Cybersecurity company finds classified NSA, Army data online

“A cybersecurity company said Tuesday it found top secret files related to classified Army communications systems sitting unprotected online for anyone to see.

The data belonged to the U.S. Army’s Intelligence and Security Command, a division of both the Army and the National Security Agency. It’s the latest known setback linked to the NSA where former agency contractor Edward Snowden disclosed a cache of classified material in 2013.”

Read more details here.

Author: Deb Riechmann

U.S. Government issues alerts about malware and IP addresses linked to North Korean cyber attacks

US-CERT, the Department of Homeland Security team responsible for analyzing cybersecurity threats, has posted a warning about cyber attacks by the North Korean government, which it collectively refers to as “Hidden Cobra.” The technical alert from the FBI and Department of Homeland Security says a remote administration tool (RAT) called FALLCHILL has been deployed by Hidden Cobra since 2016 to target the aerospace, telecommunications and finance industries.

FALLCHILL allows Hidden Cobra to issue commands to a victim’s server by dual proxies, which means it can potentially perform actions like retrieving information about all installed disks, accessing files, modifying file or directory timestamps and deleting evidence that it’s been on the infected server.

The FBI and Department of Homeland Security also posted a list of IP addresses linked to Hidden Cobra. The FBI says it “has high confidence” that those IP addresses are linked to attacks that infect computer systems with Volgmer, a Trojan malware variant used by Hidden Cobra to target the government, financial, auto and media industries.

For more details, read here.

Author: Catherine Shu

SEC says its corporate filing system was hacked

“Federal securities regulators said late Wednesday that hackers gained access to the government’s electronic system for corporate filings and may have made illicit gains by trading on the information.

The Securities and Exchange Commission discovered the intrusion, which occurred last year, only in August. The agency said in a statement that a software vulnerability in its so-called EDGAR filing system, which publicly listed companies use to make regulatory disclosures, was “exploited” for access to nonpublic information.

“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems,” SEC Chairman Jay Clayton said in a statement disclosing the hack.”

Read more details here.

Author: Alain Sherter

U.S. moves to ban Kaspersky software in federal agencies amid concerns of Russian espionage.

The U.S. government on Wednesday moved to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities.

In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.

Read more details here.

Author: Ellen Nakashima and Jack Gillum

Hackers Had Access To Millions Of Social Security Numbers

“Hackers who breached a Kansas Department of Commerce data system in March had access to more than 5.5 million Social Security numbers in 10 states, along with another 805,000 accounts that didn’t include the Social Security numbers, according to records obtained from the agency.

The department will be required to pay for credit monitoring for most of the victims of the hacking, according to records obtained through an open records request by the Kansas News Service.

Besides Kansas, the other states affected by the hack are Arkansas, Arizona, Delaware, Idaho, Maine, Oklahoma, Vermont, Alabama and Illinois.”

Read more details here.


Britain Investigates After U.K. Lawmakers Hit by Possible Cyber Security Attack

“British Parliament on Saturday was investigating an apparent cyberattack that targeted lawmaker’s email accounts.

Cybersecurity officials were alerted to the hacking attempt and reportedly notified the lawmakers on Friday. As a safeguard, they immediately blocked Parliament members from remotely accessing emails outside of the secure network in Westminster.

A spokesman for the House of Commons confirmed to NBC News they were continuing to investigate the incident, which appeared to be over.

“Well, we know that there are regular attacks by hackers attempting to get passwords,” said International Trade Minister Liam Fox.”

Read more details here.

Author: Alex Holmes and Chelsea Bailey

Stolen Laptop Leads to $2.5 Million HIPAA Breach Penalty

“The theft of a laptop computer containing information of nearly 1,400 patients was among two HIPAA breaches that led a Pennsylvania provider of remote heart monitoring to pay $2.5 million, federal authorities said this week.

Malvern-based CardioNet, Inc., essentially had no process at all for securely managing electronic protected health information (ePHI) of the patients it was hired to monitor, at the time the breaches occurred in early 2012, according to investigators from the U.S. Department of Health and Human Services’ Office of Civil Rights (OCR).

CardioNet – a covered entity – was found to have insufficient risk analysis and risk management processes, in violation of the security and privacy rules of the Health Insurance Portability and Accountability Act (HIPAA).”

Read more details here.

Author: Aldrin Brown

Google, Facebook Employees Targeted In $100M Phishing Scam

“When the Justice Department recently said that two major tech companies had paid out a total of $100 million to a scammer posing as a hardware manufacturer, it chose to not name the businesses that had been conned. But now, both Google and Facebook are confirming that they were the ones victimized by this phishing scheme.

Some background, first: According to federal officials, the scam dates back to 2013, when a Lithuanian man named Evaldas Rimašauskas allegedly used fake email addresses, invoices, and corporate stamps and pretended to be a large manufacturer that regularly did business with two companies.

He is then accused of emailing employees at the two companies and tricking them into transferring $100 million worth of payments to him.”

Read more details here.

Author: Mary Beth Quirk

US disrupts giant botnet used for spam and ransomware

“US authorities are working to take down one of the world’s largest botnets, which controls tens of thousands of infected computers and sends hundreds of millions of spam emails that distribute ransomware and malware across the globe.

Working alongside the FBI and security company Crowdstrike, the US Department of Justice has started blocking domains associated with the Kelihos botnet, one of the most prolific networks of hacker-controlled computer systems in the world.

The network of infected Windows machines has been known to send spam emails, distribute ransomware and malware, harvest usernames and passwords and engage in Bitcoin theft and spamming.”

Read more details here.

Author: Danny Palmer