Enterprise security attackers are one password away from your worst day

If the definition of insanity is doing the same thing over and over and expecting a different outcome, then one might say the cybersecurity industry is insane.

Criminals continue to innovate with highly sophisticated attack methods, but many security organizations still use the same technological approaches they did 10 years ago. The world has changed, but cybersecurity hasn’t kept pace.

Distributed systems, with people and data everywhere, mean the perimeter has disappeared. And the hackers couldn’t be more excited. The same technology approaches, like correlation rules, manual processes, and reviewing alerts in isolation, do little more than remedy symptoms while hardly addressing the underlying problem.

Credentials are supposed to be the front gates of the castle, but as the SOC is failing to change, it is failing to detect. The cybersecurity industry must rethink its strategy to analyze how credentials are used and stop breaches before they become bigger problems.

It’s all about the credentials

Compromised credentials have long been a primary attack vector, but the problem has only grown worse in the mid-pandemic world. The acceleration of remote work has increased the attack footprint as organizations struggle to secure their network while employees work from unsecured connections. In April 2020, the FBI said that cybersecurity attacks reported to the organization grew by 400% compared to before the pandemic. Just imagine where that number is now in early 2021.

It only takes one compromised account for an attacker to enter the active directory and create their own credentials. In such an environment, all user accounts should be considered as potentially compromised.

Nearly all of the hundreds of breach reports I’ve read have involved compromised credentials. More than 80% of hacking breaches are now enabled by brute force or the use of lost or stolen credentials, according to the 2020 Data Breach Investigations Report. The most effective and commonly-used strategy is credential stuffing attacks, where digital adversaries break in, exploit the environment, then move laterally to gain higher-level access.

#column, #computer-security, #credential-stuffing, #crime, #cyberattack, #cybercrime, #cyberwarfare, #data-breach, #ec-column, #ec-cybersecurity, #encryption, #enterprise, #fireeye, #national-security-agency, #phishing, #security, #solarwinds

0

White House Warns Russia on Bounties, but Stops Short of Sanctions

The available evidence supporting a stunning C.I.A. assessment — which President Donald J. Trump’s inaction on prompted bipartisan uproar — remains less than definitive proof.

#afghanistan, #biden-joseph-r-jr, #central-intelligence-agency, #defense-department, #espionage-and-intelligence-services, #national-security-agency, #russia, #taliban, #united-states-defense-and-military-forces, #united-states-politics-and-government

0

Biden Names Chris Inglis to Be First National Cyber Director

Chris Inglis will be nominated to the new post as the president fills out his cybersecurity team and the U.S. considers responses to recent attacks.

#biden-joseph-r-jr, #computer-security, #computers-and-the-internet, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #easterly-jen, #homeland-security-department, #inglis-chris, #national-security-agency, #silvers-robert, #solarwinds, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government, #us-federal-government-data-breach-2020

0

Biden’s cybersecurity dream team takes shape

President Biden has named two former National Security Agency veterans to senior government cybersecurity positions, including the first national cyber director.

The appointments, announced Monday, land after the discovery of two cyberattacks linked to foreign governments earlier this year — the Russian espionage campaign that planed backdoors in U.S. technology giant SolarWinds’ technology to hack into at least nine federal agencies, and the mass exploitation of Microsoft Exchange servers linked to hackers backed by China.

Jen Easterly, a former NSA official under the Obama administration who helped to launch U.S. Cyber Command, has been nominated as the new head of CISA, the cybersecurity advisory unit housed under Homeland Security. CISA has been without a head for six months after then-President Trump fired former director Chris Krebs, who Trump appointed to lead the agency in 2018, for disputing Trump’s false claims of election hacking.

Biden has also named former NSA deputy director John “Chris” Inglis as national cyber director, a new position created by Congress late last year to be housed in the White House, charged with overseeing the defense and cybersecurity budgets of civilian agencies.

Inglis is expected to work closely with Anne Neuberger, who in January was appointed as the deputy national security adviser for cyber on the National Security Council. Neuberger, a former NSA executive and its first director of cybersecurity, was tasked with leading the government’s response to the SolarWinds attack and Exchange hacks.

Biden has also nominated Rob Silvers, a former Obama-era assistant secretary for cybersecurity policy, to serve as undersecretary for strategy, policy, and plans at Homeland Security. Silvers was recently floated for the top job at CISA.

Both Easterly and Silvers’ positions are subject to Senate confirmation. The appointments were first reported by The Washington Post.

Former CISA director Krebs praised the appointments as “brilliant picks.” Dmitri Alperovitch, a former CrowdStrike executive and chair of Silverado Policy Accelerator, called the appointments the “cyber equivalent of the dream team.” In a tweet, Alperovitch said: “The administration could not have picked three more capable and experienced people to run cyber operations, policy and strategy alongside Anne Neuberger.”

Neuberger is replaced by Rob Joyce, a former White House cybersecurity czar, who returned from a stint at the U.S. Embassy in London earlier this year to serve as NSA’s new cybersecurity director.

Last week, the White House asked Congress for $110 million in new funding for next year to help Homeland Security to improve its defenses and hire more cybersecurity talent. CISA hemorrhaged senior staff last year after several executives were fired by the Trump administration or left for the private sector.

