Search Results for “Cyberscoop”

August 7, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Chinese Hacking Group APT41 Has a Side Gig of Manipulating Virtual Currency in the Gaming Sector

Members of a Chinese-state-sponsored hacking group called APT41 have been using their skills to enrich themselves for years in operations targeting the gaming industry, FireEye said. The group’s main task is to conduct espionage in the health care, telecommunications, and education sectors, but on the side the same hackers have manipulated virtual currency in the gaming sector and, in one case, tried to deploy ransomware, to make money. The group’s activities go back years and overlap with the activities of Chinese hacking groups that other security firms call Barium or Winnti.

September 24, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Longer List of Utilities Targeted by State-Sponsored Hackers Than Previously Documented, LookBack Malware Aimed at Seventeen Utility Organizations

A set of possibly state-sponsored hackers has targeted a much longer list of U.S. utility-sector organizations than previously documented, according to cybersecurity company Proofpoint. The number of targeted utilities jumped from the initial three the company reported in early August to at least seventeen in Proofpoint’s most recent tally. Although Proofpoint saw some code overlap with Chinese actors, the identity of the nation-state conducting these efforts is still murky. The attackers send out emails posing as representatives of the Global Energy Certification (GEC), an online training and certification for the energy industry. The phishing emails contain links that lead to LookBack, a remote access trojan that allows for a “range of data exfiltration.

October 16, 2019
Shannon Vavra / Cyberscoop

Shannon Vavra / Cyberscoop  
Hackers Find Thirty-One Vulnerabilities During Pentagon’s Hack the Proxy Program, Including One Critical and Nine High Severity Flaws

Eighty-one hackers found 31 vulnerabilities, one critical and nine considered high severity, across the Department of Defense proxies, virtual private networks, and virtual desktops during the Pentagon’s Hack the Proxy program conducted in partnership with Cyber Command, HackerOne, Defense Digital Service and the Department of Defense. The program focused on finding vulnerabilities external to the Department of Defense Information Network that could enable foreign hackers to watch internal affairs at the Pentagon. The program paid out $33,750 to those who discovered valid bugs, including $16,000 to a single hacker in the U.S.

September 12, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
IT Admin Becomes First Member of Infamous Hacking Crew FIN7 to Plead Guilty to Crimes, Faces Up to 25 Years in Prison

An accused operator of the FIN7 hacking collective, Fedir Hladyr, pleaded guilty in federal court in the Western District of Washington to charges in connection with working as the IT administrator of the group that researchers have suggested stole more than $1 billion from victims worldwide.  Hladyr pleaded guilty to wire fraud and conspiracy to commit computer hacking as part of a deal with prosecutors that will result in a prison sentence of no more than 25 years. Hladyr became the first member of the infamous hacking crew to plead guilty to crimes. FIN7 is accused of stealing more than 15 million credit card numbers from victims including Chipotle, Red Robin, Saks Fifth Avenue, Whole Foods and other retailers and restaurants in 47 states.

Tweets:@ItsReallyNick @dcuthbert @jeffstone500 @felixaime @jorgeorchilles

August 21, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Chinese Government-Linked Hackers Are Targeting Cancer Research Organizations as Country Faces Spike in Cancer Rates

Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions over the past two years in pursuit of research data, according to a FireEye report. In the midst of a cancer rate surge in the country, Chinese hackers targeted in April a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT 41 spearphished employees of the same entity. In 2017,  Chinese hackers tied to China’s civilian intelligence agency APT 10 went on an expedition against health care organizations in Japan with documents related to cancer research conferences.

August 15, 2019
Shannon Vavra / Cyberscoop

Shannon Vavra / Cyberscoop  
Cyber Command Uploads to Virus Total Two Malicious Software Samples Linked to North Korea’s Lazarus Group

Two malicious software samples uploaded by U.S. Cyber Command to VirusTotal are associated with campaigns from North Korea-linked APT threat actor Lazarus Group, according to researchers from Symantec and Crowdstrike. The move by Cyber Command is the second time in as many months it has added malware details to the VirusTotal security repository as part of an information-sharing effort with the private sector. One of the samples uploaded is a DLL, a dynamically linked library, which is usually part of a set of malware while the other file shared is an executable, which is capable of running by itself.

