Specialized Recruiting Solutions Designed to Access Deep Talent Pools
Call Us: 415-510-2973

Archive for the News Category

UK Government in Lock Down After Email Attack

UK Government in Lock Down After Email Attack

The UK Parliament email system and remote access to it has been locked down after an attempt to access the accounts of hundreds of MPs, Lords, aides and staff was made by an unauthorized party.

According to the Independent, security services shut down access for anyone not in Westminster as part of efforts to secure the network.

“The Houses of Parliament have discovered unauthorized attempts to access parliamentary user accounts,” a parliamentary spokesperson told The Independent. “We have systems in place to protect member and staff accounts and are taking the necessary steps to protect our systems.”

An email was sent to anyone using a parliamentary address, warning of “unusual activity and evidence of an attempted cyber-attack”.

According to the Huffington Post, users in the Commons and Lords were targeted by attackers seeking out those using weak passwords, and in response, security teams “made changes”, including curbs on remote access and mobile phone accounts, to prevent the attackers accessing the system.

The news follows reports, including by The Times, which reported that attackers based in Russia had put passwords belonging to senior ministers, ambassadors and senior police officers for sale online. That information was believed to have be related to breaches from LinkedIn, MySpace and other websites, with many passwords “easy to guess” incorporating memorable numbers and relatives’ names.

The email sent to staff confirmed that government was working with the National Cyber Security Centre (NCSC) ‘to identify the method of the attack and have made changes to prevent the attackers gaining access’. 

Source: Information Security Magazine

Virgin Media Customers Urged to Change Passwords

Virgin Media Customers Urged to Change Passwords

Virgin Media customers using the broadband giant’s Super Hub 2 routers have been urged to change their passwords after a Which? investigation revealed they could be cracked in days, allowing attackers to access connected home devices.

There are currently over 860,000 users of these router models in the UK potentially exposed if they are still using the default password printed on the router, the report claimed.

Using publicly available hacking tools the consumer reviews site was able to crack the password in just a few days, given it’s just eight characters long and uses only lowercase A-Z letters.

Doing so also gave the investigators access to the router’s configuration page and the ability to target other connected devices on the home network – which could range from smart baby monitors to home security systems.

Users were urged to replace default passwords with new credentials of at least 12 characters, including a mix of upper and lower-case letters, and numbers.

Those on the Super Hub 3 are apparently not at risk as it includes strong passwords by default.

The news comes just a week after researchers revealed a serious software bug in Netgear-produced Super Hub 2 and Super Hub 2AC models could have allowed hackers to remotely monitor users’ internet traffic.

Trend Micro's Bharat Mistry argued that router and IoT device manufacturers are still treating security as an afterthought as they rush to get products to market as quickly as possible and with easy set-up for the end user.

“The use of default usernames and passwords is a common technique used by most manufacturers to allow basic setup of the device, however it is the exploitation of these parameters that hackers use to compromise a device,” he added.

“If manufacturers took some basic steps such as on activation the consumer of the device is forced to change the username and password that would at least ensure credentials shipped with the product couldn’t be used.”

Source: Information Security Magazine

Two Men Arrested in Connection with Microsoft Hack

Two Men Arrested in Connection with Microsoft Hack

Two British men have been arrested in connection with an international investigation into the unauthorized access of Microsoft networks.

Detectives from the South East Regional Organised Crime Unit (SEROCU) arrested a 22-year-old man from Lincolnshire on suspicion of gaining unauthorized access to a computer, and a 25-year-old man from Bracknell under Computer Misuse Act offences.

Detective sergeant Rob Bryant from SEROCU’s Cyber Crime Unit claimed his team had been liaising closely with officers and colleagues in the East Midlands Special Operations Unit (EMSOU), Microsoft’s cyber team, the FBI, Europol and the NCA’s National Cyber Crime Unit (NCCU).

“This group is spread around the world and therefore the investigation is being coordinated with our various partners. We’ve made two arrests in the UK this morning and have seized a number of devices,” he explained in a statement.

“We are still in the early stages of this investigation and will work with our partners to ensure that cyber-criminals have no place to hide.”

The offences took place between January and March this year, but Bryant claimed it was too early to speculate on what info the group had accessed.

However, he reassured Microsoft customers that their personal details were safe.

A Microsoft statement claimed that the arrests mark an “important step” in the fight against cybercrime. It added:

“Stronger internet security depends on the ability to identify and prosecute cybercriminals. This requires not only a strong technical capability, but the willingness to acknowledge issues publicly and refer them to law enforcement. No company is immune from cybercrime…

"We have comprehensive measures in place to prevent, detect, and respond to attacks. We also have specialist teams focused on working with law enforcement to identify people who attack either us or our customers, and we're committed to fast and effective action against attackers."

