Search Results for “Sean Lyngaas”

March 10, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
IT Network of European Electricity Markets Coordinating Organization Was Hacked, Breach Did Not Affect Operational Systems

The European Network of Transmission System Operators for Electricity (ENTSO-E), an organization that ensures coordination of European electricity markets and whose members include sizeable electric transmission operators across the continent, said its IT network had been compromised in a cyber intrusion. The affected office network is not connected to any operational electric transmission system, ENTSO-E said, meaning the attack was confined to IT systems and did not impact critical control systems. Some ENTSO-E members say they are investigating the breach.

Related: ENTSO-E

Tweets:@snlyngaas @tuomorusila @malwarejake

May 27, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
German Government Warns That Russian State-Backed Hacking Group Berserk Bear Continues to Attack Critical Infrastructure

A hacking group called Berserk Bear, which some analysts believe works on behalf of Russia’s FSB intelligence agency, has continued long-running efforts to target German critical infrastructure companies, according to a confidential German government advisory. The group has been using the supply chain to access the IT systems of German energy, water and power companies, according to the alert from the BSI, BND, and BfV federal agencies. Berserk Bear is best known in the U.S. for a years-long campaign to collect data on U.S. energy companies, which the Trump administration blamed on the Russian government in 2018,

March 30, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
HackerOne Kicks Mobile Voting App Voatz to the Curb Citing Company’s Hostile Relationships With Security Researchers

For the first time in its history, bug bounty facilitator HackerOne has booted a company off its list of participants, kicking mobile voting provider Voatz to the curb, citing its hostile relationships with security researchers. The decision comes after Voatz assailed the motives of MIT researchers who found vulnerabilities in the Voatz app they said could be exploited to “alter, stop, or expose a user’s vote.”

Related: Dark Reading

Tweets:@kimzetter @kimzetter @gregotto @robpegararo @konklone

May 28, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Valak Malware Has Been Tweaked Around Thirty Times Over Past Six Months to Give It Greater Flexibility to Attack Microsoft Exchange Servers

The malware called Valak has been used in hacking attempts against multiple economic sectors in the U.S. and Germany in the last six months and has been targeting Microsoft Exchange servers, researchers at Cybereason report. The Valak code has been tweaked around 30 times over the past six months to give it the flexibility to engage in multistage attacks. Among its improvements, the most important and interesting addition to the newer versions of Valak is a component called “PluginHost,” which provides communication with the C2 server and downloads additional plugins under the name “ManagedPlugin.” Among the plugins observed are “Systeminfo” and “Exchgrabber,” both of which appear to target enterprises specifically.

Related: Reddit – cybersecurity, ZDNet, TechNadu, GBHackers On Security, Security Affairs, Cybereason, The Daily Swig, Threatpost, Reddit – cybersecurity

May 14, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
UK Electricity Load Balancing Company Elexon Said Cyberattack Hit Internal Computers Cutting Off Employee Email Access

UK electricity load balancing company Elexon said that a cyberattack had hit its internal computers, cutting off email access for employees. The attack hit Elexon’s corporate IT network and didn’t hit the industrial control part of its infrastructure. The electricity supply was not affected, and the company said it had identified the root cause of the attack and is taking steps to restore affected internal systems.

Related: Elexon, ZDNet Security, The State of Security, Forbes, IT Pro, CyberSecurity Help s.r.o., Verdict, TechNadu, CISO MAG, SecurityWeek, The Guardian

Tweets:@emilygosden @ELEXONUK @ELEXONUK @shah_sheikh @markaorlando @ng_eso

Elexon: BSC Bulletin 336 – ELEXON’s internal IT systems have been impacted by a cyber attack
ZDNet Security: UK electricity middleman hit by cyber-attack
The State of Security: UK Power Grid Network Middleman Struck by Digital Attack
Forbes : Cyber Attack On U.K. Electricity Market Confirmed: National Grid Investigates – Forbes
IT Pro: Key UK energy company hit by cyber attack | IT PRO
CyberSecurity Help s.r.o.: UK key energy market player Elexon hit by cyber attack
Verdict: Elexon cyberattack: No blackout but supply chain vulnerability exposed
TechNadu: “ELEXON” Announced Security Incident but Crucial Services Remain Up
CISO MAG: UK’s Electricity Body Elexon Suffers Cyberattack
SecurityWeek: UK Electricity Market Administrator Elexon Targeted by Hackers
The Guardian: Lights stay on despite cyber-attack on UK’s electricity system 

