Search Results for “Jeff Stone”


March 25, 2020
Securiosity

Securiosity  
What happened with the Vault 7 trial?

Right before the world drastically changed due to the COVID-19 pandemic, the craziest story in cybersecurity was the Vault 7 trial. With that ending in a mistrial, Greg Otto and Jeff Stone look at how the government failed to get a conviction, what we learned about the CIA and when, if ever, we could see a new trial.

May 14, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Zero-Day Broker Zerodium Says It Will Stop Taking Submissions for Apple iOS Bugs Because It Already Has Too Many

Zerodium, a company that pays hackers for zero-day flaws, announced that it wouldn’t be accepting any more submissions because it already has too many. Zerodium said it would stop receiving Apple iOS bugs that lead to “local privilege escalation,” or “sandbox escape” tools. In a follow-up tweet, Zerodium CEO Chaouki Bekrar said Zerodium also is aware of “a few” zero-day vulnerabilities affecting “all iPhones/iPads.”

Related: Register, Sensors Tech Forum, AppleInsider, SecurityWeek, iMore

Tweets:@zerodium @cbekrar @TheRegister


March 26, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
In Rare Move, Russian Authorities Bust Cybercriminals Who Allegedly Ran Dark Web Marketplaces, Twenty-Five People Arrested

In a rare Russian law enforcement action against cybercriminals, Russia’s Federal Security Service (FSB), on March 20, arrested 25 people, including Russians and Ukrainian and Lithuanian citizens, for their alleged roles in a digital identity theft ring. The accused criminals were allegedly running a dark web marketplace called BuyBest, or GoldenShop, and dozens of corresponding “mirror” websites, according to an alert from the threat intelligence firm Gemini Advisory. Alexey Stroganov, an accused hacker who went by the name “Flint24,” was among those arrested, according to a court file posted on a Moscow city website.

May 29, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Magistrate Judge Rules That Capitol One Must Turn Over Mandiant’s Forensic Report Related to 2019 Breach

U.S. Magistrate Judge John Anderson n the U.S. District Court for the Eastern District of Virginia ruled that Capital One must allow plaintiffs to review Mandiant’s forensic report related to the bank’s 2019 data breach despite the bank’s protests that it is a protected legal document. Anderson said the report, prepared by Mandiant, was the result of a business agreement, and that the legal doctrine argument was “unpersuasive.” The report is expected to detail “engagement activities, results, and recommendations for remediation” stemming from the breach announced in July 2019.

April 21, 2020
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Supreme Court Agrees to Take Case That Could Clarify What Constitutes Unauthorized Computer Access Under CFAA

The Supreme Court agreed to take up a case that may finally clarify the uncertainty surrounding the 1986 Computer Fraud and Abuse Act, legislation that has been interpreted differently across the various judicial circuits, confusing what constitutes unauthorized access to a computer. The case the Court agreed to hear involves a police sergeant Nathan Van Buren who was convicted of violating the CFAA by searching police records on behalf of an acquaintance who offered him cash – the acquaintance turned out to be part of a police sting. Yet as a police officer, Van Buren had every legal right to access the police records and was not engaging in “unauthorized” access of the computer, his attorneys argue.

Related: iTnews – Security, The Seattle Times, Fifth Domain | CyberLaw360, iTnews – Security, The Register – Security, Reason

Tweets:@KimZetter


November 7, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Flaw in Amazon’s Ring Video Doorbell Pro IoT Can Allow Attacker to Intercept Wi-Fi Credentials and Attack Household Network

An issue in Amazon’s Ring Video Doorbell Pro IoT device allows an attacker physically near the device to intercept the owner’s Wi-Fi network credentials and possibly mount a broader attack against the household network, researchers at Bitdefender report. One primary reason the credentials are interceptable is that the device receives the user’s network credentials from the smartphone app, with the data exchange performed through plain HTTP, which means that the credentials are exposed to any nearby eavesdroppers. A hostile actor can also trigger the reconfiguration of the Ring Video Doorbell Pro by continuously sending de-authentication messages so that the device gets dropped from the wireless network.

Related: TechCrunch, ZDNet, Bitdefender

Tweets:@shanvav @jeffstone500 @zackwhittaker @gregotto


May 11, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Feds Charge Six Members of ‘The Community’ Hacking Group, Three Former Mobile Phone Company Employees, in Cryptocurrency Theft SIM Hijacking Cases

Federal prosecutors announced that six individuals connected to a hacking group known to its members as “The Community” were charged in a fifteen-count indictment with conspiracy to commit wire fraud, wire fraud and aggravated identity theft. The indictment alleges they have engaged in identity theft in order to steal cryptocurrency via SIM hijacking, which enabled them to gain control over victims’ phone numbers. In addition, authorities filed a criminal complaint against three former employees of mobile phone providers with wire fraud in relation to the conspiracy, alleging they helped The Community steal the identities of subscribers to their employers’ services in exchange for bribes.

May 10, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
One of the Alleged FIN7 Hacking Group Leaders is Scheduled to Be Extradited to U.S. Where He Will Plead Not Guilty

Andrii Kolpakov, allegedly one of the three leaders of the FIN7 hacking group, which authorities say is behind the theft of 15 million payment card numbers, is scheduled to be extradited to the U.S., according to his attorney, Vadim Glozman, who took over the case in April. Kolpakov, will plead not guilty when he arrives in court from Spain to face charges in U.S. District Court for the Western District of Washington. The Ukranian national was arrested in Spain in June 2018 and faces 26 criminal counts in the U.S., including aggravated identity theft, intentional damage to a protected computer and wire fraud.

July 3, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Russian Hacking Group Called ‘Silence’ Is Main Suspect in $3 Million Bangladesh ATM Heists

A small Russian hacking group dubbed ‘Silence’ should be considered the main suspect in a bank heist of $3 million in Bangladesh, according to Group-IB. The group appears to have softened up access controls on nine Dutch Bangla Bank ATMs before money mules made a series of cash withdrawals ending on May 31. Local law enforcement officials believe the crooks might be connected with Lazarus Group, a cybercrime organization linked to North Korea, which has been blamed for trying to steal nearly $1 billion from the Bank of Bangladesh in 2016.

Related: Security Affairs, BleepingComputer.comZDNet SecurityThe Register – Security, Group-IB

Tweets:@campuscodi @josephfcox @campuscodi


June 21, 2019
Jeff Stone / Cyberscoop

Jeff Stone / Cyberscoop  
Dell Says SupportAssist Software Flaw Affects Millions of Windows Machines, Issues Advisory Weeks After Patching to Give Third-Party Behind Flaw Time to Release Its Own Advisory

Computer giant Dell issued a security advisory regarding Dell SupportAssist for Business PCs and Dell SupportAssist for Home PCs encouraging customers to patch a software vulnerability that enables hackers to access sensitive information on “several million” machines running Microsoft Windows. The unspecified issue in Dell’s SupportAssist application could allow outsiders to take over a machine and read the stored physical memory, according to SafeBreach Labs. Dell released a patch to fix this issue on May 28 but waited to go public with its advisory to give PC Doctor, the third-party supplier behind the component responsible for the vulnerability, to release its own advisory.

Related: The Register – Security, Dell, Forbes, Help Net Security, ITWeb.co.za latest newsBetaNews, Threatpost, TechRepublic, Computer Business ReviewThe Hacker News, Safebreach Labs

Tweets:@threatpost @Swati_THN