#anne-neuberger, #biden, #chris-krebs, #cisa, #computer-security, #crowdstrike, #cybercrime, #government, #national-security-agency, #security, #solarwinds, #system-administration, #u-s-cyber-command

0

White House Weighs New Cybersecurity Approach After Failure to Detect Hacks

The intelligence agencies missed massive intrusions by Russia and China, forcing the administration and Congress to look for solutions, including closer partnership with private industry.

#biden-joseph-r-jr, #central-intelligence-agency, #china, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #fireeye-inc, #house-of-representatives, #industrial-espionage, #microsoft-corp, #national-security-agency, #public-private-sector-cooperation, #russia, #senate, #solarwinds, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government, #us-federal-government-data-breach-2020

0

Microsoft says China-backed hackers are exploiting Exchange zero-days

Microsoft is warning customers that a new China state-sponsored threat actor is exploiting four previously undisclosed security flaws in Exchange Server, an enterprise email product built by the software giant.

The technology company said Tuesday that it believes the hacking group, which it calls Hafnium, tries to steal information from a broad range of U.S.-based organizations, including law firms and defense contractors, but also infectious disease researchers and policy think tanks.

Microsoft said Hafnium used the four newly discovered security vulnerabilities to break into Exchange email servers running on company networks, granting the attackers to steal data from a victim’s organization — such as email accounts and address books — and the ability to plant malware. When used together, the four vulnerabilities create an attack chain that can compromise vulnerable servers running on-premise Exchange 2013 and later.

Hafnium operates out of China, but uses servers located in the U.S. to launch its attacks, the company said. Microsoft said that Hafnium was the only threat group it has detected using these four new vulnerabilities.

Microsoft declined to say how many successful attacks it had seen, but described the number as “limited.”

Patches to fix those four security vulnerabilities are now out, a week earlier than the company’s typical patching schedule, usually reserved for the second Tuesday in each month.

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” said Tom Burt, Microsoft’s vice president for customer security.

The company said it has also briefed U.S. government agencies on its findings, but that the Hafnium attacks are not related to the SolarWinds-related espionage campaign against U.S. federal agencies. In the last days of the Trump administration, the National Security Agency and the FBI said that the SolarWinds campaign was “likely Russian in origin.”

#china, #computer-security, #computing, #cryptography, #cyberattack, #cybercrime, #cyberwarfare, #defense-contractors, #federal-bureau-of-investigation, #internet-security, #law-firms, #microsoft, #national-security-agency, #security, #software, #solarwinds, #technology, #threat, #trump-administration, #u-s-government, #united-states, #vulnerability

0

How the US Lost to Hackers

America’s biggest vulnerability in cyberwarfare is hubris.

#computer-security, #computers-and-the-internet, #cyberpoint-international-llc, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #fireeye-inc, #gosler-james-r, #national-security-agency, #qatar, #russia, #solarwinds, #united-arab-emirates, #united-states, #united-states-politics-and-government, #us-federal-government-data-breach-2020

0

Biden Team Rushes to Take Over Government, and Oust Trump Loyalists

President Biden named nearly all of his cabinet secretaries and their immediate deputies before he took office, but his real grasp on the levers of power has come several layers down.

#appointments-and-executive-changes, #biden-joseph-r-jr, #citizenship-and-immigration-services-us, #defense-department, #environmental-protection-agency, #foreign-service-us, #health-and-human-services-department, #homeland-security-department, #housing-and-urban-development-department, #immigration-and-customs-enforcement-us, #justice-department, #national-security-agency, #national-security-council, #state-department, #trump-donald-j, #united-states-agency-for-global-media, #united-states-politics-and-government, #veterans-affairs-department, #voice-of-america

0

N.S.A. Installs Trump Loyalist as Top Lawyer Days Before Biden Takes Office

The acting defense secretary ordered the spy agency to appoint Michael Ellis, who has been accused of having a hand in one of the Trump administration’s most contentious legal decisions.

#appointments-and-executive-changes, #bolton-john-r, #defense-department, #ellis-michael, #espionage-and-intelligence-services, #government-employees, #nakasone-paul-m, #national-security-agency, #presidential-transition-us, #trump-donald-j, #united-states-politics-and-government

0

The NSA warns enterprises to beware of third-party DNS resolvers

The NSA warns enterprises to beware of third-party DNS resolvers

Enlarge (credit: Getty Images)

DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over HTTPS is known, encrypts requests and responses using the same encryption websites rely on to send and receive HTTPS traffic.

Using DoH or a similar protocol known as DoT—short for DNS over TLS—is a no brainer in 2021, since DNS traffic can be every bit as sensitive as any other data sent over the Internet. On Thursday, however, the National Security Agency said in some cases Fortune 500 companies, large government agencies, and other enterprise users are better off not using it. The reason: the same encryption that thwarts malicious third parties can hamper engineers’ efforts to secure their networks.

“DoH provides the benefit of encrypted DNS transactions, but it can also bring issues to enterprises, including a false sense of security, bypassing of DNS monitoring and protections, concerns for internal network configurations and information, and exploitation of upstream DNS traffic,” NSA officials wrote in published recommendations. “In some cases, individual client applications may enable DoH using external resolvers, causing some of these issues automatically.”

Read 16 remaining paragraphs | Comments

#biz-it, #dns, #dns-over-https, #dns-over-tls, #doh, #domain-name-system, #dot, #national-security-agency, #nsa, #tech, #uncategorized

0

Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts

The two appointments illustrate how the president-elect appears determined to rebuild a White House national security team to focus on threats that critics say were ignored by President Trump.

