By Tim Starks on Apr 21, 2021 06:40 pm
“Snoop onto them… as they’d snoop onto us.” Moxie Marlinspike, founder of the encrypted messaging app Signal, revealed on Wednesday what he said were vulnerabilities in software that the company Cellebrite uses to break into encrypted phones. To accompany a blog post on what Marlinspike and his team of researchers learned, Signal produced a demonstration video featuring the above line of dialogue from the movie “Hackers.” In a blog post evidently dripping with sarcasm, Marlinspike detailed how he obtained the latest version of the company’s software, named UFED and Physical Analyzer, when he saw a small package fall off the back of a truck, prompting some digital probing. The vulnerabilities would amount to an ironic turn for Cellebrite, which makes its money hacking into smartphones. Its customer base includes the U.S. government and some authoritarian regimes, although the Israeli company recently announced it would stop doing business with Russia or […]
The post Turnabout: It looks like phone-cracking company Cellebrite had its own vulnerabilities exposed appeared first on CyberScoop.
By Sean Lyngaas on Apr 21, 2021 06:10 pm
At least two-dozen U.S. federal agencies run the Pulse Connect Secure enterprise software that two advanced hacking groups have recently exploited, according to the Department of Homeland Security’s cybersecurity agency. Multiple agencies have been breached, but just how many is unclear. “We’re aware of 24 agencies running Pulse Connect Secure devices, but it’s too early to determine conclusively how many have actually had the vulnerability exploited,” Scott McConnell, a spokesman for DHS’s Cybersecurity and Infrastructure Security Agency, told CyberScoop on Wednesday. FireEye, the cybersecurity firm that announced the hacking campaign on Tuesday, said at least one of the two groups had links to China. The suspected Chinese hackers also targeted the trade-secret-rich defense contractors who do business with the Pentagon. CyberScoop’s review of agency records found that multiple U.S. government-funded labs conducting national security-related research appear to run Pulse Connect Secure virtual private network software, which allows employees to log […]
The post At least 24 agencies run Pulse Secure software. How many were hacked is an open question. appeared first on CyberScoop.
By Dark Reading Staff on Apr 21, 2021 05:01 pm
The company plans to use Velociraptor's technology and insights to build out its own incident response capabilities.
By David “moose” Wolpoff on Apr 21, 2021 04:49 pm
David “moose” Wolpoff, co-founder and CTO at Randori, talks lesser-known hacking paths, including unresolved "fixme" flags in developer support groups.
By Dark Reading Staff on Apr 21, 2021 04:45 pm
One goal of the group is to take down the criminal ecosystem that enables ransomware, officials say.
By Kelly Sheridan Staff Editor, Dark Reading on Apr 21, 2021 04:20 pm
Three zero-day vulnerabilities helped an attacker install a backdoor, access files and emails, and move laterally into a target network.
By Shannon Vavra on Apr 21, 2021 04:05 pm
Google released an updated version of the Chrome browser on Tuesday that included seven security fixes, including a patch for a zero-day flaw that hackers may have actively been exploiting, Google said. Google has been dealing with several serious flaws in recent days. The update details four other vulnerabilities and fixes Google had to roll out this week. Google previously fixed another zero-day flaw on April 12, as well. If the zero-day flaw, classified as CVE-2021-21224, was exploited in concert with another vulnerability, hackers would have been able to execute arbitrary code on victims’ systems. VerSprite Inc’s Jose Martinez reported the vulnerability, which Google describes as a Type Confusion in V8, several days ago, linking it to a proof-of-concept exploit that took advantage of the bug. That proof-of-concept code was available on Twitter, and thus accessible to the public, though there were no reports of attackers leveraging the bug in […]
The post Google releases update to fix another zero-day flaw in Chrome browser appeared first on CyberScoop.
By Tara Seals on Apr 21, 2021 03:39 pm
Usage is way up, but so are cyberattacks: Mobile phishing, malware, banking heists and more can come from just one wrong scan.
By Julia Weaver on Apr 21, 2021 03:30 pm
Steve Caimi is a security specialist Cisco with nearly 25 years’ experience in cybersecurity. Ransomware had a banner year in 2020, taking advantage of pandemic-related shifts in network access for remote work, distance learning and telehealth. For critical infrastructure sectors, the threat of seeing data locked up or having systems knocked offline is a risk that these organizations simply can’t afford. While cyber defenders are improving their cyber defenses, hackers are upping their game too. They’re getting better at getting inside, they’re affecting more systems and they’re doing more with the data they steal. That is why organizations need a security strategy that can adapt to the changing threat environment. For ransomware, financial gain is the endgame. We are seeing a growing trend in “big game hunting” — or targeting big-revenue organizations — because attackers know these organizations can, and will, pay up. Two of the top attack vectors should […]
The post Aiming for the right defense strategy against ransomware threats appeared first on CyberScoop.
