Items tagged with cyberattack
Security researchers at Sophos have been investigating a pair of ransomware attacks where the attackers used legitimate, digitally signed hardware driver to delete security products from targeted computers. Once the security products were deleted from the target machines, the destructive file encryption portion of the attack was launched. The signed driver that was used is part of a deprecated software package from Gigabyte, a mainboard and computer hardware manufacturer. The software had a known vulnerability tracked as CVE-2018-19320. The vulnerability, along with proof-of-concept code was published in 2018. At the time, Gigabyte denied that the vulnerability impacted its products. Later it...
Read more...
The 2020 United States presidential election is over a year away, but there have already been several cyberattack attempts against presidential campaigns. Microsoft recently reported that a hacker group attacked nearly 250 accounts related to campaign workers, government officials, and reporters. The affected users have been notified and Microsoft has published information about the attack as a warning for others. The Microsoft Threat Intelligence Center (MSTIC) noted that an Iranian hacker group referred to as “Phosphorus” attempted to identify the owners of more than 2,700 accounts. The hackers then attacked 241 of these accounts and successfully compromised four of them. The accounts...
Read more...
On March 5th, 2019, an unprecedented Denial of Service (DoS) cyberattack occurred on American soil, targeted at the US power grid. This attack mainly affected the Western United States, and was a fortunately low-impact attack. No blackouts were caused, and the machines in question were out of commission for no more than five minutes, according to the North American Electric Reliability Corp, or NERC. Even so, this leaves a historical mark on American infrastructure, and clearly demonstrates the dangers of increased connectivity. A simple firewall vulnerability was enough to cause multiple devices to be compromised and rebooted from a single point of failure. While the impact this time around...
Read more...
Houston, we have a security issue (you thought we were going to say "problem," didn't you?). Actually, NASA's Jet Propulsion Laboratory (JPL) has several security issues, according to an audit by the Office of Inspector General. Among other things, an examination of JPL's network security controls found that the division was the target of a cyberattack in April 2018, in which hackers exploited a Raspberry Pi computer to gain access to the network. Simply put, "the device should not have been permitted on the JPL network without the JPL Office of the Chief Information Officer's (OCIO) review and approval," the report states. Nevertheless, hackers leveraged a vulnerable Raspberry Pi to swipe 500...
Read more...
Cyber thieves may have stolen personal data of 90,000 people from two of the largest banks in Canada, including Bank of Montreal and Imperial Bank of Commerce. The banks are in the process of verifying the theft after the supposed culprits notified the financial institutions over the weekend that they were in possession of personal and financial records for a portion of their customers. Bank of Montreal is the fourth largest bank in Canada. The institution said it was contacted on Sunday by the cyber thieves, who claim to have stolen customer data relating to some of its 8 million customers across Canada. At present, Bank of Montreal believes that less than 50,000 of its customers are affected...
Read more...
There continues to be mass fallout from the enormous “cybersecurity incident” that struck Equifax back in mid-May (but wasn't discovered until late July). Equifax waited until yesterday to inform the world that the sensitive personal information of 143 million Americans had been exposed due to a website breach. While there have been larger hacks that have taken place in recent years, none contained such critical information like names, birthdates and social security numbers; which could be a virtual goldmine for those looking to sell this information on the black market. In some instances, even drivers license numbers and credit card numbers were obtained. Equifax has some provisions in...
Read more...
As tension continues to build between Russia and the US over alleged cyber attacks, the US has begun contemplating issuing its own set of cyber attacks against the Kremlin. As we covered last weekend, the US government has formally accused Russia of being responsible for breaking into official servers and walking away with a trove of emails relating to the DNC. While as of last weekend, we were unaware of what counter-action the US might take, the picture this week has just become a little clearer. According to officials close to the matter, the US government is in the planning stages of deciding what kind of retaliation is suitable against Russia, while weighing the risk of potential backlash....
Read more...
U.S. Department Of Homeland Security Confirms Cyber Attacks Took Down Ukraine Power Grid In December
In late December, a major power outage killed utility services for a large swathe of people in the Western Ukraine. Shortly after the incident, a number of cyber security experts pointed the finger at hackers and claimed some nefarious digital activities took down the power grid, but nothing had been officially confirmed at the time.But now the U.S Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT, is reporting that the outage was caused by a measured cyber-attack against Ukrainian critical infrastructure.An alert published on the ICS-CERT website says, “On December 23, 2015, Ukrainian power companies experienced unscheduled power outages...
Read more...
Another day, another high-profile security breach. This time the breach occurred across the pond at British telecom giant TalkTalk. TalkTalk is the United Kingdom’s second largest “quadruple play” service provider (offering phone, TV, broadband Internet and mobile phone service) behind Virgin Media. Given its massive size and its millions of customers, TalkTalk was a prime target for cyberattackers, and unfortunately, the company made it all too easy for the breach to occur. TalkTalk reported today that it is working in conjunction with the Metropolitan Police Cyber Crime Unit after it experienced a “significant and sustained cyber attack” on Wednesday. TalkTalk has roughly four million customers...
Read more...