#bossert-thomas-p, #bush-george-w, #computer-security, #coronavirus-2019-ncov, #cyberwarfare-and-defense, #homeland-security-department, #national-security-agency, #presidential-election-of-2020, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #us-federal-government-data-breach-2020

0

Russian-Owned Software Company May Be Entry Point for Huge U.S. Hacking

Russian hackers may have piggybacked on a tool developed by JetBrains, which is based in the Czech Republic, to gain access to federal government and private sector systems in the United States.

#computers-and-the-internet, #cyberattacks-and-hackers, #google-inc, #justice-department, #microsoft-corp, #national-security-agency, #russia, #solarwinds, #vmware-inc

0

As Understanding of Russian Hacking Grows, So Does Alarm

Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.

#amazon-com-inc, #biden-joseph-r-jr, #computers-and-the-internet, #crowdstrike-inc, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #defense-department, #fireeye-inc, #foreign-intelligence-service-russia, #homeland-security-department, #microsoft-corp, #nakasone-paul-m, #national-security-agency, #solarwinds, #spaulding-suzanne-e, #state-department, #trump-donald-j, #united-states-international-relations, #us-federal-government-data-breach-2020, #warner-mark-r

0

Trump Was Briefed on Uncorroborated Intelligence About Chinese Bounties

The unverified intelligence echoes a similar report, deemed credible by the C.I.A. but dismissed by the president, that Russian military agents had offered payments for attacks on Americans in Afghanistan.

#afghanistan-war-2001, #biden-joseph-r-jr, #central-intelligence-agency, #classified-information-and-state-secrets, #defense-department, #national-security-agency, #obrien-robert-c-1952, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-defense-and-military-forces, #united-states-international-relations, #united-states-politics-and-government

0

With Hacking, the United States Needs to Stop Playing the Victim

The U.S. also uses cybertools to defend its interests. It’s the age of perpetual cyberconflict.

#central-intelligence-agency, #computer-security, #computers-and-the-internet, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #national-security-agency, #russia, #solarwinds, #united-states-international-relations, #us-federal-government-data-breach-2020, #washington-dc

0

Treasury Department’s Senior Leaders Were Targeted by Russian Hacking

The disclosure was the first acknowledgment of a specific intrusion in the vast cyberattack. At the White House, national security leaders met to assess how to deal with the situation.

#cyberwarfare-and-defense, #espionage-and-intelligence-services, #fireeye-inc, #foreign-intelligence-service-russia, #mnuchin-steven-t, #national-security-agency, #office-of-the-director-of-national-intelligence, #russia, #treasury-department, #trump-donald-j, #united-states-cyber-command, #united-states-international-relations, #united-states-politics-and-government, #us-federal-government-data-breach-2020, #wyden-ron

0

Laura Poitras: Journalism Is Not a Crime

The Justice Department is setting a dangerous precedent that threatens reporters — and the truth.

#assange-julian-p, #classified-information-and-state-secrets, #espionage-and-intelligence-services, #guardian-british-newspaper, #iraq, #national-security-agency, #news-and-news-media, #political-prisoners, #surveillance-of-citizens-by-government, #united-states-defense-and-military-forces, #war-crimes-genocide-and-crimes-against-humanity, #washington-post, #whistle-blowers, #wikileaks

0

Trump Administration Is Criticized Over Proposal to Split Cyberoperations Leadership

As the government grapples with a vast hack, the Pentagon is weighing whether to separate management of the National Security Agency from the United States Cyber Command.

#appointments-and-executive-changes, #classified-information-and-state-secrets, #cyberwarfare-and-defense, #defense-department, #espionage-and-intelligence-services, #homeland-security-department, #nakasone-paul-m, #national-security-agency, #presidential-election-of-2020, #russia, #trump-donald-j, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government, #us-federal-government-data-breach-2020

0

Billions Spent on U.S. Cyberdefenses Failed to Detect Giant Russian Hack

The broad Russian espionage attack on the U.S. government and private companies, underway since spring and detected only a few weeks ago, is among the greatest intelligence failures of modern times.

#blumenthal-richard, #commerce-department, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #homeland-security-department, #national-security-agency, #presidential-election-of-2020, #putin-vladimir-v, #russia, #state-department, #trump-donald-j, #united-states-politics-and-government

0

Russian Hack, Undetected Since Spring, Upends Government Agencies

The Pentagon, intelligence agencies, nuclear labs and Fortune 500 companies use software that was found to have been compromised by Russian hackers. The sweep of stolen data is still being assessed.

#computer-security, #cybersecurity-and-infrastructure-security-agency, #cyberwarfare-and-defense, #defense-and-military-forces, #defense-department, #espionage-and-intelligence-services, #fireeye-inc, #homeland-security-department, #nakasone-paul-m, #national-security-agency, #russia, #solarwinds, #trump-donald-j, #united-states-politics-and-government

0

Decrypted: Google finds a devastating iPhone security flaw, FireEye hack sends alarm bells ringing

In case you missed it: A ransomware attack saw patient data stolen from one of the largest U.S. fertility networks; the Supreme Court began hearing a case that may change how millions of Americans use computers and the internet; and lawmakers in Massachusetts have voted to ban police from using facial recognition across the state.