By Anonymous on Apr 21, 2021 02:59 pm
Facebook says it has taken action against two groups of hackers originating from Palestine that abused its infrastructure for malware distribution and account compromise across the Internet.
By Tim Starks on Apr 21, 2021 02:07 pm
Facebook on Wednesday detailed steps it took to counter two groups of alleged Palestinian hackers, one with suspected ties to the Palestinian state and another reportedly linked to the Hamas militant group. The hackers linked to Preventive Security Service (PSS), the Palestinian Authority’s internal intelligence organization, targeted victims primarily in the Palestinian territories and Syria, Facebook said. To a lesser degree, they targeted Turkey, Iraq, Lebanon and Libya. Those attackers went after groups and individuals seemingly viewed as a threat to the Fatah-led government, including journalists, dissidents and human rights activists. They also also aimed at military organizations such as the Syrian opposition and Iraqi military, Facebook said. The alleged Hamas-linked hackers, dubbed Arid Viper, by contrast, targeted victims associated with the Palestinian Authority, government organizations and backers of the Fatah-led government, Facebook said. Facebook periodically conducts takedowns of hacking-related activity, most recently related to a campaign that targeted Uighurs […]
The post Facebook tackles hacking groups with apparent ties to Palestine, Hamas appeared first on CyberScoop.
By Charlie Winckless Senior Director, Cybersecurity Solutions, at Presidio on Apr 21, 2021 01:00 pm
Ransomware gets the headlines, but business paid out $1.8 billion last year to resolve BEC issues, according to an FBI report.
By Tara Seals on Apr 21, 2021 11:35 am
CVE-2021-22893 allows remote code-execution (RCE) and is being used in the wild by nation-state cyberattackers to compromise VPN appliances in defense, finance and government orgs.
By Sean Lyngaas on Apr 21, 2021 11:22 am
It’s only Wednesday, and it’s already been a banner week for previously unknown exploits in popular security software. Unidentified hackers have exploited three “zero-day,” or newly discovered, vulnerabilities in email software made by SonicWall to access an unnamed victim organization’s network, according to Mandiant, the incident response unit of security firm FireEye. “The adversary leveraged these vulnerabilities, with intimate knowledge of the SonicWall application, to install a backdoor, access files and emails, and move laterally into the victim organization’s network,” Mandiant said in a blog on Tuesday evening. Security fixes are available for the flaws, and SonicWall urged customers to apply them. The news came after Mandiant revealed on Tuesday that suspected Chinese hackers had used bugs in another popular enterprise software made by Pulse Secure to break into government and defense-sector networks. Those breaches followed separate intrusion campaigns allegedly carried out by Russian and Chinese hackers exploiting software made […]
The post Hackers exploit SonicWall email software in a banner week for zero-day flaws appeared first on CyberScoop.
By Shannon Vavra on Apr 21, 2021 10:18 am
The House of Representatives passed a bill Tuesday that would carve out a top cyber diplomacy office at the State Department to help the U.S. better influence global cyberspace norms. The so-called Cyber Diplomacy Act would require the State Department to develop a strategy for promoting norms in cyberspace around what behavior is acceptable in cyberspace. The proposal would also create an ambassador role for cyber diplomacy, as well as a centralized Bureau of International Cyberspace Policy to push democratic norms in cyberspace and advise the Secretary of State on cyber issues. “In an increasingly connected world, we must have the proper structures in place to promote our values and interests in cyberspace,” Wisconsin Republican Rep. Mike Gallagher, who co-led the bill’s introduction, said in a statement. Added co-sponsor Jim Langevin, D-R.I.: “As the United States confronts increasingly bold challenges from adversaries in cyberspace, designing and implementing a whole-of-government response […]
The post House green lights new State Department cyber bureau appeared first on CyberScoop.
By Pavel Suprunyuk Technical lead of the audit and consulting team, Group-IB on Apr 21, 2021 10:00 am
Social engineering pen testing is just one step in preventing employees from falling victim to cybercriminals.
By Jai Vijayan Contributing Writer on Apr 21, 2021 09:20 am
Threat actors like attacking the technology because they provide a convenient entry point to enterprise networks.
By Pat Cooper on Apr 21, 2021 09:00 am
Data-breach risk should be tackled with a toolset for monitoring data in motion and data at rest, analysis of user behavior, and the detection of fraud and weak spots.
By Paul Ducklin on Apr 21, 2021 08:33 am
No IT technology feels quite as much of a double-edged sword as encryption.
By Elizabeth Montalbano on Apr 21, 2021 08:00 am
Attacks dubbed ‘Fajan’ by researchers are specifically targeted and appear to be testing various threat techniques to find ones with the greatest impact.
