Search Results for “Sean Lyngaas”

August 7, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Chinese Hacking Group APT41 Has a Side Gig of Manipulating Virtual Currency in the Gaming Sector

Members of a Chinese-state-sponsored hacking group called APT41 have been using their skills to enrich themselves for years in operations targeting the gaming industry, FireEye said. The group’s main task is to conduct espionage in the health care, telecommunications, and education sectors, but on the side the same hackers have manipulated virtual currency in the gaming sector and, in one case, tried to deploy ransomware, to make money. The group’s activities go back years and overlap with the activities of Chinese hacking groups that other security firms call Barium or Winnti.

August 21, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Chinese Government-Linked Hackers Are Targeting Cancer Research Organizations as Country Faces Spike in Cancer Rates

Chinese government-linked hackers have targeted organizations involved in cancer research on multiple occasions over the past two years in pursuit of research data, according to a FireEye report. In the midst of a cancer rate surge in the country, Chinese hackers targeted in April a U.S.-based cancer research organization with a malware-laced document referencing a conference the organization hosted. A year earlier, the newly-named Chinese hacking outfit APT 41 spearphished employees of the same entity. In 2017,  Chinese hackers tied to China’s civilian intelligence agency APT 10 went on an expedition against health care organizations in Japan with documents related to cancer research conferences.

September 24, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Longer List of Utilities Targeted by State-Sponsored Hackers Than Previously Documented, LookBack Malware Aimed at Seventeen Utility Organizations

A set of possibly state-sponsored hackers has targeted a much longer list of U.S. utility-sector organizations than previously documented, according to cybersecurity company Proofpoint. The number of targeted utilities jumped from the initial three the company reported in early August to at least seventeen in Proofpoint’s most recent tally. Although Proofpoint saw some code overlap with Chinese actors, the identity of the nation-state conducting these efforts is still murky. The attackers send out emails posing as representatives of the Global Energy Certification (GEC), an online training and certification for the energy industry. The phishing emails contain links that lead to LookBack, a remote access trojan that allows for a “range of data exfiltration.

May 1, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
DHS Tells Federal Agencies They Now Have 15 Days After Discovery to Mitigate Critical Cybersecurity Vulnerabilities

A Binding Operational Directive (BOD) dated April 29 from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gives federal agencies 15 days after discovery to fix vulnerabilities deemed critical, a window that has been shortened from the previous deadline of 30 days to mitigate serious flaws. The BOD also gives agencies 30 days to fix vulnerabilities labeled “high” in severity, which are a step below critical.

April 8, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Nielsen’s Rocky Tenure at DHS Included Some Cybersecurity Accomplishments

The embattled and much-derided head of the Department of Homeland Security (DHS) Kirstjen Nielsen was pushed out of the government agency following a long period during which Donald Trump was reportedly unhappy with Nielsen’s efforts to stop migration at the U.S. southern border. Nielsen, who had a background in cybersecurity before her return to government with the election of Trump (she briefly worked for John Kelly in the White House) was “instrumental” in getting Congress to codify DHS’s Cybersecurity and Infrastructure Security Agency into law, among other accomplishments in the cybersecurity realm.

Related: Israel National News, TIME, LA Daily News, VICE News, FCW, The Hill, Daily Mail, Mercury News, Zero Hedge, DigitalMunition, SC Magazine, Fox News, Channel News Asia, New York Times, Washington Post, Techdirt, Infosecurity Magazine, Daily Nation, Meritalk, Fortune, Current Status – Top Stories, Zero Hedge, Daily Mail, Yahoo News, Washington Post


