now browsing by tag


Former #Tennessee Gov. #Bredesen’s Senate #campaign fears it was #hacked

Source: National Cyber Security News

Former Tennessee Gov. Phil Bredesen’s Senate campaign told the FBI in a letter Thursday that it fears it was hacked.

The revelation comes as intelligence experts predict a widespread threat of cyberattacks on campaigns and election systems from both domestic and foreign hackers.
According to a copy of the letter obtained by CNN, Bredesen’s campaign “received multiple emails that appeared to be from the campaign’s media buyer” on February 28, which included specific details about a planned media buy and “urged the campaign to wire funds to an international bank account.”
    The letter, written by the campaign’s counsel Robert Cooper and sent to the FBI’s Memphis division, also detailed another email received on the same day which “purport(ed) to be from a principal in the media team that produced the TV commercial, urging transfer of the funds.”
    An FBI official confirmed that the Memphis field office received the letter but declined to comment further.
    Following the phishing attempt, the campaign hired a security firm “to determine the extent of any breaches and review security protocols,” according to the letter.

    Read More….


    View full post on National Cyber Security Ventures

    How #Facebook’s Annual #Hacktober Campaign Promotes #Cybersecurity to #Employees

    Source: National Cyber Security – Produced By Gregory Evans

    While the word “cybersecurity” may evoke thoughts of highly sophisticated attacks that require fancy computing equipment and skilled hackers, the reality is that most attacks — especially in a corporate environment — involve simpler strategies that depend upon one thing: exploiting human behavior.

    Most companies are hard at work building technology to better protect themselves and their users or customers. But technology can only get us so far. People are the most important factor in any company’s cybersecurity strategy, and investing in security engagement goes a long way in helping companies reduce the probability of a breach.

    Facebook runs security engagement programs year-round, but the most important tool in our arsenal is Hacktober, an annual, monthlong tradition each October designed to build and maintain a security-conscious culture. It’s our version of National Cyber Security Awareness Month, a campaign to get people involved in cyber security and play their part in making the internet safer and more secure for everyone.

    Hacktober has a number of different elements, from phishing tests and marketing campaigns to contests, workshops, and expert talks. Participation is not mandatory, but we find that about one-third of employees participate in at least one activity over the course of the month. Everything is designed to remind our employees how to protect themselves, our company, and the millions of people who use Facebook every day.

    Security awareness can be engaging rather than scary — or worse, boring. If we create an interactive and fun environment around security, people will learn important security lessons and retain them throughout the year.

    At Facebook, we take a “hacker” approach to security awareness because that ethos is a core part of our culture, which means it resonates with our employees. One of the best examples of this is our Capture the Flag (CTF) competitions.

    CTFs are computer-based competitions that allow people to practice securing machines and defending against mock cyber security attacks. We know many of our employees enjoy solving complex problems in a competitive environment, and CTFs give us a way to create that type of fun, competitive atmosphere around security education. This year we deployed two versions: a jeopardy-style CTF where challenges could be solved by doing research and an attack-defense CTF that relied on real-world attacks and exploits. The CTFs were hosted on our open-sourced platform, and the challenges were designed by a cross-functional team of security engineers each with a specialized skill set (mobile application security, Windows security, and so on) to ensure a well-rounded CTF experience.

    In the spirit of keeping things fun and engaging, we also offered a series of lighter events that reflected our hacker culture, like hands-on lock picking classes. And to generate buzz around all of our activities and keep our employees engaged, we offered Hacktober-branded “swag” — T-shirts, hats, stickers, and magnets —designed in the “Hack-o-lantern” branding we’ve established over the last seven years.

    All employees should feel comfortable talking about security. Everyone should be able to raise concerns without hesitation, even if their role in keeping our company safe may not be so obvious.

    We believe all employees must participate in keeping Facebook a safe, secure place on internet. Over the course of Hacktober, we run a series of “hacks” such as phishing emails and rogue authentication pushes that help us assess the response of our employees to these simulated attacks. We also hold informal fireside chats with speakers like Condoleezza Rice, the former U.S. secretary of state and renowned expert on geopolitical risk. Her joint talk with Facebook CSO Alex Stamos gave people an opportunity to hear about the evolution of nation state–sponsored cyberattacks.

    To mitigate the risk of human error, companies need to broaden their definition of security. Hacktober isn’t just about “cyber” security. It’s also about the physical security and safety of our employees. We partner with our physical security colleagues to provide training classes for employees, such as a travel safety course geared toward female employees, and use Facebook to share training videos on the threat of tailgating.

    Employees should know the people who work on our security teams. And they should understand their role in protecting people on Facebook.