As the years pass, our lives continue to become intertwined even more with the Internet. Today, the Internet acts as a backbone to critical infrastructure, and much like the risk of someone exploiting a flaw to break into our home PC, a real risk exists that enemies of the government could break into and cause harm to utilities. It's for that reason that all governments are overdue on penning up agreements with friendly countries to lessen the chance of a cyberattack. Nonetheless, it's being reported that President Obama is going to be taking some important steps in this when he meets with Chinese resident Xi Jinping during a state visit. These are going to be early discussions,...
Read more...
It looks as though the U.S. Government just can’t catch a break when it comes to cybersecurity issues. If it isn’t China that’s breaching the Office of Personal Management (OPM), accessing the personnel files of 21.5 million people, then the U.S. has to keep an eye for hackers originating from Russia. The latter is pegged as the source for the recent cyberattack on the Pentagon’s Joint Staff email system. If there’s any silver lining to today’s news, it’s that the email system contained “unclassified” information. The cyberattack, which occurred on July 25, affected around 4,000 military personnel that work for the Chairman of the Joint Chiefs. The email system has been offline since the breach...
Read more...
To quote Ron Burgundy in Anchorman, "Boy, that escalated quickly. I mean that really got out of hand fast." He was referring to a deadly and chaotic showdown between various news stations, but he could have just as easily been talking about a recent security breach at the U.S. Office of Personnel Management (OPM) that's much worse than originally thought. It was initially reported that over 4.2 million current and former federal employees had their personnel data stolen as a result of the massive cybersecurity breach, but the Obama administration has now revealed that an additional 21.5 million individuals had their personal info compromised in the breach as well. That includes...
Read more...
The parade of banks, insurance companies and retailers that have suffered data breaches has caused many people to store their passwords with sites like LastPass. The security company creates a unique password for each of the user’s logins and provides access to those passwords via a single, master password.Now, LastPass is admitting that at least some of its data has been comprised. The company believes that its customers are not vulnerable, but it concedes that email addresses and authentication hashes are among the data affected. Password reminders and server per user salts were also comprised. “In our investigation, we have found no evidence that encrypted uer vault data was taken, nor that...
Read more...
With the government agencies like the NSA, the CIA, and the FBI looking to ratchet up efforts to spy on both U.S. citizens within our own borders, and on foreign interests abroad, today’s bombshell revelation suggests that maybe the U.S. should start taking measures to beef up its cybersecurity at all of its federal agencies, ASAP. The U.S. Office of Personnel Management (OPM) has confirmed that over four million current and former federal employees have their personnel data stolen as a result of a massive cybersecurity breach. Information gleaned includes what the OPM classifies as personally identifiable information or PII. A security breach of this scale could only have been pulled off by...
Read more...
While so many of us were getting our college basketball on this weekend, Rutgers University was dealing with an entirely different kind of challenge in the form of a distributed denial-of-service (DDoS) attack. Triggered by the efforts of a malicious entity consisting of two or more people or bots, the intent of a DDoS is to indefinitely interrupt or suspend the services of a host connected to the Internet. The attack on the Rutgers computer networks apparently took place on Friday afternoon and originated in both China and Ukraine, according to NBC New York. In an email sent out Sunday to tens of thousands of Rutgers students at 2:30PM EST, approximately an hour after the university's website...
Read more...
As we discovered late last week, Lenovo has been serving up some tainted Superfish via its consumer PCs. Once Lenovo was called out for its heinous actions, the company offered an apology and vowed to remove Superfish from shipping systems (it provided removal instructions and later an automatic removal tool for machines already affected by Superfish). However, the apology apparently wasn’t enough as Lenovo is already facing a lawsuit stemming from Superfish. Now it looks a though hacker group Lizard Squad is retaliating in its own, childish way. At around 4 PM EST, Lenovo.com was showing a slideshow of what appears to be rebellious teenagers as the song...
Read more...
U.S. officials have long blamed North Korea for the digital attack that embarrassed Sony and nearly derailed The Interview late last year. But the idea that a tiny dictatorship could effectively censor a major movie studio in the United States hasn’t been sitting well with many. As unlikely as a successful North Korean cyberattack sounds, U.S. officials are sticking to the story and a report by The New York Times explains why they’re so sure: the National Security Agency has infiltrated North Korea’s networks for years. The NSA’s involvement might explain why President Obama was willing weigh in on the attack, which he was careful to characterize as “an act...
Read more...
On Monday, North Korea’s Internet was taken offline. The country suffered a complete Internet outage that lasted around nine hours before it was restored on Tuesday. However, the cause for the outage has yet to be determined. According to Dyn, a company based in the U.S. that monitors Internet infrastructure, the reason for the Internet outage in North Korea could range from technological glitches to hacking attacks. The company said that the country’s internet links, which pass through China, were unstable on Monday and then went completely offline "I haven't seen such a steady beat of routing instability and outages in [North Korea] before," said Dyn director of internet analysis Doug...
Read more...
What do you call it when a foreign country conducts a massive cyberattack on U.S. soil, steals data such as personally identifiable information and movie scripts, and threatens the lives of Americans if a particular movie is played? An act of "cyber-vandalism," of course! That's the term President Barack Obama used to described North Korea's shenanigans against Sony Pictures Entertainment, which ultimately led to Sony canceling the Christmas Day debut of "The Interview," a far-fetched comedy involving an assassination attempt against North Korean leader Kim Jong-un. The White House weighed its options carefully when deciding whether or to not even publicly...
Read more...