By Sean Lyngaas on Apr 21, 2021 08:00 am
Hackers are impersonating Bloomberg employees in an attempt to install remote access software on target computers, researchers said Wednesday. The ruse seeks to capitalize on the influence of Bloomberg Industry Group (formally known as Bloomberg BNA), whose analysis major corporations use to track markets, according to Cisco Talos, which discovered the activity. The perpetrator is sending fake Bloomberg invoices that are laced with a “remote access trojan” tools that could be used to surveil computer networks or steal data. The goal of the malicious email campaigns, and exactly who was targeted, remain unclear. But the perpetrator has clearly gone beyond the bumbling phishing emails in broken English that typically give other scammers away. It’s a clever piece of social engineering from a cyber actor that has apparently only been active for a year, but which has looked for economical ways into victim networks. One of the tools used, called NanoCore, […]
The post Hackers pose as Bloomberg employees in email scam appeared first on CyberScoop.
By Kelly Sheridan Staff Editor, Dark Reading on Apr 20, 2021 05:50 pm
China-linked attackers have used vulnerabilities in the Pulse Secure VPN appliance to attack US Defense Industrial Base networks.
By Dark Reading Staff on Apr 20, 2021 05:10 pm
British security agency MI5 has launched a new education campaign to warn potential victims of the attacks.
By Robert Lemos Contributing Writer on Apr 20, 2021 04:57 pm
A script used to upload sensitive reports-with access to credentials and datastores-likely sent information on hundreds, possibly thousands, of companies to attackers.
By Tom Spring on Apr 20, 2021 04:40 pm
The Mozilla Foundation releases Firefox 88, fixing 13 bugs ranging from high to low severity.
By Dark Reading Staff on Apr 20, 2021 02:50 pm
Over the next 100 days, the DoE will work with electric utilities to improve visibility, detection, and response for industrial control systems.
By Paul Ducklin on Apr 20, 2021 02:04 pm
What's in a window name? Turns out that it could be a sneaky tracking code, so Firefox has put a stop to that.
By Arthur Coviello Venture partner at Rally Ventures, LLC and former executive chairman RSA Security on Apr 20, 2021 01:00 pm
For all the chaos the pandemic caused, it also sparked awareness of how important an identity-centric approach is to securing today's organizations.
By Joan Goodchild Contributing Writer on Apr 20, 2021 12:30 pm
Beneath all those containers and IoT devices, there's a rich patchwork of gear, protocols, and guidelines that have been holding it together since before you were born. Knowledge of those fundamentals is growing more valuable, not less.
By Elizabeth Montalbano on Apr 20, 2021 11:59 am
The second-largest auto insurance provider in the U.S. has since fixed the vulnerability that exposed information from its website.
By Sean Lyngaas on Apr 20, 2021 11:37 am
Two hacking groups, including one with ties to China, have in recent months exploited popular enterprise software to break into defense, financial and public sector organizations in the U.S. and Europe, security firm FireEye warned Tuesday. Attackers are exploiting old vulnerabilities — and one new one — in virtual private networking software made by Pulse Secure. Corporations and governments alike use the technology to manage data on their networks, though it has proven a popular foothold for spies over the years. Later on Tuesday, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency confirmed that “U.S. government agencies” and “critical infrastructure entities” had been breached in the activity. “The threat actor is using this access to place webshells on the Pulse Connect Secure appliance for further access and persistence,” CISA said. One of the hacking groups in question uses techniques similar to a Chinese state-backed espionage group, according to FireEye […]
The post State-linked hackers hit American, European organizations with Pulse Secure exploits appeared first on CyberScoop.
By Shannon Vavra on Apr 20, 2021 11:04 am
The Biden administration is buckling down on cyber threats to U.S. power infrastructure. The Department of Energy (DOE) announced a 100-day plan to help shore up the U.S. electric power system against cyber threats Tuesday. The plan, rolled out with the private sector and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), is meant to help owners and operators develop more comprehensive approaches to detection, mitigation and forensic capabilities, according to the National Security Council. As part of the plan, the DOE’s Office of Cybersecurity, Energy Security, and Emergency Response, will focus on getting industrial control system (ICS) owners and operators to select and use technologies that will help gain real-time awareness of cyber threats, and response capabilities, according to a release. The DOE will also be encouraging the deployment of technologies that boost visibility into threats in both ICS and operational technology networks. “The United States […]
The post Biden administration unveils plan to defend electric sector from cyberattacks appeared first on CyberScoop.
By Joseph Neumann & Doug Hudson Cyber Executive Advisor / Senior Director, Coalfire on Apr 20, 2021 10:00 am
In recent months, bug-bounty programs have shifted from mitigating risk to inadvertently creating new liabilities for customers and vendors.
|