    Facebook has grown over the years, which means the process of identifying and communicating with members of the security team can be challenging. We tried to simplify this by creating a security help form on our intranet as well as offering tours of our Global Security Operations Center. We also promote our security work through a massive marketing campaign: We built a dedicated microsite for people to visit and learn about different activities, and promoted it with Hacktober posters, resource cards, and coffee sleeves. We also created an internal Hacktober Facebook group where employees could post questions, provide feedback, collaborate on CTF challenges, or just post their thoughts on current security topics or concerns.

    Hacktober is also a great learning opportunity for the security team. The microsite served as a data source for us to find out what people are most interested in, but we’re constantly tracking metrics that help us improve our programs — and we try to apply some of the lessons in real time. For example, we suspended this year’s phishing campaign in the middle of the month when our data showed a significant drop in people clicking on phishing links and an increase in the number of people reporting the phishing scams to the security team. In essence, we had achieved our goal of changing employee behavior and decided it would be better to allocate resources elsewhere.

    Campaigns like Hacktober can be one of the most effective ways to assess social engineering risk and understand what types of human behavior your company or organization is most vulnerable to. Is it phishing? Weak passwords? Physical security? And what tools or tactics can your team deploy to address these threats?

    We designed Hacktober to fit the culture and security needs of Facebook, but other companies can apply many of these principles as well. Just remember that any successful campaign must have support from senior leadership, align with the company culture, and take some of the fear out of the security conversation. Security education isn’t about shaming people for poor habits. It’s about rewarding positive behavior and fostering a security-conscious culture among your most critical resource: people.

    Here’s how your company can create its own Hacktober:

    • Prioritize organization and branding. Facebook decorates its walls with posters with a distinctive “Hack-o-lantern” design and uses internal groups to share posts about Hacktober. Creating a unique identity for your awareness effort helps people identify it and find ways to get involved.
    • Partner with third-party organizations. The National Cyber Security Alliance is a great partner for security awareness work and offers ideas and content.
    • Recognize and reward engagement. Hacktober memorabilia like T-shirts and stickers are wildly popular at Facebook. Facebook employees who report suspicious activity or uncover one of our hacks are rewarded with one of these coveted prizes, which help drive awareness and incentivize others to get involved.
    • Run real-world security tests. Simple tests can go a long way toward reminding people to remain vigilant. We recommend things people would encounter in an average work day: sending spear-phishing emails (malicious emails that appear to come from a trusted source) or dropping USB drives around the office with fake malware, which teaches employees to think twice before plugging an unknown device into their computer.
    • Bring people together. Offer educational sessions with your security team, host interactive workshops, and run competitions and contests. You can even use the Facebook open-source CTF platform to run your own CTFs.
    • Keep it fun. Security doesn’t have to be scary. Facebook has invited families to its HQ for a safety-themed movie and pumpkin-carving night. These and other hands-on activities help educate people in a fun, casual environment.

    The post How #Facebook’s Annual #Hacktober Campaign Promotes #Cybersecurity to #Employees appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    Chinese #hacking group #returns with new #tactics for #espionage #campaign

    Source: National Cyber Security – Produced By Gregory Evans

    Chinese #hacking group #returns with new #tactics for #espionage #campaign

    A Chinese hacking operation is back with new malware attack techniques and has switched its focus to conducting espionage on western corporations, having previously targeted organisations and individuals in Taiwan, Tibet, and the Philippines.

    Dubbed KeyBoy, the advanced persistent threat actor has been operating out of China since at least 2013 and in that time has mainly focused its campaigns against targets in South East Asia region.

    The last publicly known actively by KeyBoy saw it target the Tibetan Parliament between August and October 2016, according to researchers, but following that the group appeared to cease activity — or at least managed to get off the radar.

    But now the group has reemerged and is targeting western organisations with malware which allows them to secretly perform malicious activities on infected computers. They include taking screenshots, key-logging, browsing and downloading files, gathering extended system information about the machine, and shutting down the infected machine.

    KeyBoy’s latest activity has been uncovered by security analysts at PwC, who’ve analysed the new payload and found it includes new infection techniques replacing legitimate Windows binaries with a copy of the malware.

    Like similar espionage campaigns by other hacking operations, the campaign begins with emails containing a malicious document – in the case analysed by PwC, the lure was a Microsoft Word document named ‘ Q4 Work Plan.docx’.

    But rather than delivering macros or an exploit, the lure uses the Dynamic Data Exchange (DDE) protocol to fetch and download a remote payload. Microsoft has previously described DDE as a feature, not a flaw.

