The NSA’s hackers have a problem. Last week, multiple outlets reported that its elite Tailored Access Operations unit—tasked with breaking into foreign networks—suffered another serious data breach.
The theft of computer code and other material by an employee in 2015 allowed the Russian government to more easily detect U.S. cyber operations. It’s potentially the fourth large-scale incident at the NSA to be revealed in the last five years. Now, sources with direct knowledge of TAO’s security procedures in the recent past tell just how porous some of the defenses were to keep workers from stealing sensitive information.Read more
One of iOS' rougher edges are the popups it produces on a regular but seemingly random basis. These popups require users to enter their Apple ID before they can install or update an app or complete some other mundane task.
The prompts have grown so common most people don't think twice about them. Mobile app developer Felix Krause makes a compelling case that these popups represent a potential security hole through which attackers can steal user credentials. In a blog post published Tuesday, he showed side-by-side comparisons, pictured above, of an official popup produced by iOS and a proof-of-concept phishing popup.Read more
North Korea has reportedly stolen a large amount of joint US-South Korean war plans, including details on how Kim Jong-un is to be assassinated during a potential conflict.
Pyongyang’s secret army of hackers broke into the intranet of South Korea’s Defence Ministry in August and September last year and compromised a large cache of classified documents, Rhee Cheol-hee, a local politician said. Defence officials had previously admitted the breach but said no significant information had been stolen. However, Mr Rhee said the hackers had accessed OPLAN 5015, which is part of the most recent blueprint for war with North Korea that was drawn up by Seoul and Washington in 2015.Read more
Hackers are joining forces with U.S. governors and academics in a new group aimed at preventing the manipulation of voter machines and computer systems to sway the outcome of future U.S. elections, a source familiar with the project said on Monday.
The anti-hacking coalition’s members include organizers of last summer’s Def Con hacking conference in Las Vegas, the National Governors Association and the Center for Internet Security, said the source, who asked not to be identified ahead of a formal announcement due to be made on Tuesday. The Washington-based Atlantic Council think tank and several universities are also part of the project, the source said.Read more
One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients.
Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months. One of the largest private firms in the US, which reported a record $37bn revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world’s biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.Read more
Login data for more than half a million records tied to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal and vehicle data of drivers and businesses using its service.
The leaked repository was first spotted by the Kromtech Security Center, which blamed a misconfigured Amazon AWS S3 bucket that was left publicly accessible for an unknown period of time for the breach. Kromtech first noticed the cache on Sept. 18, according to experts, and the bucket was closed from public access hours after the security company alerted SVR on Sept. 20. The records included user login info like emails and passwords.Read more
Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be.
Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks.Read more
The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.
The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system. The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.Read more
Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner.
“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team. CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers.Read more
An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed.
The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first involves gathering the system configuration data on targeted systems. “This code effectively sent information about the software installed on the victim machine to the attackers, including info about which version of Microsoft Office was installed,” wrote Kasperky Lab researchers.Read more