Source: Information Security Magazine

Cyber Essentials ‘Breach’ Exposes Firms to Phishers

Cyber Essentials ‘Breach’ Exposes Firms to Phishers

Some organizations signed up to the government-backed Cyber Essentials security certification scheme are at risk of phishing attacks after a configuration error by a third-party software provider exposed their corporate email addresses.

The IASME Consortium is one of six organizations appointed by the government to certify firms according to the scheme, which aims to drive up security standards by focusing on five essential technical controls which it’s claimed would prevent most cyber-attacks.

It also runs the IASME Governance standard, marketed as “a realistic alternative to ISO27001.”

However, it has emerged that problems with the software platform used to assess Cyber Essentials compliance have led to an unintended data breach.

IASME sent Infosecurity Magazine the following statement:

“A configuration error in the Pervade Software platform used by IASME for Cyber Essentials assessments meant that some company names and corporate email addresses were made available to a third party. That error was fixed as soon as we realised the issue and all affected companies have been notified. We have notified the relevant authorities and are following their advice.

"We re-iterate that the assessment platform itself was not compromised.”

Organizations signing up to be assessed by IASME and certified as Cyber Essentials compliant will be disappointed to hear that doing so has put them at risk. However, security experts played down the seriousness of the incident.

Ilia Kolochenko, CEO of web security company, High-Tech Bridge, argued that it pales in comparison to some of the recent high-profile incidents which have led to the theft of billions of user details.

"Indeed, it can facilitate phishing attacks against the companies whose emails addresses were exposed, however virtually all this data can be gathered from public sources, albeit over a much longer period of time,” he added.

“Practically speaking and due to the nature of the Cyber Essentials accreditation, all the companies from the list should have capabilities to detect and mitigate phishing attacks. Additional vigilance would certainly do no harm though."

Source: Information Security Magazine

Fraudster Made £100K from Online Banking Bug

Fraudster Made £100K from Online Banking Bug

An online fraudster has been jailed after pocketing nearly £100,000 by exploiting a glitch in his online banking platform.

James Ejankowski, 24, defraud the Clydesdale Yorkshire Bank of more than £99,000 in December last year, according to the Teeside Gazette.

It was claimed at Teeside Crown Court that Ejankowski discovered a bug in the portal whereby he could transfer sums of money between current and savings accounts without the bank knowing – as long as he did so between the hours of midnight and 1am.

That meant he could ensure a credit balance in one account for that hour even if there was actually no money there.

Ejankowski is said to have transferred over £53,000 to his partner’s account and over £1300 to his father-in-law, whom he told he’d won the money on a scratchcard.

Some of the funds were reportedly used to pay off debts, given as gifts to family members, and to buy a Range Rover and BMW, as well as several facial tattoos.

When he finally handed himself in to police on Boxing Day he claimed there was just £40 left.

Ejankowski of Clarence Road, Bridlington, was jailed for 16 months after he pleaded guilty to fraud and his partner Charlotte Slater was handed six months suspended for 18 months with 30 days “rehabilitation activities” after admitting acquiring criminal property.

The jail term probably came as a result of Ejankowski having previously been convicted in 2015 for fraud related to selling items on the internet, for which he reportedly served community punishment.

The bank has apparently now fixed the online loophole which enabled the fraud.

Online banking fraud actually fell between 2015 and 2016, according to Financial Fraud Action UK. The payment industry body revealed earlier this year a drop of 24% to just £102m, while the number of cases increased slightly, by 2%.

Source: Information Security Magazine

DHS: Kremlin Targeted Election Systems in 21 States

DHS: Kremlin Targeted Election Systems in 21 States

Officials from the Department of Homeland Security (DHS) have confirmed reports that Russian attempts to swing the 2016 US presidential election also involved cyber-attacks against election infrastructure, but not vote tallying systems.

Appearing in public before the US Senate Intelligence Committee were Samuel Liles, acting director of the DHS Office of Intelligence and Analysis (I&A), Cyber Division, and Jeanette Manfra, acting deputy undersecretary for cybersecurity and comms at the DHS’ National Protection and Programs Protectorate.

Their joint testimony revealed that in September, investigators found “suspicious and malicious cyber activity targeting the US election infrastructure”, leading to a report published in October.

It had the following:

“While not a definitive source in identifying individual activity attributed to Russian government cyber actors, [the report] established that internet-connected election-related networks, including websites, in 21 states were potentially targeted by Russian government cyber actors… a small number of networks were successfully compromised, there were a larger number of states where attempts to compromise networks were unsuccessful, and there were an even greater number of states where only preparatory activity like scanning was observed.”

