Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers

Microsoft warns 10,000 customers they’re targeted by nation-sponsored hackers

Enlarge / United Nations HQ in New York. (credit: Javier Carbajal)

Microsoft said on Wednesday that it has notified almost 10,000 customers in the past year that they’re being targeted by nation-sponsored hackers.

According to a post from Microsoft Corporate Vice President of Customer Security & Trust Tom Burt, about 84% of the attacks targeted customers that were large, “enterprise” organizations such as corporations. The remaining 16% of attacks targeted consumer email accounts. Burt said some of the 10,000 customers were successfully compromised while others were only targeted, but he didn’t provide figures.

“This data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives,” Burt wrote. Microsoft presented the figures Wednesday at the Aspen Security Forum.

Read 5 remaining paragraphs | Comments

Source link Read the rest

Continue Reading
Penetration testing takes on new meaning when cyber meets Harlequin

Penetration testing takes on new meaning when cyber meets Harlequin

Enlarge / You had me at “cyber.”

This week, my wife and favorite librarian Paula brought home a new acquisition specially for me: An Innocent to Tame the Italian, a recent book from the Harlequin Presents imprint. Author Tara Pammi’s previous books—which include Sicilian’s Bride for a Price and Sheikh’s Baby of Revenge—share a somewhat politically incorrect leitmotif of foreign sexual intrigue. If you’re wondering: no, romance novels are generally not my speed.

But the back-of-the-book tease for this work declared otherwise:

For brooding tech billionaire Massimo Brunetti, a cyberattack on his company is unacceptable. After tracking down the savvy Manhattan hacker, he’s stunned to find gorgeous genius Natalie Crosetto. Yet naive Nat isn’t the saboteur. To uncover who she’s protecting, Massimo returns to Italy—with Nat playing his fake fiancée! But this untamable Italian might have met his match in innocent Nat, who challenges him… and tempts him

Read the rest Continue Reading
Nation-sponsored hackers likely carried out hostile takeover of rival groups’s servers

Nation-sponsored hackers likely carried out hostile takeover of rival groups’s servers

Enlarge

If nation-sponsored hacking was baseball, the Russian-speaking group called Turla would not just be a Major League team—it would be a perennial playoff contender. Researchers from multiple security firms largely agree that Turla was behind breaches of US Department at Defense in 2008, and more recently the German Foreign Office and France’s military.  The group has also been known for unleashing stealthy Linux malware and using satellite-based Internet links to maintain the stealth of its operations.

Now, researchers with security firm Symantec have uncovered evidence of Turla doing something that would be a first for any nation-sponsored hacking group. Turla, Symantec believes, conducted a hostile takeover of an attack platform belonging to a competing hacking group called OilRig, which researchers at FireEye and other firms have linked to the Iranian government. Symantec suspects Turla then used the hijacked network to attack a Middle Eastern government OilRig

Read the rest Continue Reading
Hackers behind dangerous oil and gas intrusions are probing US power grids

Hackers behind dangerous oil and gas intrusions are probing US power grids

Enlarge / Power Lines in Page, Arizona (credit: IIP Photo Archive)

In a new troubling escalation, hackers behind at least two potentially fatal intrusions on industrial facilities have expanded their activities to probing dozens of power grids in the US and elsewhere, researchers with security firm Dragos reported Friday.

The group, now dubbed Xenotime by Dragos, quickly gained international attention in 2017 when researchers from Dragos and the Mandiant division of security firm FireEye independently reported Xenotime had recently triggered a dangerous operational outage at a critical-infrastructure site in the Middle East. Researchers from Dragos have labeled the group the world’s most dangerous cyber threat ever since.

The most alarming thing about this attack was its use of never-before-seen malware that targeted the facility’s safety processes. Such safety instrumented systems are a combination of hardware and software that many critical infrastructure sites use to prevent unsafe conditions from arising.

Read the rest Continue Reading
Open source bug poses threat to sites running multiple CMSes

Hack on Stack Overflow exposes private data for ~250 users

(credit: Pixabay)

Stack Overflow said hackers obtained private data for about 250 users after breaching the site and spending the next week escalating their access.

“While our overall user database was not compromised, we have identified privileged Web requests that the attacker made that could have returned IP address, names, or emails for a very small number of Stack Exchange users,” Mary Ferguson, Stack Overflow VP of Engineering, wrote in a blog post published Friday. “Our team is currently reviewing these logs and will be providing appropriate notifications to any users who are impacted.”

In an update, Ferguson said investigators now estimate the number at 250 public network users. Officials for the developer community site will notify those affected. The company first disclosed the breach on Thursday in a four-sentence post that said “some level of production access was gained on May 11.”

Read 4 remaining paragraphs | CommentsRead the rest

Continue Reading
28 years later, hacker fixes rampant slowdown on SNES‘ Gradius III

28 years later, hacker fixes rampant slowdown on SNES‘ Gradius III

Behold, slowdown destroyed!

Many gamers of a certain age (this author included) remember the early ’90s disappointment of buying the SNES version of hit arcade shmup Gradius III. In magazine screenshots, the game’s huge, colorful sprites were a sight to behold, comparable to the 1989 arcade original. In action, though, any scene with more than a handful of enemies would slow to a nearly unplayable crawl on the underpowered SNES hardware.

Now, Brazilian ROM hacker Vitor Vilela has righted this nearly three-decade-old wrong with a ROM patch that creates a new, slowdown-free version of the game for play on SNES emulators and standard hardware.

The key to Vilela’s efforts is the SA-1 chip, an enhancement co-processor that was found in some late-era SNES cartridges like Super Mario RPG and Kirby Super Star. Besides sporting a faster clock speed than the standard SNES CPU (up to 10.74

Read the rest Continue Reading
Feds charge Chinese national in 2015 breach of health insurer Anthem

Feds charge Chinese national in 2015 breach of health insurer Anthem

Enlarge (credit: FBI.gov)

Federal prosecutors have indicted a Chinese national they say carried out sophisticated network intrusions on four US companies, including one on health insurer Anthem that stole personal information belonging to close to 80 million people.

Fujie Wang—a 32-year-old resident of Shenzhen, China, who sometimes used the first name Dennis—was part of a hacking group that gained entry to Anthem and three other unnamed companies, according to an indictment unsealed on Thursday. Along with other members of the group, he carried out the hacks using spear-phishing emails that lured employees of the companies to malicious websites. The websites, in turn, installed backdoors on the employees’ computers. The defendants allegedly used the compromised computers to penetrate the networks.

In some cases, the indictment alleged, the hackers would wait months before identifying and harvesting sensitive data stored on the networks, presumably to prevent calling attention to the breaches.

Read the rest Continue Reading
A mysterious hacker gang is on a supply-chain hacking spree

A mysterious hacker gang is on a supply-chain hacking spree

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A software supply-chain attack represents one of the most insidious forms of hacking. By breaking into a developer’s network and hiding malicious code within apps and software updates that users trust, supply-chain hijackers can smuggle their malware onto hundreds of thousands—or millions—of computers in a single operation, without the slightest sign of foul play. Now what appears to be a single group of hackers has managed that trick repeatedly, going on a devastating supply-chain hacking spree—and the hackers have become more advanced and stealthy as they go.

Over the past three years, supply-chain attacks that exploited the software distribution channels of at least six different companies have now all been tied to a single group of likely Chinese-speaking hackers. The group is known as Barium, or sometimes ShadowHammer, ShadowPad, or Wicked Panda, depending on which security firm you ask. More than

Read the rest Continue Reading