In this week’s Decrypted, we’re deep-diving into two stories beyond the headlines, including why the breach at cybersecurity giant FireEye has the cybersecurity industry in shock.


THE BIG PICTURE

Google researcher finds a major iPhone security bug, now fixed

What happens when you leave one of the best security researchers alone for six months? You get one of the most devastating vulnerabilities ever found in an iPhone — a bug so damaging that it can be exploited over-the-air and requires no interaction on the user’s part.

The AWDL bug under attack using a proof-of-concept exploit developed by a Google researcher. Image Credits: Ian Beer/Google Project Zero

The vulnerability was found in Apple Wireless Direct Link (AWDL), an important part of the iPhone’s software that among other things allows users to share files and photos over Wi-Fi through Apple’s AirDrop feature.

“AWDL is enabled by default, exposing a large and complex attack surface to everyone in radio proximity,” wrote Google’s Ian Beer in a tweet, who found the vulnerability in November and disclosed it to Apple, which pushed out a fix for iPhones and Macs in January.

But exploiting the bug allowed Beer to gain access to the underlying iPhone software using Wi-Fi to gain control of a vulnerable device — including the messages, emails and photos — as well as the camera and microphone — without alerting the user. Beer said that the bug could be exploited over “hundreds of meters or more,” depending on the hardware used to carry out the attack. But the good news is that there’s no evidence that malicious hackers have actively tried to exploit the bug.

News of the bug drew immediate attention, though Apple didn’t comment. NSA’s Rob Joyce said the bug find is “quite an accomplishment,” given that most iOS bugs require chaining multiple vulnerabilities together in order to get access to the underlying software.

FireEye hacked by a nation-state, but the aftermath is unclear

#apple, #articles, #computer-security, #cyberattacks, #cyberwarfare, #decrypted, #dragos, #fireeye, #google, #government, #infrastructure, #iphone, #massachusetts, #national-security-agency, #online-platforms, #orca-security, #president, #ransomware, #ron-wyden, #security, #series-b, #supreme-court, #the-washington-post, #trump, #u-s-government, #white-house, #wi-fi

0

FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State

The Silicon Valley company said hackers — almost certainly Russian — made off with tools that could be used to mount new attacks around the world.

#computer-security, #computers-and-the-internet, #cyberattacks-and-hackers, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #national-security-agency

0

Trump’s Shuffling of the Pentagon Makes for a Rough Transition

Trump shuffles the Pentagon leadership, raising anxieties more.

#central-intelligence-agency, #china, #homeland-security-department, #iran, #israel, #national-security-agency, #presidential-election-of-2020, #presidential-transition-us, #republican-party, #trump-donald-j, #united-states, #united-states-international-relations, #united-states-politics-and-government

0

Trump Stacks the Pentagon and Intel Agencies With Loyalists. To What End?

So far, there is no evidence the appointees harbor a secret agenda or arrived with an action plan. But their sudden appearance amounts to a purge of the Pentagon’s top civilian hierarchy without recent precedent.

#afghanistan, #afghanistan-war-2001, #appointments-and-executive-changes, #biden-joseph-r-jr, #central-intelligence-agency, #classified-information-and-state-secrets, #cohen-watnick-ezra, #defense-department, #esper-mark-t, #haspel-gina, #iran, #joint-chiefs-of-staff, #miller-christopher-c-1965, #milley-mark-a, #national-counterterrorism-center, #national-security-agency, #pompeo-mike, #presidential-election-of-2020, #putin-vladimir-v, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-defense-and-military-forces

0

Who Are the Senior Officials at the Pentagon and the N.S.A?

The arrival of the new officials has prompted concerns. Their backgrounds offer insights into their policies.

#appointments-and-executive-changes, #biden-joseph-r-jr, #bolton-john-r, #central-intelligence-agency, #classified-information-and-state-secrets, #cohen-watnick-ezra, #defense-department, #house-committee-on-intelligence, #miller-christopher-c-1965, #national-security-agency, #national-security-council, #nunes-devin-g, #patel-kashyap, #presidential-election-of-2020, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #tata-anthony-j, #trump-ukraine-whistle-blower-complaint-and-impeachment-inquiry, #trump-donald-j, #united-states-defense-and-military-forces, #united-states-special-operations-command

0

U.S. Tried a More Aggressive Cyberstrategy, and the Feared Attacks Never Came

The 2020 election was the biggest test yet of a new approach of pre-emptive action against adversaries trying to hack election infrastructure or wage disinformation campaigns.

#biden-joseph-r-jr, #china, #computers-and-the-internet, #cyberwarfare-and-defense, #defense-department, #homeland-security-department, #internet-research-agency-russia, #iran, #nakasone-paul-m, #national-security-agency, #north-korea, #presidential-election-of-2016, #presidential-election-of-2020, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-cyber-command, #united-states-defense-and-military-forces, #united-states-politics-and-government

0

Edward Snowden, in Russia Since 2013, Is Granted Permanent Residency

The former intelligence contractor still hopes to return to the United States. But the Russian authorities have given him the right to stay in Russia indefinitely.

#moscow-russia, #national-security-agency, #navalny-aleksei-a, #putin-vladimir-v, #snowden-edward-j, #surveillance-of-citizens-by-government, #united-states

0

As Election Nears, Government and Tech Firms Push Back on Russia (and Trump)

The goal is to disrupt Russia’s well-honed information-warfare systems, whether they are poised to hack election systems or influence the minds of voters.