They clarified that the attacks are not thought to have been conducted against vote tallying machines but other parts of the election management infrastructure – perhaps to undermine voter confidence in the eventual result rather than actually alter the count.

The testimony continued:

“Further, we assessed that multiple checks and redundancies in US election infrastructure—including diversity of systems, non-internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.”

Also testifying at the committee was Bill Priestap, assistant director of the FBI’s counterintelligence division. He described Russia’s attempts to influence the election as its “boldest to date” in the US.

Priestap added:

“Russia's activities included efforts to discredit Secretary Clinton and to publicly contrast her unfavorably with President Trump. This Russian effort included the weaponization of stolen cyber information, the use of Russia's English-language state media as a strategic messaging platform, and the mobilization of social media bots and trolls to spread disinformation and amplify Russian messaging.”

The testimony comes after a leaked NSA report published earlier this month confirmed that Russian intelligence officials at the GRU attacked VR Systems, a company that makes machines which authenticate voters on polling day, and then used that access to spear phish local election officials.

Source: Information Security Magazine

Microsoft Hits Back at AV Antitrust Allegations

Microsoft Hits Back at AV Antitrust Allegations

Microsoft has admitted interfering with third-party AV software running on Windows 10, but only if it is incompatible with the OS and needs updating.

The news came in a lengthy blog post by Rob Lefferts, partner director for the security and enterprise part of the Windows & Devices Group.

He revealed that following the Windows 10 Creators Update released on April 11, 95% of Windows PCs running third-party AV had a compatible application installed.

“For the small number of applications that still needed updating, we built a feature just for AV apps that would prompt the customer to install a new version of their AV app right after the update completed,” Lefferts explained.

“To do this, we first temporarily disabled some parts of the AV software when the update began. We did this work in partnership with the AV partner to specify which versions of their software are compatible and where to direct customers after updating.”

What’s more, Windows Defender doesn’t interfere with a user’s machine once a compatible AV app has been installed, he claimed.

“Microsoft’s own free, built-in Windows Defender Antivirus does not run periodic scans without explicit customer action or provide protection until the chosen third-party AV solution is no longer protecting the Windows 10 device due to expiration”. said Lefferts.

The Redmond security team has “worked closely with AV partners”, providing early builds of products for them to test as well as technical guidance, and regularly proposes new ideas on customer protection to the community of security partners, he added.

The blog could be seen as a response to accusations from Russian AV vendor Kaspersky Lab that it abuses its dominant position in the OS market to force its own AV on users.

Antitrust investigators are already probing the claims in Russia and Kaspersky Lab has filed lawsuits with the European Commission and German Federal Cartel Office.

A lengthy blog post published last November by CEO Eugene Kaspersky details the main points of contention, many of which Lafferts has now addressed.

“When you upgrade to Windows 10, Microsoft automatically and without any warning deactivates all ‘incompatible’ security software and in its place installs … you guessed it – its own Defender antivirus,” Kaspersky claimed.

“But what did it expect when independent developers were given all of one week before the release of the new version of the OS to make their software compatible? Even if software did manage to be compatible according to the initial check before the upgrade, weird things tended to happen and Defender would still take over.”

Kaspersky also claimed that Microsoft buries renewal notices for third-party AV, a point which Lafferts appeared to dispute.

“In the case of paid AV solutions, we worked with our AV partners to build a consistent set of notifications to inform customers if their license is about to expire and to present options to renew the license,” the Microsoft man said.

“Only when an AV subscription expires, and the AV application decides to stop providing protection to the customer, will Windows Defender Antivirus begin providing protection.”

Source: Information Security Magazine

Security Pros 'Prefer' Root Canal Surgery Over Informing Board of Breaches

Security Pros 'Prefer' Root Canal Surgery Over Informing Board of Breaches

Almost half (44%) of security professionals would rather have root canal surgery than make the dreaded walk of shame to the boardroom to explain that they’ve suffered a data breach, according to results from a survey carried out by malware protection firm Lastline at Infosecurity Europe 2017.

Lastline polled 326 information security professionals during the conference at London’s Olympia earlier this month and revealed the severity with which all organizations—regardless of size or industry—treat the prospect of a data breach..

“The fact that nearly half of cybersecurity professionals would prefer to undergo a painful dental procedure than face their board about a data breach just shows how seriously these attacks affect organizations today.

“On a more positive note, it does show that cybersecurity has risen up the board’s agenda,” he added.

Concerns have been raised for some time about how high up the priority list cybersecurity and data protection has been for boards within organizations, but it would appear that the unprecedented levels of data loss seen over the last 12-18 months has made information cybersecurity a top concern for all corners of a company.

Speaking to Infosecurity Steve Durbin, managing director, Information Security Forum, said that the realities of operating in cyber space is that at some point things will go wrong—and that could mean a breach or loss of personal data.

