Security daily (16-09-2020)

Senior Department of Energy cyber official to step down

Bruce Walker, who has served as a senior Department of Energy official focused on cybersecurity since 2017, is leaving his post later this month to work at a security nonprofit, CyberScoop has learned. As an assistant Energy secretary, Walker has been a key player in the department’s efforts to protect U.S. utilities from state-sponsored hacking threats. He also has helped implement a White House executive order in May that keeps federal agencies and companies from installing risky foreign-owned equipment in the electric sector. Walker confirmed to CyberScoop that he will continue some of this work in the nonprofit sector by joining a new resiliency organization — dubbed the Analysis & Resilience Center — that helps financial and energy companies protect themselves from cyberthreats. Walker previous spent nearly two decades at New York utility Con Edison. At the Department of Energy, Walker has worked closely with Alexander Gates, a National Security Agency veteran who was […] The post Senior Department of Energy cyber official to step down appeared first on CyberScoop. (CyberScoop)

NSA director ranks influence operations as a top concern

Foreign influence operations are “the next great disruptor” in the U.S. intelligence community, the director of the National Security Agency said Wednesday. Gen. Paul Nakasone, who also serves as the head of Cyber Command, the Pentagon’s offensive cyber outfit, said he thinks influence efforts have the potential to shape the U.S. intelligence community’s operational environment for years to come. Planting misinformation and spreading disinformation are attractive ways for American adversaries to spread confusion in the U.S., in part because they can be inexpensive and they allow the opportunity to spread discord while operating below the level of armed conflict, Nakasone said. Disinformation specialists have said weaponized misinformation and baseless conspiracy theories already are having an effect on American life, in part because so many social media users spread sensational falsehoods, thinking they’re acting in good faith. “We’ve seen it now in our democratic processes,” Nakasone said during remarks at the virtual Intelligence and National Security […] The post NSA director ranks influence operations as a top concern appeared first on CyberScoop. (CyberScoop)

Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says

Two Iranian nationals have been charged for their alleged involvement in a government-linked hacking operation that has targeted entities in the U.S., Europe, and the Middle East as well as Iranian dissidents and human rights activists, the U.S. Department of Justice said Wednesday. The hackers’ operations, which prosecutors say began as early as 2013, are alleged to have targeted American and foreign universities, a Washington, D.C.-based think tank, non-governmental organizations and nonprofits, as well as a U.S. defense contractor. The two men charged, Hooman Heidarian and Mehdi Farhadi, are alleged to have stolen hundreds of terabytes from victims, including information about national security, foreign policy, intelligence, nuclear information, and the aerospace sector, according to the Justice Department. Attackers allegedly operated at the behest of the Iranian government at times, including instances in which they are accusing of stealing data about opposition leaders, perceived political dissidents, and human rights activists. The hackers are also alleged to have […] The post Alleged Iranian hackers balanced espionage with personal cybercrime, US indictment says appeared first on CyberScoop. (CyberScoop)

An executive perspective: The evolution of security and networking

Organizations can no longer deliver services at scale and still defend against today’s cybersecurity threats without rethinking their approach to security. Ken Xie, cofounder and CEO of Fortinet, sits down with us to discuss what that approach must look like and which primary capabilities organizations must integrate into their operations to more effectively secure their enterprises.  CyberScoop: How have you seen the arc of cybersecurity evolving over the last decade to where enterprises and government agencies are today? Ken Xie: Today, data and applications move between different users, devices and networks, making visibility and control more difficult. The trusted zone has disappeared and the traditional perimeter extends through and with mobile end-user and IoT devices, even beyond the entire infrastructure. At the same time, digital innovation is continuously introducing new edges and fragmenting the perimeter even further. Of course, cloud adoption plays a critical role in all of this. But […] The post An executive perspective: The evolution of security and networking appeared first on CyberScoop. (CyberScoop)

US charges, sanctions Russians accused of stealing $17 million from crypto exchanges

A U.S. federal grand jury has indicted two Russian men in connection with an email scam that defrauded American cryptocurrency exchanges out of nearly $17 million. The Department of Justice on Wednesday unsealed charges against the Russian nationals, Danil Potekhin and Dmitrii Karasavidi, accusing them of using a combination of phishing messages and spoofed websites to steal virtual currency from users at three cryptocurrency exchanges. The fraud effort netted attackers $16.8 million from 2017 to 2018, according to the Justice Department. A grand jury returned the charges in February. By directing victims to visit financial websites that seemed legitimate, the attackers duped traders into entering their usernames and passwords into sites under their control. After gathering the credentials from their malicious site, Potekhin and Karasavidi directed funds from those accounts into their own, prosecutors said. The U.S. Treasury Department also announced Wednesday it has enacted sanctions against the two men, forbidding […] The post US charges, sanctions Russians accused of stealing $17 million from crypto exchanges appeared first on CyberScoop. (CyberScoop)

Networking firm Sandvine cancels Belarus contract, citing ‘custom code’ that aided censorship

