U.S. Charges 4 Chinese Military Officers in 2017 Equifax Hack

Krebs on Security

as members of the PLA’s 54 th Research Institute, a component of the Chinese military. military against foreign targets, Barr said the DOJ did so in this case because the accused “indiscriminately” targeted American civilians on a massive scale. The U.S.

DoJ Blasts Apple on Lack of Encryption Backdoor - Again

Data Breach Today

Law Enforcement Leaders Say Encryption Delayed Terrorist Investigation; Apple Pushes Back Although FBI technicians were able to gain access to data in two iPhones belonging to a Saudi national who killed three U.S. sailors at a military base in Pensacola, Florida, the Justice Department continues to criticize Apple's refusal to offer law enforcement a backdoor to its encrypted devices

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Maze ransomware operators stole data from US military contractor Westech

Security Affairs

Hackers have stolen confidential documents from the US military contractor Westech, which provides critical support for US Minuteman III nuclear deterrent. Threat actors first compromised the Westech’s network, then stole the documents before encrypting them. “We recently experienced a ransomware incident, which affected some of our systems and encrypted some of our files.”

NEW TECH: DataLocker introduces encrypted flash drive — with key pad

The Last Watchdog

One sliver of the $90 billion, or so, companies are expected to spend this year on cybersecurity products and services is an estimated $85 million they will shell out for encrypted flash drives. DataLocker honed its patented approach to manufacturing encrypted portable drives and landed some key military and government clients early on; the company has continued branching out ever since. The encryption in our products is handled by a chip inside the actual hardware itself.

Chinese Military personnel charged with hacking into credit reporting agency Equifax

Security Affairs

The United States Department of Justice charged 4 Chinese military hackers with hacking into credit reporting agency Equifax. The four members of the Chinese military unit are Wu Zhiyong (???), were members of the PLA’s 54 th Research Institute, a component of the Chinese military.

InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Security Affairs

Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. The activity of the group is characterized by the heavy use of legitimate tools and per-victim encryption in the early stages of the attack chains.

Q&A: The troubling implications of normalizing encryption backdoors — for government use

The Last Watchdog

Should law enforcement and military officials have access to a digital backdoor enabling them to bypass any and all types of encryption that exist today? The disturbing thing is that in North America and Europe more and more arguments are being raised in support of creating and maintaining encryption backdoors for government use. Here are excerpts edited for clarity and space: LW: What’s wrong with granting governments the ability to break encryption?

The Myth of Consumer-Grade Security

Schneier on Security

The Department of Justice wants access to encrypted consumer devices but promises not to infiltrate business products or affect critical infrastructure. In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. The thing is, that distinction between military and consumer products largely doesn't exist.

Security Vulnerabilities in US Weapons Systems

Schneier on Security

From the summary: Automation and connectivity are fundamental enablers of DOD's modern military capabilities. control cybersecurity departmentofdefense encryption nationalsecuritypolicy operationalsecurity passwords reports vulnerabilities weapons

GUEST ESSAY: Why the hack of South Korea’s weapons, munitions systems was so predictable

The Last Watchdog

The disclosure that malicious intruders hacked the computer systems of the South Korean government agency that oversees weapons and munitions acquisitions for the country’s military forces is not much of a surprise. In today’s environment for commercial business, let alone government security and defense agencies, the de rigueur approach for cyber security necessarily includes end-to-end encryption, single sign-on, and two-factor authentication, at minimum.

Crypto AG Was Owned by the CIA

Schneier on Security

The Swiss cryptography firm Crypto AG sold equipment to governments and militaries around the world for decades after World War II. These spy agencies rigged the company's devices so they could easily break the codes that countries used to send encrypted messages.

Maze Ransomware operators hacked the Xerox Corporation

Security Affairs

Xerox Corporation is the last victim of the Maze ransomware operators, hackers have encrypted its files and threaten of releasing them. Maze ransomware operators have breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but the Maze ransomware operators published some screenshots that show that a Xerox domain has been encrypted.

Cryptic Rumblings Ahead of First 2020 Patch Tuesday

Krebs on Security

military and to other high-value customers/targets that manage key Internet infrastructure, and that those organizations have been asked to sign agreements preventing them from disclosing details of the flaw prior to Jan. Sources tell KrebsOnSecurity that Microsoft Corp.

