As the U.S. investigation into the SolarWinds hacking campaign grinds on, lawmakers are demanding answers from the National Security Agency about another troubling supply chain breach that was disclosed five years ago. From a report: A group of lawmakers led by Sen. Ron Wyden, D-Ore., are asking the NSA what steps it took to secure defense networks following a years-old breach…
Tag: HACK
FireEye Releases Tool For Auditing Networks for Techniques Used by SolarWinds Hackers
Cybersecurity firm FireEye has released today a report detailing the techniques used by the SolarWinds hackers inside the networks of companies they breached. From a report: Together with the report, FireEye researchers have also released a free tool on GitHub named Azure AD Investigator that they say can help companies determine if the SolarWinds hackers (also known as UNC2452) used any…
Attackers May Still Be Breaking into US Networks Without SolarWinds, CISA says
On Friday, America’s Cybersecurity and Infrastructure Security Agency revealed that the “threat actor” behind the massive breach of U.S. networks through compromised SolarWinds software also used password guessing and password spraying attacks, according to ZDNet. And they may still be breaching federal networks, reports GCN: “Specifically, we are investigating incidents in which activity indicating abuse of Security Assertion Markup Language (SAML)…
SolarWinds Hackers Accessed DOJ Emails, But there’s No Indication They Reached Classified Systems
Hackers who tapped into government networks through SolarWinds software potentially accessed about 3% of the Justice Department’s email accounts, but there’s no indication they accessed classified systems, a DOJ spokesperson said in a statement Wednesday. From a report: The DOJ Office of the Chief Information Officer learned of the hack the day of Christmas Eve, according to the statement, where agents…
US: Hack of Federal Agencies ‘Likely Russian In Origin’
Top national security agencies in a rare joint statement Tuesday confirmed that Russia was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump’s claim that China might be to blame. The Associated Press reports: The statement represented the U.S. government’s first formal attempt to assign responsibility for the breaches at multiple agencies and to…
Is the US Government’s Cybersecurity Agency Up to the Job?
CNN reports that some critics are now questioning whether America’s Cybersecurity and Infrastructure Security Agency (CISA) is equipped to protect the integrity of government systems from adversaries: Some of the nearly half-dozen government agencies affected by the hack have recently reached out to CISA for help with addressing the known vulnerabilities that were exploited in the attack but were told the…
Dozens Sue Amazon’s Ring After Camera Hack Leads To Threats and Racial Slurs
Dozens of people who say they were subjected to death threats, racial slurs, and blackmail after their in-home Ring smart cameras were hacked are suing the company over “horrific” invasions of privacy. From a report: A new class action lawsuit, which combines a number of cases filed in recent years, alleges that lax security measures at Ring, which is owned by…
Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker
Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. TorrentFreak reports: During the past 24 hours, various Twitter accounts (1,2) have been posting snippets from documents that were recently leaked from Nintendo. While there are numerous items of interest, the most shocking revelations involve Neimod, a hacker who…
UK Use of Software Linked To Russia-Hack Runs Deep
The little-known Texas software company that’s been attacked by suspected Russian hackers has a sprawling reach among U.K. government agencies, potentially putting clients from the National Health Service to police forces at risk. From a report: SolarWinds, which fell victim to hackers who put a “backdoor” in the software giving them access to users’ computer networks, has been deployed by the…
Hackers Tied To Russia Hit US Nuclear Agency, Three States
The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber attack that struck a number of federal government agencies. Microsoft Corp. was also breached, and its products were used to further attacks on others, Reuters reported. Bloomberg reports: The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile,…