#computers-and-the-internet, #cyberwarfare-and-defense, #facebook-inc, #google-inc, #gru-russia, #justice-department, #microsoft-corp, #national-security-agency, #presidential-election-of-2020, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-cyber-command, #voter-fraud-election-fraud

0

Microsoft Takes Down a Risk to the Election, and Finds the U.S. Doing the Same

Fearing Russian ransomware attacks on the election, the company and U.S. Cyber Command mounted similar pre-emptive strikes. It is not clear how long they may work.

#computers-and-the-internet, #cyberattacks-and-hackers, #cyberwarfare-and-defense, #elections, #microsoft-corp, #national-security-agency, #russia, #united-states-cyber-command, #united-states-politics-and-government

0

John Ratcliffe Pledged to Stay Apolitical. Then He Began Serving Trump’s Political Agenda.

The director of national intelligence is said to be planning more disclosures of intelligence that undermines the Russia investigation.

#central-intelligence-agency, #classified-information-and-state-secrets, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #national-security-agency, #office-of-the-director-of-national-intelligence, #ratcliffe-john-lee-1965, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-politics-and-government

0

Homeland Security issues rare emergency alert over ‘critical’ Windows bug

Homeland Security’s cybersecurity advisory unit has issued a rare emergency alert to government departments after the recent disclosure of a “critical”-rated security vulnerability in server versions of Microsoft Windows.

The Cybersecurity and Infrastructure Security Agency, better known as CISA, issued an alert late on Friday requiring all federal departments and agencies to “immediately” patch any Windows servers vulnerable to the so-called Zerologon attack by Monday, citing an “unacceptable risk” to government networks.

It’s the third emergency alert issued by CISA this year.

The Zerologon vulnerability, rated the maximum 10.0 in severity, could allow an attacker to take control of any or all computers on a vulnerable network, including domain controllers, the servers that manage a network’s security. The bug was appropriately called “Zerologon,” because an attacker doesn’t need to steal or use any network passwords to gain access to the domain controllers, only gain a foothold on the network, such as by exploiting a vulnerable device connected to the network.

With complete access to a network, an attacker could deploy malware, ransomware, or steal sensitive internal files.

Security company Secura, which discovered the bug, said it takes “about three seconds in practice” to exploit the vulnerability.

Microsoft pushed out an initial fix in August to prevent exploitation. But given the complexity of the bug, Microsoft said it would have to roll out a second patch early next year to eradicate the issue completely.

But the race is on to patch systems after researchers reportedly released proof-of-concept code, potentially allowing attackers use the code to launch attacks. CISA said that Friday that it “assumes active exploitation of this vulnerability is occurring in the wild.”

Although the CISA alert only applies to federal government networks, the agency said it “strongly” urges companies and consumers to patch their systems as soon as possible if not already.

#computing, #cybercrime, #exploit, #internet-security, #microsoft, #microsoft-windows, #national-security-agency, #ransomware, #security, #security-breaches, #vulnerability

0

How the NSA is disrupting foreign hackers targeting COVID-19 vaccine research

The headlines aren’t always kind to the National Security Agency, a spy agency that operates almost entirely in the shadows. But a year ago, the NSA launched its new Cybersecurity Directorate, which in the past year has emerged as one of the more visible divisions of the spy agency.

At its core, the directorate focuses on defending and securing critical national security systems that the government uses for its sensitive and classified communications. But the directorate has become best known for sharing some of the more emerging, large-scale cyber threats from foreign hackers. In the past year the directorate has warned against attacks targeting secure boot features in most modern computers, and doxxed a malware operation linked to Russian intelligence. By going public, NSA aims to make it harder for foreign hackers to reuse their tools and techniques, while helping to defend critical systems at home.

But six months after the directorate started its work, COVID-19 was declared a pandemic and large swathes of the world — and the U.S. — went into lockdown, prompting hackers to shift gears and change tactics.

“The threat landscape has changed,” Anne Neuberger, NSA’s director of cybersecurity, told TechCrunch at Disrupt 2020. “We’ve moved to telework, we move to new infrastructure, and we’ve watched cyber adversaries move to take advantage of that as well,” she said.

Publicly, the NSA advised on which videoconferencing and collaboration software was secure, and warned about the risks associated with virtual private networks, of which usage boomed after lockdowns began.

But behind the scenes, the NSA is working with federal partners to help protect the efforts to produce and distribute a vaccine for COVID-19, a feat that the U.S. government called Operation Warp Speed. News of NSA’s involvement in the operation was first reported by Cyberscoop. As the world races to develop a working COVID-19 vaccine, which experts say is the only long-term way to end the pandemic, NSA and its U.K. and Canadian partners went public with another Russian intelligence operation aimed at targeting COVID-19 research.

“We’re part of a partnership across the U.S. government, we each have different roles,” said Neuberger. “The role we play as part of ‘Team America for Cyber’ is working to understand foreign actors, who are they, who are seeking to steal COVID-19 vaccine information — or more importantly, disrupt vaccine information or shake confidence in a given vaccine.”

Neuberger said that protecting the pharma companies developing a vaccine is just one part of the massive supply chain operation that goes into getting a vaccine out to millions of Americans. Ensuring the cybersecurity of the government agencies tasked with approving a vaccine is also a top priority.