Russia-linked APT28 targets govt bodies with fake NATO training docs

Security Affairs

The Excel file (XLS) is corrupted and cannot be opened by Microsoft Excel, it contains information about military personnel involved in the military mission “African Union Mission for Somalia,” but researchers were not able to determine if the information contained in the file is legitimate or not.

Texas Government Agencies Hit by Ransomware

Adam Levin

The DIR has yet to identify the affected government entities and is currently working with the Texas Military Department as well as the Texas A&M Cyberresponse and Security Operation Center to investigate the attack and restore critical services where possible. . The ransomware deployed is known is.JSE and typically works by encrypting files and appending the suffix “.jse.”.JSE

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP

Security Affairs

MAZE ransomware operators have stolen the data of the company before encrypting its systems and threaten to leak it in case the victim will not pay the ransom. Maze ransomware operators are very active in this period, recently they have stolen data from US military contractor Westech and the ST Engineering group , and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

US Govn contractor Electronic Warfare Associates infected with Ryuk ransomware

Security Affairs

Evidence of the hack is still visible online because Google has cashed the ransom notes and encrypted files. The encrypted files and ransom note are associated with a Ryuk ransomware infection.

Supply-Chain Security

Schneier on Security

Earlier this month, the Pentagon stopped selling phones made by the Chinese companies ZTE and Huawei on military bases because they might be used to spy on their users. Even al-Qaeda was concerned; ten years ago, a sympathizer released the encryption software Mujahedeen Secrets , claimed to be free of Western influence and backdoors. Members of the military, and everyone else, can still buy the phones. They just can't buy them on US military bases.

UK, US and its allies blame Russia’s GRU for 2019 cyber-attacks on Georgia

Security Affairs

The governments of Britain and the US declared that Russia’s military intelligence service GRU is behind the massive cyber attack that hit Georgia during 2019. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations worldwide.

Maze Ransomware operators published data from LG and Xerox

Security Affairs

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them. The company did not disclose the cyberattack, but early June the Maze ransomware operators published some screenshots that showed that a Xerox domain has been encrypted. Anyway, it is still unclear the extent of the attack, what internal systems have been encrypted by Maze gang and which files have been exfiltrated.

Russia-linked Gamaredon group targets Ukraine officials

Security Affairs

Russia-linked Gamaredon cyberespionage group has been targeting Ukrainian targets, including diplomats, government and military officials. Russia linked APT group tracked as Gamaredon has been targeting several Ukrainian diplomats, government and military officials, and law enforcement.

Maze ransomware gang leaked Canon USA’s stolen files

Security Affairs

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them. Maze ransomware operators have leaked online the unencrypted files allegedly stolen from Canon during a recent ransomware attack.

List of data breaches and cyber attacks in March 2020 – 832 million records breached

IT Governance

Randleman Eye Center says some files were encrypted in cyber attack (unknown). Medical and military contractor Kimchuk hit by ransomware (unknown). Financial companies embroiled in massive data leak after failing to encrypt info (500,000).

MY TAKE: How state-backed cyber ops have placed the world in a constant-state ‘Cyber Pearl Harbor’

The Last Watchdog

That May 10th air strike by the Israel Defense Force marked the first use of military force in direct retaliation for cyber spying. This comes as no surprise to anyone in the military or intelligence communities. Russia explicitly recruits folks already engaged in criminal activities, and once recruited, they are contracted and connected to military organizations for direction and oversight,” Bort told me.

NEW TECH: Silverfort extends ‘adaptive multi-factor authentication’ via key partnerships

The Last Watchdog

Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. That was the problem company Co-Founder and CEO Hed Kovetz, and his fellow military compatriots set out to solve in the commercial arena upon discharge from Unit 8200 a few years ago.

US administration requests $9.8B for cyber 2021 budget for the Department of Defense

Security Affairs

The amount requested for the Department of Defense in the “ DOD Releases Fiscal Year 2021 Budget Proposal ” is nearly the same one as last year for cyber operations that the US military will conduct in 2020. The US administration requested $9.8

Companies need CASBs now more than ever — to help secure ‘digital transformation’

The Last Watchdog

FedEx discovered this when an unsecured Amazon Simple Storage Service (S3) server — configured for public access — exposed thousands of FedEx customer records, including civilian and military ID cards, resumes, bills, and more. . CipherCloud’s founders, for instance, came from an encryption services background. The vendor has built a broad portfolio of CASB services around this encryption core. “We

Platinum APT and leverages steganography to hide C2 communications

Security Affairs

In June 2018, experts at Kaspersky were investigating attacks against government and military entities in South and Southeast Asian countries, The experts tracked the campaign as EasternRoppels, they speculate it may have started as far back as 2012. “In June 2018, we came across an unusual set of samples spreading throughout South and Southeast Asian countries targeting diplomatic, government and military entities.