August 27, 2019
Catalin Cimpanu / ZDNet

Catalin Cimpanu / ZDNet  
Cybersecurity Firm Imperva Experienced ‘Security Incident’ Impacting Customers of Cloud Web Application Firewall Formerly Known as Incapsula

Cybersecurity and DDoS mitigation firm Imperva disclosed today an August 20th security incident that impacts a subset of customers of its cloud web application firewall (WAF), formerly known as Incapsula.  Exposed data included customer email addresses, along with hashed and salted passwords, for a subset of customers the company had registered up until September 15, 2017, while for a smaller number of users, API keys and customer-provided SSL certificates were also exposed. Imperva has begun a forensic investigation, is notifying customers and has alerted relevant regulatory agencies.

Related: Threatpost, CRN, SecurityWeek,, Krebs on Security, Glock Takes Stock, Computer Business Review, Imperva Cyber Security Blog, The Hacker News, Cyberscoop, CRN , GBHackers On SecuritySC Magazine, TechNadu, DataBreaches.netHelp Net Security, Infosecurity Magazine

Tweets:@campuscodi @ericgeller @unix_root

Threatpost: Imperva Firewall Breach Exposes Customer API Keys, SSL Certificates
CRN: Imperva Breach Exposed API Keys, SSL Certs For Some Firewall Users
SecurityWeek: Imperva Notifies Cloud WAF Customers of Security Incident Cybersecurity Firm Suffers Security Breach, Client Info Exposed
Krebs on Security: Cybersecurity Firm Imperva Discloses Breach
Glock Takes Stock: Cybersecurity Firm Imperva Discloses Breach
Computer Business Review: Imperva Hacked: Customer API Keys, SSL Certificates Stolen
Imperva Cyber Security Blog: Imperva Security Update
The Hacker News: Imperva Breach Exposes WAF Customers’ Data, Including SSL Certs, API Keys
Cyberscoop: Imperva says cloud firewall customers’ passwords were exposed
CRN : Imperva discloses data breach affecting some firewall users
GBHackers On Security: Imperva Hacked – Email addresses, API keys & SSL certificates of WAF Customers Exposed
SC Magazine: Breach exposes data belonging to Imperva Cloud WAF customers
TechNadu: Imperva Announces Data Breach that Exposes Cloud WAF Customers : Imperva discloses security incident impacting cloud firewall users
Help Net Security: Imperva discloses security incident affecting Cloud WAF customers
Infosecurity Magazine: Imperva Breach Hits Cloud Customers

@campuscodi: Imperva discloses security incident impacting cloud firewall (formerly Incapsula) users-incident impacts users registered up until Sep 15, 2017 -unclear if incident caused by leaky server or intrusion -unclear if hack happened in '17 & discovered now
@ericgeller: Firewall provider Imperva announces data breach affecting customers of its cloud-based web firewall product: passwords, API keys, and SSL certificates among the compromised material.
@unix_root: Cybersecurity company 'Imperva" suffers a #databreach exposing sensitive data—emails, hashed salted passwords, API keys and SSL certificates—for a subset of its Cloud Web Application Firewall (WAF) customers.—by @security_wang

August 26, 2019
Lorenzo Franceschi-Bicchierai / Motherboard

Lorenzo Franceschi-Bicchierai / Motherboard  
Apple Issues Emergency Fix For iPhone Jailbreak Bug That Was Reintroduced in iOS 12.4

Apple issued an emergency patch with the release of iOS 12.4.1 one month after it mistakenly made it easier for hackers to jailbreak up to date iPhones with the release of iOS 12.4. When it released iOS 12.4, Apple reintroduced a bug that had been previously patched. The old bug reintroduced by Apple could be used by malicious hackers to chain it with another exploit to hack iPhone users.