Here are more takeaways from the talk, and you can watch the interview in full below:

Why TikTok is a national security threat

TikTok is just days away from an app store ban, after the Trump administration earlier this year accused the Chinese-owned company of posing a threat to national security. But the government has been less than forthcoming about what specific risks the video sharing app poses, only alleging that the app could be compelled to spy for China. Beijing has long been accused of cyberattacks against the U.S., including the massive breach of classified government employee files from the Office of Personnel Management in 2014.

Neuberger said that the “scope and scale” of TikTok’s app’s data collection makes it easier for Chinese spies to answer “all kinds of different intelligence questions” on U.S. nationals. Neuberger conceded that U.S. tech companies like Facebook and Google also collect large amounts of user data. But that there are “greater concerns on how [China] in particular could use all that information collected against populations other than its own,” she said.

NSA is privately disclosing security bugs to companies

The NSA is trying to be more open about the vulnerabilities it finds and discloses, Neuberger said. She told TechCrunch that the agency has shared a “number” of vulnerabilities with private companies this year, but “those companies did not want to give attribution.”

One exception was earlier this year when Microsoft confirmed NSA had found and privately reported a major cryptographic flaw in Windows 10, which could have allowed hackers to run malware masquerading as a legitimate file. The bug was so dangerous that NSA reported the vulnerability to Microsoft, which patched the bug.

Only two years earlier, the spy agency was criticized for finding and using a Windows vulnerability to conduct surveillance instead of alerting Microsoft to the flaw. The exploit was later leaked and was used to infect thousands of computers with the WannaCry ransomware, causing millions of dollars’ worth of damage.

As a spy agency, NSA exploits flaws and vulnerabilities in software to gather intelligence on the enemy. It has to run through a process called the Vulnerabilities Equities Process, which allows the government to retain bugs that it can use for spying.

#anne-neuberger, #computer-security, #cyberattack, #cyberwarfare, #disrupt-2020, #government, #mass-surveillance, #microsoft, #microsoft-windows, #national-security-agency, #privacy, #security, #u-s-government

0

Russian Intelligence Hackers Are Back, Microsoft Warns, Aiming at Democrats and Republicans

China is also growing more adept at targeting campaign workers. But contrary to Trump administration warnings, Beijing is mostly aiming at Biden campaign officials.

#apple-inc, #biden-joseph-r-jr, #cyberwarfare-and-defense, #democratic-national-committee, #espionage-and-intelligence-services, #gru-russia, #homeland-security-department, #justice-department, #microsoft-corp, #national-security-agency, #obrien-robert-c-1952, #office-of-the-director-of-national-intelligence, #presidential-election-of-2020, #ratcliffe-john-lee-1965, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-cyber-command, #wolf-chad-f

0

Russian Intelligence Hackers Are Back, Microsoft Warns, Aiming at Officials of Both Parties

China is also growing more adept at targeting campaign workers. But contrary to Trump administration warnings, Beijing is mostly targeting Biden campaign officials.

#apple-inc, #biden-joseph-r-jr, #cyberwarfare-and-defense, #democratic-national-committee, #espionage-and-intelligence-services, #gru-russia, #homeland-security-department, #justice-department, #microsoft-corp, #national-security-agency, #obrien-robert-c-1952, #office-of-the-director-of-national-intelligence, #presidential-election-of-2020, #ratcliffe-john-lee-1965, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-cyber-command, #wolf-chad-f

0

NSA call records collection ruled illegal by US appeals court

A program run by the National Security Agency that collected details on billions of Americans’ phone calls was ruled illegal by a U.S. appeals court on Thursday.

The Ninth Circuit Court of Appeals found that the NSA’s “bulk collection” of call records violated the law, but the judges fell short of ruling the program unconstitutional.

The NSA used new powers in the wake of the September 11 terror attacks — known as Section 215 for its place in the law books — to scoop up billions of phone records every year by compelling U.S. phone giants to turn over daily call logs, which the agency uses to make connections between targets of interest. Those call records include who is calling who and when — but not the contents.

Details of the program were exposed by former NSA contractor Edward Snowden in 2013.

But the call records program, beset with problems, overcollection, and questions about its legality, was shut down last year.

Patrick Toomey, senior staff attorney with the ACLU’s National Security Project, said the ruling was a “victory” for privacy rights.

“The ruling makes plain that the NSA’s bulk collection of Americans’ phone records violated the Constitution. The decision also recognizes that when the government seeks to prosecute a person, it must give notice of the secret surveillance it used to gather its evidence,” said Toomey. “This protection is a vital one given the proliferation of novel spying tools the government uses today.”

The case at the Ninth Circuit involved Basaaly Moalin and three others, who were found guilty in 2013 for sending money to the militant group, Al-Shabaab. Moalin was convicted in part through call records collected by the NSA, but the role that the data played was so small that it did not undermine their convictions, reports Politico.

The NSA has long claimed that the program was vital for protecting the U.S. homeland stopping terrorist attacks. Past administrations claimed that the program stopped more than 50 attacks. But after congressional scrutiny, that figure was revised down to one identified individual — Moalin.

Although the court did not overturn Moalin’s conviction, the three-judge panel criticized the government’s previous statements and comments about the usefulness and effectiveness of the program, which the court said were “inconsistent with the contents of the classified record.”

