U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. military against foreign targets, Barr said the DOJ did so in this case because the accused “indiscriminately” targeted American civilians on a massive scale. The U.S.

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The four members of the Chinese military unit are Wu Zhiyong (???), were members of the PLA’s 54 th Research Institute, a component of the Chinese military.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

GCHQ implements World War II cipher machines in encryption app CyberChef

Security Affairs

UK intelligence agency GCHQ released emulators for World War II cipher machines (Enigma, Typex and The Bombe) that can be executed in the encryption app CyberChef. The post GCHQ implements World War II cipher machines in encryption app CyberChef appeared first on Security Affairs.

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use. Here are excerpts edited for clarity and space: LW: What’s wrong with granting governments the ability to break encryption?

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. control cybersecurity departmentofdefense encryption nationalsecuritypolicy operationalsecurity passwords reports vulnerabilities weapons

Crypto AG Was Owned by the CIA

Schneier on Security

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. Sources tell KrebsOnSecurity that Microsoft Corp.

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.

Texas Government Agencies Hit by Ransomware

Adam Levin

The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Security Operation Center to investigate the attack and restore critical services where possible. .

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Security Affairs

Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files. The encrypted files and ransom note are associated with a Ryuk ransomware infection.

UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Security Affairs

The governments of Britain and the US declared that Russia’s military intelligence service GRU is behind the massive cyber attack that hit Georgia during 2019. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement.

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012.

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

Data that travels over a public hotspot network is rarely encrypted. The answer is a virtual private network (VPN) which creates a private tunnel between your device and the internet and encrypts your data. Isn’t public Wi-Fi great?

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

The chips were alleged to have spied on users of the devices and sent unspecified data back to the Chinese military. Establish and maintain end-to-end encryption for all applications.

IT 285

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

The amount requested for the Department of Defense in the “ DOD Releases Fiscal Year 2021 Budget Proposal ” is nearly the same one as last year for cyber operations that the US military will conduct in 2020. The US administration requested $9.8

Crypto AG was spied for US, German intelligence agencies for decades

Security Affairs

Swiss authorities are investigating into allegations the company Crypto AG, a Switzerland-based maker of encryption devices, was a front company for the CIA and German intelligence.

MY TAKE: How state-backed cyber ops have placed the world in a constant-state ‘Cyber Pearl Harbor’

The Last Watchdog

That May 10th air strike by the Israel Defense Force marked the first use of military force in direct retaliation for cyber spying. This comes as no surprise to anyone in the military or intelligence communities. Russia explicitly recruits folks already engaged in criminal activities, and once recruited, they are contracted and connected to military organizations for direction and oversight,” Bort told me.

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. That was the problem company Co-Founder and CEO Hed Kovetz, and his fellow military compatriots set out to solve in the commercial arena upon discharge from Unit 8200 a few years ago.

Companies need CASBs now more than ever — to help secure ‘digital transformation’

The Last Watchdog

FedEx discovered this when an unsecured Amazon Simple Storage Service (S3) server — configured for public access — exposed thousands of FedEx customer records, including civilian and military ID cards, resumes, bills, and more. . CipherCloud’s founders, for instance, came from an encryption services background. The vendor has built a broad portfolio of CASB services around this encryption core. “We

The Platinum APT group adds the Titanium backdoor to its arsenal

Security Affairs

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012.

Bouncing Golf cyberespionage campaign targets Android users in Middle East

Security Affairs

The attackers appear to be focused o n stealing military-related information. The malicious code allows the attackers to choose the data types to collect, stolen data is encrypted using a simple XOR operation with a pre-configured key, then it is sent to the C2 via HTTP POST requests.

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Italian Military Personnel and National Association of Professional Educators. Hackers were able to obtain 97 un-encrypted passwords, emails, telephone numbers, virtual hosts. Military Personnel. Guy Fawkes Day, November 5th 2018 – LulzSec Italy announced credit a string of hacks and leaks targeting numerous systems and websites across Italy.

MY TAKE: These 7 nation-state backed hacks have put us on the brink of a global cyber war

The Last Watchdog

Military operatives and intelligence units today routinely hack to knock down critical infrastructure, interfere with elections, and even to exact revenge on Hollywood studios. WannaCry encrypted data on company servers and demanded ransom payment in Bitcoin. So the hackers posted even more stolen digital records: contracts, phone lists, financial details, as well as cryptographic keys and digital certificates used to encrypt business records and authenticate Sony’s web properties.

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. That was the problem company Co-Founder and CEO Hed Kovetz, and his fellow military compatriots set out to solve in the commercial arena upon discharge from Unit 8200 a few years ago.

Ethical Hackers: A Business’s Best Friend?

Thales eSecurity

encryption, two-factor authentication and key management) to protect their data from hackers. military and Apple regularly offering rewards to anyone who can find and report vulnerabilities. Originally published in Forbes on July 29, 2019.

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

The victim was one of the most important leaders in the field of security and defensive military grade Naval ecosystem in Italy. At a first sight, the office document had an encrypted content available on OleObj.1 Stage1: Encrypted Content.

How to Ensure Your Digital Security During the Rugby World Cup

Thales eSecurity

First, it said that it would invest in cultivating military assets in the digital space, as reported by the Organization for World Peace. Now that it’s September, the excitement is beginning to build in earnest for the 2019 Rugby World Cup.

IoT 112

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. Exclusive: Pakistan and India to armaments.

2020 Predictions – Quantum knows what you did last summer

Thales eSecurity

Quantum computers can launch attacks that break asymmetric cryptography, rendering the entire PKI-based encryption method obsolete. The promise of quantum cryptanalysis is so alluring that some countries are already beginning to collect encrypted foreign communications with the expectation that they will be able to extract valuable secrets from that data in the future. Quantum computing is based on the quantum mechanics principles of superposition and entanglement.

Federal Agency Data is Under Siege

Thales eSecurity

For example, just last month Strava, a popular fitness navigation app, accidentally revealed the location of military bases in war zones worldwide potentially putting troops and U.S. Breaking barriers with encryption. To learn more about Thales’ data encryption solutions, click here.

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk.

5 Signs a Cyberattack Is Under Way and 5 Things You Need to Do Before It Happens

Adam Levin

drone attack that killed Iranian military commander Qassem Suleimani. Immediately following Iran’s counterstrike against American military posts in Iraq, a tweet circulated claiming that more than 20 American soldiers had been killed.

Surveillance after Snowden

Data Protector

Some have altered their communication methods, while others have taken advantage of new encryption tools. The report explains that: “States need secrets, for intelligence and military purposes, criminal investigations and a host of other reasons.

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

I recently visited with Silverfort CEO Hed Kovetz, who described how the idea for the company percolated when the co-founders were toiling in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. It is actually a mobile app that is running on your phone and communicating with the multifactor authentication provider over an encrypted tunnel.

Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security Affairs

SideWinder, a group that has been active since 2012, is a known threat and has reportedly targeted military entities’ Windows machines. Collected data is encrypted using RSA and AES encryption algorithms, then it is sent to the C&C server.

Have We Become Apathetic About Breaches?

Thales eSecurity

One such example is the recent disclosure that military personnel wearing Strava devices are revealing highly sensitive information about their locations and activities. For example, are they encrypting their data? Another day, another breach.

IoT 98

Q&A: Cloud Providers and Leaky Servers

Thales eSecurity

On both occasions Uber left its encryption keys on GitHub, which in part led to the breach. Before handing off resumes of people with top-secret clearance or military secrets to a vendor , the RFP and service-level agreements must spell out how to protect the data.

Cloud 71