“With regulators tightening their focus in this area, and with GDPR this will only increase, boards are at last beginning to realize that they have a key role to play in ensuring the security of the business,” he explained.

However, in many cases we are still a long way off the level of mutual trust and understanding required to ensure that cybersecurity is aligned with corporate strategy, Durbin added.

“Security leaders need to continue to develop their relationship with the board to explain, in business language, the implications of certain actions and the requirements for good cyber-hygiene across the business. This requires the commitment of the business and security to work collaboratively.

“Nobody likes to deliver bad news to the board, and let's face it, boards are not eager to hear such news, but a closer relationship based on regular updates and sharing of steps being taken to align security with strategic business direction will at least ensure a higher degree of understanding in the boardroom that whilst a breach of some nature may be inevitable.”

Source: Information Security Magazine

Honda Forced to Shut Plant After WannaCry Returns

Honda Forced to Shut Plant After WannaCry Returns

Japanese carmaker Honda has admitted it was forced to briefly shut down a manufacturing plant after finding WannaCry ransomware on its network weeks after the threat first struck around the world.

The firm is said to have pulled the plug at its Sayama plant on Monday after discovering a day earlier that the notorious ransomware was present on machines in Japan, North America, Europe, China and elsewhere.

A spokeswoman told Reuters that the firm had worked to patch systems against the threat when it emerged in mid-May.

Those efforts appear to have failed spectacularly, although the Sayama factory, which is said to produce 1000 vehicles per day, apparently reopened a day later and other plants were not affected.

WannaCry shook organizations across the globe when it landed on May 12, exposing poor patch management and a lack of basic security hygiene.

Official figures are difficult to come by, but two days after it broke, the threat had infected 200,000 victims in 150 countries, according to Europol.

Security experts were keen to stress the importance of prompt and comprehensive patching following the Honda incident.

“This latest incident reminds us that our efforts to defend our organizations against emerging threats is continuous. Regular review of all systems and their communication protocols is necessary and, more importantly, a thorough analysis of access controls,” advised One Identity UK director, Andrew Clarke.

“Often in organizations individuals are provisioned to access systems for short periods and are never deprovisioned, which means over time they get excessive access that can be damaging to the business if misused. Tools to control and manage overall access are critical. Malware such as WannaCry takes advantage of gaps in security so to be truly safe requires a continuous and thorough approach which embraces the multiple aspects of cyber security."

Leigh-Anne Galloway, cyber security resilience lead at Positive Technologies, added that Honda was right to cease production.

“The safety of employees should be of utmost concern,” she said. “However this incident could have been prevented with basic security hygiene, a patch management program and automatic updates to systems."

Source: Information Security Magazine

UK Uni Ransomware Attacks Linked to Malvertising Campaign

UK Uni Ransomware Attacks Linked to Malvertising Campaign

The ransomware that caused widespread disruption at two UK universities last week is now thought to have been spread via a much larger malvertising campaign, according to Proofpoint.

Kafeine, a researcher at the security vendor, explained that the C&C IP address for the ransomware in question is commonly associated with the Mole family and payloads linked to the Astrum exploit kit, a known favorite of the banking trojan group AdGholas.

“At that stage, we were almost convinced the events were tied to AdGholas / Astrum EK activity. We confirmed this, however, via an HTTPS connection common to the compromised host avia-book[.]com,” the blog post continued.

This host was apparently being used in a large scale malvertising campaign targeting the UK, Australia, Canada, Italy, Monaco, Liechtenstein, Luxembourg, Switzerland, Japan, Taiwan and the United States.

All compromised hosts are said to have contacted the Astrum C&C IP address.

“It appears that between June 14 and 15, Astrum was dropping Mole ransomware in the United Kingdom and likely in the US. Mole is a member of the CryptFile2/CryptoMix ransomware family. We do not know the payloads in other countries, but, based on past activity, we are confident they were banking Trojans. Unlike ransomware, bankers are generally less noisy and often remain unnoticed by victims,” Kafeine concluded.

“AdGholas malvertising redirecting to the Astrum Exploit Kit is the most evolved blind mass infection chain known today. Full HTTPS, heavy smart filtering, domain shadowing, Diffie-Hellman, and perfect knowledge of how the advertising industry operates allow these threat actors to lure large agencies to bring them high volumes of traffic from high-value website and targets.”

The UK universities caught up in the campaign, UCL and Ulster University, appear to be back to normal now.

UCL’s IT team initially claimed a zero-day threat was the cause of the ransomware, which now seems wide of the mark. However, the drive-by nature of malvertising would have made this attack particularly hard to guard against.

Source: Information Security Magazine

Page 1 of 19312345...102030...Last »