Crypto AG was spied for US, German intelligence agencies for decades

Security Affairs

Swiss authorities are investigating into allegations the company Crypto AG, a Switzerland-based maker of encryption devices, was a front company for the CIA and German intelligence.

The Dangers of Using Unsecured Wi-Fi Networks

Security Affairs

Data that travels over a public hotspot network is rarely encrypted. The answer is a virtual private network (VPN) which creates a private tunnel between your device and the internet and encrypts your data. BullGuard VPN for instance uses military grade encryption which would take more than a lifetime to crack. Isn’t public Wi-Fi great? If you’re having a tea or coffee in a cafe or restaurant you can check your emails and social media.

Guy Fawkes Day – LulzSec Italy hit numerous organizations in Italy

Security Affairs

Italian Military Personnel and National Association of Professional Educators. Hackers were able to obtain 97 un-encrypted passwords, emails, telephone numbers, virtual hosts. Military Personnel. Guy Fawkes Day, November 5th 2018 – LulzSec Italy announced credit a string of hacks and leaks targeting numerous systems and websites across Italy.

Did Maze ransomware operators steal 10 GB of data from Canon?

Security Affairs

Maze ransomware operators have also breached the systems of the Xerox Corporation and stolen files before encrypting them. Maze operators were very active during the past months, they have also stolen data from US military contractor Westech and the ST Engineering group , and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Security Affairs newsletter Round 253

Security Affairs

Kr00k Wi-Fi Encryption flaw affects more than a billion devices. Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates. A new round of the weekly newsletter arrived! The best news of the week with Security Affairs. Google sued by New Mexico attorney general for collecting student data through its Education Platform. ISS reveals malware attack impacted parts of the IT environment.

NEW TECH: How ‘adaptive multi-factor authentication’ is gaining traction via partnerships

The Last Watchdog

Silverfort is the brainchild of a band of colleagues who toiled together in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. That was the problem company Co-Founder and CEO Hed Kovetz, and his fellow military compatriots set out to solve in the commercial arena upon discharge from Unit 8200 a few years ago.

MartyMcFly Malware: new Cyber-Espionage Campaign targeting Italian Naval Industry

Security Affairs

The victim was one of the most important leaders in the field of security and defensive military grade Naval ecosystem in Italy. At a first sight, the office document had an encrypted content available on OleObj.1 Stage1: Encrypted Content.

Qbot uses a new email collector module in the latest campaign

Security Affairs

Most of the infections were observed in organizations in the US and Europe, the most targeted industries were in the government, military, and manufacturing sectors. .

Maze Ransomware gang breached the US chipmaker MaxLinear

Security Affairs

MaxLinear restored some of the systems using its backups, despite Maze Ransomware threatened to leak over 1TB of data allegedly stolen before encrypting the infected systems. Maze ransomware operators are very active in this period, recently they have stolen data from US military contractor Westech and the ST Engineering group , and they have released credit card data stolen from the Bank of Costa Rica (BCR) threatening to leak other lots every week.

Exclusive: Pakistan and India to armaments: Operation Transparent Tribe is back 4 years later

Security Affairs

The Operation Transparent Tribe was first spotted by Proofpoint Researchers in Feb 2016, in a series of espionages operations against Indian diplomats and military personnel in some embassies in Saudi Arabia and Kazakhstan. Exclusive: Pakistan and India to armaments.

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk.

As 2-factor authentication falls short, ‘adaptive multi-factor authentication’ goes mainstream

The Last Watchdog

I recently visited with Silverfort CEO Hed Kovetz, who described how the idea for the company percolated when the co-founders were toiling in the encryption branch of Unit 8200 , the elite cybersecurity arm of the Israeli military. It is actually a mobile app that is running on your phone and communicating with the multifactor authentication provider over an encrypted tunnel.