@emilygosden: Yikes. National Grid's control room business @ng_eso, which is responsible for keeping the lights on, tells me it's investigating "any potential impact on our own IT networks" after this cyber-attack on Elexon, which ESO technically owns and works with closely...
@ELEXONUK: Our internal IT systems have been impacted by a cyber-attack. BSC Central Systems and EMR are currently unaffected. Please note that we are currently unable to send or receive any emails. See more information here: Apologies for any inconvenience.
@ELEXONUK: Update on our internal IT issues: We have identified the root cause of a cyber attack and are working to resolve the issue. BSC Systems (and their data) and EMR are currently unaffected and working as normal. Please see this notice for more information:
@shah_sheikh: Cyberattack hits internal IT systems of key player in British power market: Elexon, a company that facilitates transactions on the British electricity market, said Thursday that a cyberattack had hit its internal computers, cutting off email access for…
@markaorlando: Cyberattack hits British electricity intermediary Elexon: “While the cyberdefense of utilities that deliver electricity often get public attention, the attack on Elexon is an example of how lesser-known players in the power market also face threats.”
@ng_eso: We’re aware of a cyber attack on ELEXON’s internal IT systems. We’re investigating any potential impact on our own IT networks. Electricity supply is not affected. We have robust cybersecurity measures across our IT and operational infrastructure to protect against cyber threats.

April 17, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Czech Cybersecurity Authorities Issue Advisory Warning About Attacks on Health Care Facilities, Two Czech Hospitals Report Foiled Cyberattacks

The Czech government’s principal cybersecurity agency on Thursday said a recent spearphishing campaign could indicate that “the preparatory phase” of attacks on IT systems and health care facilities. The advisory issued by the cyber agency requires operators of critical infrastructure and major IT systems to heed the warning and take defensive measures. On Friday, two hospitals in the Czech Republic, the university hospital in the eastern Czech city of Ostrava and a hospital in the eastern city of Olomouc, reported attempted unsuccessful attacks on their computer systems.

January 7, 2020
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
CISA Issues Alert, Technical Guidance to Help Organizations Protect Assets Given Tensions With Iran

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an alert and separately technical guidance “as a primer for assisting in the protection of our Nation’s critical infrastructure in light of the current tensions between the Islamic Republic of Iran and the United States and Iran’s historic use of cyber offensive activities to retaliate against perceived harm.” The technical guidance recommends organizations adopt a heightened state of awareness, increase vigilance, confirm reporting processes, and exercise organizational incident response plans. The guidance further offered recommendations regarding publicly known Iranian advanced persistent threat (APT) techniques are based on the MITRE ATT&CK Framework.

Related: TechCrunch, MSSP Alert, Meritalk,, VICE News, New Yorker,, The Register – Security, Homeland Security Today, KnowBe4

Tweets:@USCERT_gov @donie @brysonbort @snlyngaas

May 1, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
DHS Tells Federal Agencies They Now Have 15 Days After Discovery to Mitigate Critical Cybersecurity Vulnerabilities

A Binding Operational Directive (BOD) dated April 29 from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) gives federal agencies 15 days after discovery to fix vulnerabilities deemed critical, a window that has been shortened from the previous deadline of 30 days to mitigate serious flaws. The BOD also gives agencies 30 days to fix vulnerabilities labeled “high” in severity, which are a step below critical.

April 8, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Nielsen’s Rocky Tenure at DHS Included Some Cybersecurity Accomplishments

The embattled and much-derided head of the Department of Homeland Security (DHS) Kirstjen Nielsen was pushed out of the government agency following a long period during which Donald Trump was reportedly unhappy with Nielsen’s efforts to stop migration at the U.S. southern border. Nielsen, who had a background in cybersecurity before her return to government with the election of Trump (she briefly worked for John Kelly in the White House) was “instrumental” in getting Congress to codify DHS’s Cybersecurity and Infrastructure Security Agency into law, among other accomplishments in the cybersecurity realm.

