flaws highlight proven pathway for hackers into industrial organizations

Sometime in the second half of 2019, suspected Iranian hackers started burrowing into the network of an unnamed organization in the Middle East. What likely began, according to investigators, as a breach of a virtual private network application led to a compromise of the organization’s administrative network accounts. It culminated in a data-wiping attack on Dec. 29 that hit most of the machines on the organization’s IT network. A forensic report on the attack produced by Saudi cybersecurity officials warns industrial companies to secure VPN connections, which employees use for remote connectivity, lest they become a valuable foothold for hackers in search of sensitive data. Seven months later, with the rise in remote work during the coronavirus pandemic, that advice is even more critical. On Tuesday, researchers from cybersecurity company Claroty drove the point home by publishing data on multiple remote-connectivity products popular in the oil, gas and other industrial […]

The post New VPN flaws highlight proven pathway for hackers into industrial organizations appeared first on CyberScoop.

Continue reading New VPN flaws highlight proven pathway for hackers into industrial organizations

Securing Your Environment While Working Remotely

Before the coronavirus pandemic hit, working from home used to be a novelty for many employees. According to a June 2020 IBM Security and Morning Consult “Work From Home Survey,” 80% of respondents say they worked from home either rarely or not at all prior to the pandemic. In-office work allowed employers and information technology […]

The post Securing Your Environment While Working Remotely appeared first on Security Intelligence.

Continue reading Securing Your Environment While Working Remotely

New round of bugs found in Citrix software, but this time a patch is ready

Six months ago, a critical vulnerability found in software made by Citrix set off an uncomfortable few weeks for the virtual private networking vendor and the Fortune 500 companies that rely on its products. It took Citrix a month to release a software fix, well after researchers were warning that malicious hackers were actively exploiting the vulnerability. Even with a fix available, Chinese spies conducted a sweeping operation that took advantage of the software flaw in critical infrastructure sectors. On Tuesday, Citrix revealed 11 new vulnerabilities in those same cloud-based and remote access products. This time, the Florida-based VPN service provider is hoping to head off attacks by having patches available immediately. The vulnerabilities, under certain conditions, could allow an attacker to inject malicious code into a network running Citrix software, or conduct a denial-of service attack on virtual servers. Citrix urged customers to install the fixes. There haven’t been […]

The post New round of bugs found in Citrix software, but this time a patch is ready appeared first on CyberScoop.

Continue reading New round of bugs found in Citrix software, but this time a patch is ready

The Latest Mobile Security Threats and How to Prevent Them

For many of us, the last few months have drastically increased our reliance on mobile capabilities. Through the increased use of corporate mobile apps, virtual private networks (VPNs), hot spots and more, mobile communications are more ubiquitous than ever. Because of this enhanced, unprecedented and sudden dependence on mobile capabilities, mobile security should be at […]

The post The Latest Mobile Security Threats and How to Prevent Them appeared first on Security Intelligence.

Continue reading The Latest Mobile Security Threats and How to Prevent Them