Israel National News : US Homeland Secretary steps down
TIME: Kirstjen Nielsen Resigns as Department of Homeland Security Secretary
LA Daily News: Homeland Security Secretary Nielsen has resigned
VICE News: Homeland Security chief Kristjen Nielsen is out
FCW: DHS chief Nielsen resigns
The Hill: Nielsen out at Homeland Security
Daily Mail : Elizabeth Warren and other Democrats blast Kirstjen Nielsen as homeland security chief resigns
Mercury News: With migration surging, Homeland Security Secretary Nielsen steps down
Zero Hedge: Neilsen Out At DHS; Slammed By Homeland Security Chairman As “Abysmal Failure”
DigitalMunition: DHS Secretary Nielsen resigns | DigitalMunition
SC Magazine: DHS Secretary Nielsen resigns
Fox News : Nielsen resigns as DHS secretary after White House meeting with Trump – Fox News
Channel News Asia : US Homeland Security chief Nielsen leaving her position: Trump
CBS Austin: Homeland Security Secretary Nielsen resigned
New York Times: Kirstjen Nielsen Resigns as Trump’s Homeland Security Secretary
Washington Post: Homeland Security Secretary Kirstjen Nielsen leaving Trump administration amid surge of migrants
Techdirt: DHS Thinks Homeland Will Be More Secure If Two Federal Agencies Ignore Domestic Terrorists
Infosecurity Magazine: Nielsen Resigns Post as DHS Secretary
Daily Nation: Trump’s revolving door: Nielsen is latest to go
Meritalk : DHS Losing Cyber-Forward Leader as Kirstjen Nielsen Resigns – MeriTalk
Fortune: Ousted DHS Chief Kirstjen Nielsen Was a Lightning Rod for Criticism
Current Status – Top Stories: How border hardliners nudged out Nielsen
Zero Hedge: Neilsen Out At DHS; Slammed By Homeland Security Chairman As “Abysmal Failure”
Daily Mail : Kirstjen Nielsen was FORCED out of her job at Homeland Security
Yahoo News : Trump Taps New Mr. Fix-It for Border Crisis
Washington Post: The Cybersecurity 202: Nielsen departure cThe Cybersecurity 202: Nielsen departure could deal a blow to Trump administration’s cybersecurity efforts…

June 26, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Senate Investigation Report Finds Key Federal Agencies Have Failed to Address Vulnerabilities in Their IT Infrastructure Leaving Sensitive Personal Information Unsafe

More than four years after the breach of the Office of Personnel Management (OPM), in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees, “key federal agencies have failed to address vulnerabilities in their IT infrastructure” and “these failures have left America’s sensitive personal information unsafe and vulnerable to theft,” according to a  report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. Seven of the eight agencies examined in the report failed to secure PII (personally identifiable information) in their most recent IG (Inspector General) audits. Applying critical patch and security updates proved to be a problem for a number of agencies. The report contains a series of recommendations for each of the agencies and Senate investigators want the Office of Management and Budget to require agencies to use a “risk-based budgeting model” that pairs IT spending with metrics.


June 6, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Major BEC Operation ‘Scattered Canary’ Started With a Single Nigerian Craigslist Romance Scammer and Now Employs 35 Crew Members

One West African cybercriminal group called Scattered Canary has risen from a single Craigslist romance scammer who lives in Ibadan, Nigeria to dozens of operatives and is now a major force in launching business email compromise (BEC) scams, researchers at Agari report. The 35 or so Scattered Canary crew members phish for enterprise credentials by spoofing Adobe, DocuSign, and OneDrive applications, according to the research, focusing exclusively on the U.S. and Canada and netting over 3,000 account credentials through phishing. The Scattered Canary attackers send phishing emails to employees and executives designed to look as if they come from a contact within the business, asking them to make a wire transfer to a fake account or fill out a form that steals their login credentials providing access to the company finances.

June 18, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Zero-Day Flaw in TP-Link Wi-Fi Extenders Could Allow Remote Attackers to Control and Command Devices

A zero-day remote code execution (RCE) flaw in a TP-Link Wi-Fi extender could, if exploited, allow a remote attacker to gain complete control over the device and command it with the same privileges of the device’s legitimate user, IBM X-Force researcher Grzegorz Wypych discovered. The specific model checked by Wypych was the TP-Link RE365 Wi-Fi extender with firmware version 1.0.2, build 20180213 Rel. 56309 but three other models are also affected: RE650, RE350, and RE500. Wypych referred potentially affected users to check the company’s website for firmware updates.

July 2, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Newfound Remote Access Trojans Used by OceanLotus Group Rely on ‘Swiss-Army Knife’ of Network Attack Techniques

A set of newfound remote access trojans (RATs) dubbed Ratsnif used by Vietnam’s top hacking group OceanLotus group, also known as APT32, remained largely undetected for years despite their reliance on sloppy code and “a veritable swiss-army knife of network attack techniques” that fall short of the sophisticated hacking group’s efforts, researchers at Cylance report. OceanLotus RAT developers used a “convoluted” and unnecessarily complex way of supplying the malware with the configuration file path pieced together from open source code, the researchers say.