Julian Sanchez, a civil liberties expert and senior fellow at the Cato Institute, tweeted: “The upshot of this Ninth Circuit opinion is that the NSA’s bulk phone record collection was illegal and probably unconstitutional, but it doesn’t matter because the program was also worthless.”

When asked if the NSA stood by its earlier statements, spokesperson Mike Dusak declined to comment.

#edward-snowden, #government, #mass-surveillance, #national-security, #national-security-agency, #security, #united-states

0

Decrypted: The block clock tick-tocks on TikTok

In less than three months and notwithstanding intervention, TikTok will be effectively banned in the U.S. unless an American company steps in to save it, after the Trump administration declared by executive order this week that the Chinese-built video sharing app is a threat to national security.

How much of a threat TikTok poses exactly remains to be seen. U.S. officials are convinced that the app could be compelled by Beijing to vacuum up reams of Westerners’ data for intelligence. Or is the app, beloved by millions of young American voters, simply a pawn in the Trump administration’s long political standoff with China?

Really, the answer is a bit of both — even if on paper TikTok is no worse than the homegrown threat to privacy posed by the Big Tech behemoths: Facebook, Instagram, Twitter and Google . But the foreign threat from Beijing alone was enough that the Trump administration needed to crack down on the app — and the videos frequently critical of the administration’s actions.

For its part, TikTok says it will fight back against the Trump administration’s action.

This week’s Decrypted looks at TikTok amid its looming ban. We’ll look at why the ban is unlikely, even if privacy and security issues persist.


THE BIG PICTURE

Internet watchdog says a TikTok ban is a ‘seed of genuine security concern wrapped in a thick layer of censorship’

The verdict from the Electronic Frontier Foundation is clear: The U.S. can’t ban TikTok without violating the First Amendment. Banning the app would be a huge abridgment of freedom of speech, whether it’s forbidding the app stores from serving it or blocking it at the network level.

But there are still legitimate security and privacy concerns. The big issue for U.S. authorities is that the app’s parent company, ByteDance, has staff in China and is subject to Beijing’s rules.

#adware, #android, #apps, #bytedance, #china, #democratic-national-committee, #electronic-frontier-foundation, #extra-crunch, #federal-bureau-of-investigation, #google, #market-analysis, #motherboard, #national-security-agency, #operating-systems, #privacy, #security, #social, #tc, #tiktok

0

Trump Says He’ll Look Into a Pardon for Edward Snowden

The remarks seemed to be a shift for President Trump, who repeatedly called Mr. Snowden a “traitor” and “spy who should be executed” in the years before his election.

#defense-department, #esper-mark-t, #national-security-agency, #snowden-edward-j, #trump-national-golf-club-bedminster-nj, #trump-donald-j, #united-states-politics-and-government

0

NSA and FBI warn that new Linux malware threatens national security

NSA and FBI warn that new Linux malware threatens national security

Enlarge (credit: Suse)

The FBI and NSA have issued a joint report warning that Russian state hackers are using a previously unknown piece of Linux malware to stealthily infiltrate sensitive networks, steal confidential information, and execute malicious commands.

In a report that’s unusual for the depth of technical detail from a government agency, officials said the Drovorub malware is a full-featured tool kit that was has gone undetected until recently. The malware connects to command and control servers operated by a hacking group that works for the GRU, Russia’s military intelligence agency that has been tied to more than a decade of brazen and advanced campaigns, many of which have inflicted serious damage to national security.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 US Presidential Election as described in the 2017 Intelligence Community Assessment, Assessing Russian Activities and Intentions in Recent US Elections (Office of the Director of National Intelligence, 2017),” officials from the agencies wrote.

Read 13 remaining paragraphs | Comments

#apt-28, #biz-it, #fancy-bear, #fbi, #federal-bureau-of-investigation, #linux, #malware, #national-security-agency, #nsa, #policy, #russia, #tech

0

Beware of find-my-phone, Wi-Fi, and Bluetooth, NSA tells mobile users

Photograph of a map app on a smartphone.

Enlarge (credit: Christine Wang / Flickr)

The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed as well as limit location data usage by apps.

“Location data can be extremely valuable and must be protected,” an advisory published on Tuesday stated. “It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations.”

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all.

Read 12 remaining paragraphs | Comments

#biz-it, #location-data, #mobile-devices, #national-security-agency, #nsa, #policy, #privacy, #tech

0

Trump Still Defers to Putin, Even as He Dismisses U.S. Intelligence and the Allies

Say this about President Trump’s approach to Moscow: It’s been consistent.

#afghanistan-war-2001, #coronavirus-2019-ncov, #democratic-national-committee, #espionage-and-intelligence-services, #germany, #internet-research-agency-russia, #justice-department, #national-security-agency, #north-atlantic-treaty-organization, #putin-vladimir-v, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #taliban, #trump-donald-j, #united-states-international-relations

0

Russian Hackers Trying to Steal Coronavirus Vaccine Research

The hackers have been targeting British, Canadian and American organizations researching vaccines using spear-phishing and malware.

#coronavirus-2019-ncov, #cyberattacks-and-hackers, #national-security-agency, #russia, #vaccination-and-immunization

0

Congress Presses Military Leaders on Suspected Russian Bounties

Two House hearings grappled with a C.I.A. assessment that Russia offered payments to kill American troops in Afghanistan — and White House inaction on the months-old judgment.