Related: Israel National News, TIME, LA Daily News, VICE News, FCW, The Hill, Daily Mail, Mercury News, Zero Hedge, DigitalMunition, SC Magazine, Fox News, Channel News Asia, New York Times, Washington Post, Techdirt, Infosecurity Magazine, Daily Nation, Meritalk, Fortune, Current Status – Top Stories, Zero Hedge, Daily Mail, Yahoo News, Washington Post


Israel National News : US Homeland Secretary steps down
TIME: Kirstjen Nielsen Resigns as Department of Homeland Security Secretary
LA Daily News: Homeland Security Secretary Nielsen has resigned
VICE News: Homeland Security chief Kristjen Nielsen is out
FCW: DHS chief Nielsen resigns
The Hill: Nielsen out at Homeland Security
Daily Mail : Elizabeth Warren and other Democrats blast Kirstjen Nielsen as homeland security chief resigns
Mercury News: With migration surging, Homeland Security Secretary Nielsen steps down
Zero Hedge: Neilsen Out At DHS; Slammed By Homeland Security Chairman As “Abysmal Failure”
DigitalMunition: DHS Secretary Nielsen resigns | DigitalMunition
SC Magazine: DHS Secretary Nielsen resigns
Fox News : Nielsen resigns as DHS secretary after White House meeting with Trump – Fox News
Channel News Asia : US Homeland Security chief Nielsen leaving her position: Trump
CBS Austin: Homeland Security Secretary Nielsen resigned
New York Times: Kirstjen Nielsen Resigns as Trump’s Homeland Security Secretary
Washington Post: Homeland Security Secretary Kirstjen Nielsen leaving Trump administration amid surge of migrants
Techdirt: DHS Thinks Homeland Will Be More Secure If Two Federal Agencies Ignore Domestic Terrorists
Infosecurity Magazine: Nielsen Resigns Post as DHS Secretary
Daily Nation: Trump’s revolving door: Nielsen is latest to go
Meritalk : DHS Losing Cyber-Forward Leader as Kirstjen Nielsen Resigns – MeriTalk
Fortune: Ousted DHS Chief Kirstjen Nielsen Was a Lightning Rod for Criticism
Current Status – Top Stories: How border hardliners nudged out Nielsen
Zero Hedge: Neilsen Out At DHS; Slammed By Homeland Security Chairman As “Abysmal Failure”
Daily Mail : Kirstjen Nielsen was FORCED out of her job at Homeland Security
Yahoo News : Trump Taps New Mr. Fix-It for Border Crisis
Washington Post: The Cybersecurity 202: Nielsen departure cThe Cybersecurity 202: Nielsen departure could deal a blow to Trump administration’s cybersecurity efforts…

June 26, 2019
Sean Lyngaas / Cyberscoop

Sean Lyngaas / Cyberscoop  
Senate Investigation Report Finds Key Federal Agencies Have Failed to Address Vulnerabilities in Their IT Infrastructure Leaving Sensitive Personal Information Unsafe

More than four years after the breach of the Office of Personnel Management (OPM), in which alleged Chinese hackers stole sensitive personal data on 22 million current and former federal employees, “key federal agencies have failed to address vulnerabilities in their IT infrastructure” and “these failures have left America’s sensitive personal information unsafe and vulnerable to theft,” according to a  report from the Senate Committee on Homeland Security and Government Affairs’ Permanent Subcommittee on Investigations. Seven of the eight agencies examined in the report failed to secure PII (personally identifiable information) in their most recent IG (Inspector General) audits. Applying critical patch and security updates proved to be a problem for a number of agencies. The report contains a series of recommendations for each of the agencies and Senate investigators want the Office of Management and Budget to require agencies to use a “risk-based budgeting model” that pairs IT spending with metrics.