August 23, 2019
Sean Gallagher / Ars Technica

Sean Gallagher / Ars Technica  
Would-Be Digital Cryptography Firm Crown Sterling Sues Black Hat Conference Organizers, Ten ‘Doe’ Defendants Over Disruption at Sponsored Presentation

After almost getting booed off the stage at Black Hat, “emerging digital cryptography” firm Crown Sterling is suing conference company UBM alleging that its Black Hat USA event had breached “its sponsorship agreement with Crown Sterling and the implied covenant of good faith and fair dealing arising therefrom.” The company also accuses the conference organizers of “other wrongful conduct” connected to events surrounding the presentation of a paper by Crown Sterling CEO and founder Robert E. Grant. In addition to legally targeting the conference, Crown Sterling has also filed suit against 10 “Doe” defendants, who it claims orchestrated disruption of the company’s sponsored talk at Black Hat. Before, during and after the conference, cryptographers were extremely skeptical with what Crown Sterling was pitching, with some referring to the talk as “snake oil crypto.”

Related: U.S. District Court (PDF), Business Wire, Cyberscoop

Tweets:@malwarejake @gossithedog @jwgoerlich @J0hnnyXm4s @oscaron @matir @halvarflake @betoonsecurity @snlyngaas @thepacketrat @JGamblin @fs0c131y @shotgunner

U.S. District Court Southern District of New York: Complaint (PDF)
Business Wire: Crown Sterling Files Complaint Against UBM — Owner and Organizer of Black Hat USA 2019 Cryptography Industry Conference
Cyberscoop: The company behind ‘Time A.I.’ is suing the company behind Black Hat

@malwarejake: Does Crown Sterling know there are photos and videos of the room? Because you can call this room a lot of things, but "filled to capacity with conference attendees" isn't one of them...
@gossithedog: Remember the TIME AI(tm) people, Crown Sterling, who bought a talk at Black Hat and then presented laughable rubbish buzzword nonsense? They’re suing Black Hat. If this was a smaller con it would finish them. Never give Crown Sterling a stage again, any and every event.
@jwgoerlich: Remember waaay back at ?Black Hat, when there was a crazy five dimension “crypto” talk, TIME AI, and ? @dguido ? called them out?Well. The TIME AI guys are back. And they brought lawyers.(via ? @thepacketrat ?)
@J0hnnyXm4s: This is the best they could come up with: Holding Black Hat responsible for the conduct of its attendees. GLHF
@oscaron: The only guy I saw complaining was THIS guy....who is connected to Crown Sterling
@matir: Crown Sterling is like a flat earther who read a math textbook while on LSD.
@halvarflake: The Crown Sterling thing is the Infosec variant of the Trump administration :-). Don't reply plz, this is a statement and not an invitation to discuss.
@betoonsecurity: Crown Sterling is a fraud. Not allegedly. I am actively accusing them of being frauds and charlatans.
@snlyngaas: The COO referred Jeff to the lawsuit, but also didn't fail to mention that Crown Sterling has an "exciting" new product set to take the cybersecurity industry by storm.
@thepacketrat: From the lawsuit: "Excitement over Crown Sterling's presence had been building..."
@JGamblin: If 5D encryption doesn't work for Crown Sterling I think they have the Laapr (Lawsuit as a Press Release) market cornered.
@fs0c131y: Seriously? These guys have no shame
@shotgunner: Never fails to amaze me how stupid companies are and those that control them. Crown Sterling is apparently going all out on the stupidity path lol.

Sarah LeBlanc / Augusta Chronicle

Sarah LeBlanc / Augusta Chronicle  
Head of Army Cyber Command Plans to Change Name to ‘Army Information Warfare Command,’ Will Move Unit From Virginia to Georgia

Lt. Gen. Stephen Fogarty, the commander of Army Cyber Command since May 2018, said he plans on proposing a name change for his group over the next two months saying “Army Information Warfare Command” would be a more accurate descriptor.  Fogarty also said the military plans to bring Army Cyber Command headquarters to Fort Gordon in Georgia from Fort Belvoir Virginia.