Sandvine, an internet routing and networking company, said Tuesday it would stop doing business with Belarus after realizing that government was using its products to suppress information during a bloody crackdown on protesters. “Sadly, preliminary results of our investigation indicate that custom code was developed and inserted into Sandvine’s products to thwart the free flow of information during the Belarus election,” the company said in a statement, which was first reported by Bloomberg News. “This is a human rights violation and it has triggered the automatic termination of our end user license agreement.” Belarus has been in a state of turmoil following an August election marred by allegations of fraud in which President Alexander Lukashenko, who has held power for a quarter-century, claimed victory. State security forces have arrested thousands of people and subjected hundreds to torture, according to Human Rights Watch. Sandvine was founded in Canada and is backed by a […] The post Networking firm Sandvine cancels Belarus contract, citing ‘custom code’ that aided censorship appeared first on CyberScoop. (CyberScoop)

Five Chinese nationals, two Malaysians charged in connection with global hacking campaign

Five Chinese nationals working as part of a well-resourced hacking group and two Malaysian nationals have been charged in connection with a global hacking campaign that hit hundreds of targets in the U.S. and around the world in multiple industries, the Department of Justice announced Wednesday. The accused Chinese hackers allegedly compromised technology providers and installed software backdoors in their networks, giving themselves a portal to collect information. The operation is linked to an advanced persistent threat group known as APT41, which private security firms have tied to the Chinese government. U.S. indictments unsealed Wednesday alleged that the activity is tied to China’s Ministry of State Security (MSS), a civilian intelligence agency. The suspects are alleged to have targeted software development companies, computer hardware manufacturers, telecommunications entities, social media companies, as well as non-profit organizations, universities and think tanks. They are also accused of targeting foreign governments, and pro-democracy politicians and activists in Hong Kong. Prosecutors say the hackers […] The post Five Chinese nationals, two Malaysians charged in connection with global hacking campaign appeared first on CyberScoop. (CyberScoop)

US Charges Five Hackers Part Of Chinese State-Sponsored Group APT41

(News ≈ Packet Storm)

Dunkin Donuts Glazes Over Customer Data Loss In Lawsuit

(News ≈ Packet Storm)

Accidental Airbnb Account Takeover Linked To Recycled Phone Numbers

(News ≈ Packet Storm)

Bluetooth Spoofing Bug Affects Billions Of IoT Devices

(News ≈ Packet Storm)

phpbash – A Terminal Emulator Web Shell

It’s common for hackers to utilize post-compromise tools that contain a graphical user interface (GUI) that can be loaded in the web browser. A GUI generally makes the tool easier to use — and certainly more visually appealing than just raw text. One example of web malware that uses GUIs are PHP webshells like r57. Instead of the hacker manually submitting crafted GET/POST requests to the r57 PHP file, they can simply load the GUI file manager to modify directories or files with one of its many functions. Continue reading phpbash – A Terminal Emulator Web Shell at Sucuri Blog. (Sucuri Blog)

2 Hackers Charged for Defacing Sites after U.S. Airstrike Killed Iranian General

The US Department of Justice (DoJ) on Tuesday indicted two hackers for their alleged involvement in defacing several websites in the country following the assassination of Iranian major general Qasem Soleimani earlier this January.

Behzad Mohammadzadeh (aka Mrb3hz4d), 19, and Marwan Abusrour (aka Mrwn007), 25, have been charged with conspiracy to commit intentional damage to a protected (The Hacker News)

New Report Explains COVID-19's Impact on Cyber Security

Most cybersecurity professionals fully anticipated that cybercriminals would leverage the fear and confusion surrounding the Covid-19 pandemic in their cyberattacks.

Of course, malicious emails would contain subjects relating to Covid-19, and malicious downloads would be Covid-19 related. This is how cybercriminals operate. Any opportunity to maximize effectiveness, no matter how contemptible (The Hacker News)

New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption

A group of researchers has detailed a new timing vulnerability in Transport Layer Security (TLS) protocol that could potentially allow an attacker to break the encryption and read sensitive communication under specific conditions.

Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used (The Hacker News)

Hackers Continue Cyberattacks Against Vatican, Catholic Orgs

The China-linked threat group RedDelta has continued to launch cyberattacks against Catholic institutions since May 2020 until as recently as last week. (Threatpost)

DDoS Attacks Skyrocket as Pandemic Bites

More people being online during lockdowns and work-from-home shifts has proven to be lucrative for DDoS-ers. (Threatpost)

DoJ Indicts Two Hackers for Defacing Websites with Pro-Iran Messages

The two hackers allegedly hacked more than 50 websites hosted in the U.S. and vandalized them with pro-Iran messages. (Threatpost)

Report Looks at COVID-19’s Massive Impact on Cybersecurity

Cynet's report shares several interesting data points and findings, such as the cyberattack volume change observed in various industry sectors, the increased use of spearphishing as an initial attack vector, and the approaches being used to distribute malware in spearphishing attacks. (Threatpost)

Bluetooth Spoofing Bug Affects Billions of IoT Devices

The 'BLESA' flaw affects the reconnection process that occurs when a device moves back into range after losing or dropping its pairing, Purdue researchers said. (Threatpost)


/security-daily/ 17-09-2020 23:44:23