#afghanistan, #afghanistan-war-2001, #central-intelligence-agency, #classified-information-and-state-secrets, #defense-department, #esper-mark-t, #espionage-and-intelligence-services, #gru-russia, #milley-mark-a, #morell-michael-j, #national-counterterrorism-center, #national-security-agency, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #taliban, #trump-donald-j, #united-states-defense-and-military-forces, #united-states-international-relations, #united-states-politics-and-government

0

New Administration Memo Seeks to Foster Doubts About Suspected Russian Bounties

Criticized for its inaction, the Trump administration commissioned a new look at a months-old intelligence assessment. It emphasizes gaps.

#afghanistan, #afghanistan-war-2001, #central-intelligence-agency, #defense-and-military-forces, #espionage-and-intelligence-services, #gru-russia, #national-intelligence-council, #national-security-agency, #ratcliffe-john-lee-1965, #russia, #taliban, #targeted-killings, #trump-donald-j, #united-states-defense-and-military-forces, #united-states-politics-and-government

0

White House Dismisses Reports of Bounties, but Is Silent on Russia

Robert C. O’Brien, the national security adviser, told Fox News that President Trump knew nothing about the reports because the briefer “decided not to” share unverified intelligence with him.

#afghanistan-war-2001, #central-intelligence-agency, #espionage-and-intelligence-services, #iran, #national-security-agency, #obrien-robert-c-1952, #russia, #sanner-beth, #taliban, #targeted-killings, #trump-donald-j, #united-states-defense-and-military-forces, #united-states-international-relations, #united-states-politics-and-government

0

Pentagon Denies Spying on Americans Protesting Police Killings

The Defense Department’s top intelligence official said that he had not been ordered to conduct surveillance on citizens, and that he supported their right to demonstrate peacefully.

#defense-department, #defense-intelligence-agency, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #george-floyd-protests-2020, #house-committee-on-intelligence, #national-geospatial-intelligence-agency, #national-guard, #national-security-agency, #schiff-adam-b, #surveillance-of-citizens-by-government, #trump-donald-j, #united-states-defense-and-military-forces

0

As Virus Toll Preoccupies U.S., Rivals Test Limits of American Influence

The coronavirus may have changed almost everything, but it didn’t change this: Global competition spins ahead — and in many ways has accelerated.

#communist-party-of-china, #coronavirus-2019-ncov, #cyberwarfare-and-defense, #defense-and-military-forces, #defense-department, #embargoes-and-sanctions, #esper-mark-t, #espionage-and-intelligence-services, #islamic-state-in-iraq-and-syria-isis, #national-security-agency, #north-atlantic-treaty-organization, #nuclear-tests, #pompeo-mike, #state-department, #trump-donald-j, #united-states-international-relations, #zarif-mohammad-javad

0

U.S. Accuses Russian Military Hackers of Attack on Email Servers

The unusually public complaint showed that American spy agencies are becoming more aggressive in calling out Moscow’s interference as the presidential election approaches.

#computer-security, #computers-and-the-internet, #cyberwarfare-and-defense, #defense-and-military-forces, #espionage-and-intelligence-services, #gru-russia, #national-security-agency, #presidential-election-of-2020, #putin-vladimir-v, #russia, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #trump-donald-j, #united-states-cyber-command, #united-states-politics-and-government

0

Russian hackers are exploiting bug that gives control of US servers

Stylized photo of desktop computer.

Enlarge (credit: Lino Mirgeler/picture alliance via Getty Images)

A Russian hacking group tied to power-grid attacks in Ukraine, the world’s most destructive data wiper worm, and other nefarious Kremlin operations is exploiting a vulnerability that allows it to take control of computers operated by the US government and its partners.

In an advisory published on Thursday, the US National Security Agency said that the Sandworm group was actively exploiting a vulnerability in Exim, an open source mail transfer agent, or MTA, for Unix-based operating systems. Tracked as CVE-2019-10149, the critical bug makes it possible for an unauthenticated remote attacker to send specially crafted emails that execute commands with root privileges. With that, the attacker can install programs of their choosing, modify data, and create new accounts.

A patch CVE-2019-10149 has been available since last June. The attacks have been active since at least August. NSA officials wrote:

Read 6 remaining paragraphs | Comments

#biz-it, #exim, #hacking, #national-security-agency, #nsa, #policy, #russia, #sandworm

0

U.S. to Accuse China of Trying to Hack Vaccine Data, as Virus Redirects Cyberattacks

Iran and other nations are also looking to steal data and exploit the pandemic with attacks on infrastructure, officials say.

#china, #computer-security, #computers-and-the-internet, #coronavirus-2019-ncov, #cyberwarfare-and-defense, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #homeland-security-department, #iran, #israel, #medicine-and-health, #national-security-agency, #south-korea, #united-states-international-relations, #united-states-politics-and-government

0

National Security Surveillance on U.S. Soil Fell Amid Scrutiny of Russia Inquiry

But overseas targets of the government’s warrantless surveillance program continued to soar in 2019, a new report disclosed.

#classified-information-and-state-secrets, #espionage-and-intelligence-services, #federal-bureau-of-investigation, #foreign-intelligence-surveillance-act-fisa, #national-security-agency, #office-of-the-director-of-national-intelligence, #page-carter, #privacy, #russian-interference-in-2016-us-elections-and-ties-to-trump-associates, #surveillance-of-citizens-by-government, #united-states, #wiretapping-and-other-eavesdropping-devices-and-methods

0