    In this case, Word tells the user there’s been an error and the document needs updating – if this instruction is run, a remote fake DLL payload is run, which in turn serves up a dropper for the malware.

    Once the process has been run and the malware is installed, the initial DLL is deleted, leaving no trace of the malicious fake. As the malware also disables Windows File Protection and related popups, it therefore isn’t immediately obvious to system administrators that a legitimate DLL was replaced.

    Once inside the target system, the attackers are free to conduct espionage campaigns as they please – although PwC researchers have listed possible indicators of compromisewhich organisations can use to discover if there are traces of KeyBoy in the network.

    Similar techniques and attack capabilities have been observed in past KeyBoy campaigns, leading researchers to conclude that this campaign is by the same group.

    Researchers have yet to uncover which specific organisations or sectors KeyBoy is targeting with its latest campaign, but say that the group has now turned its attention to conducting corporate espionage on organisations in the west.

    Aside from knowing that they’re based in China, it’s not yet been possible to uncover the KeyBoy hacker group or identify their ultimate motives. While it has some of the hallmarks of a state-backed operation, previous research into the group says any type of criminal gangcould operate this style of campaign.


    The post Chinese #hacking group #returns with new #tactics for #espionage #campaign appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign

    Source: National Cyber Security – Produced By Gregory Evans

    This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign

    Ransomware is being used to hide an elaborate, targeted hacking campaign which went undetected for months before the attackers pulled the plug and encrypted hundreds of machines at once in an effort to remove stolen data while also covering their tracks.

    The campaign targeted several Japanese organisations in attacks which lasted from three to nine before a ransomware attack used a wiper on compromised machines in an effort to hide the operation.

    Forensic investigation of the infected machines by researchers at Cybereason has led them to the conclusion that the attacker made the attempt to wipe evidence of the operation and destroy any traces of attack.

    The name of the ransomware comes from the .oni file extension of encrypted files as well as the email address in the ransom note, which translates to “Night of the Devil” – the name researchers have given to the operation. Researchers note that ONI shares much of its code with GlobeImposter ransomware.

    Attacks using ONI ransomware have been carried out against Japanese targets for some time, but the investigation into the latest wave of attacks uncovered a new variant, MBR-ONI, a form of the ransomware which comes equipped with bootkit features.

    The new bootkit ransomware is based on DiskCryptor, a legitimate disk encryption tool, the code of which has also been found in Bad Rabbit ransomware.

    While MBR-ONI bootkit ransomware was used against a controlled set of targets, such as Active Directory server and other critical assets, ONI was used against the rest of the endpoints in an infected network.

    The ONI-based attacks all begin in the same way, with spear-phishing emails distributing malicious Office documents which drops the Ammyy Admin remote access tool.

    Once inside the system, attackers map the internal networks, harvesting credentials and moving laterally through the system – researchers suspect that the leaked NSA SMB exploit EternalBlue plays a role in enabling the attackers to spread through the network.

    Ultimately compromise critical assets including the domain controller to gain full control of the network and the ability to exfiltrate any data deemed important.

    Once the attackers are done with the infected network, ONI and MBR-ONI ransomware was run.

    While ONI does provide a ransom note and the prospect of recovering encrypted data, researchers believe MBR-ONI is designed to never provide a decryption key, but rather as a wiper to cover the attackers’ footprints and conceal the true goals of the attack: espionage and removing data over a period of months.

    During investigations of targeted organisations, it was found that some had been compromised since December 2016, indicating long-term planning and sophistication on behalf of the attackers.

    While ONI and the newly discovered MBR-ONI exhibit all the characteristics of ransomware, our analysis strongly suggests that they might have actually been used as wipers to cover an elaborate scheme,” said Assaf Dahan, director of advanced security services at Cybereason

    “The use of ransomware and/or wipers in targeted attacks is not a very common practice, but it is on the rise. We believe ‘The Night of the Devil’ attack is part of a concerning global trend in which threat actors use ransomware/wipers in targeted attacks,” he added.

    Researchers haven’t been able to comprehensively conclude who is behind the campaign and Russian language in the code could provide a clue or a diversion in equal measure.

    “The question of attribution is a tricky one. The Russian language traces found in the binary files could suggest that there is a Russian threat actor behind the attack. That being said, this kinda of data can also be easily manipulated by the attackers to throw researchers off track,” Dahan told ZDNet.

    The post This #destructive #wiper #ransomware was used to #hide a #stealthy #hacking #campaign appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures


    Source: National Cyber Security – Produced By Gregory Evans

    Netflix customers are being targeted by hackers posing as employees of the video streaming website in order to steal their credit card details. Researchers at the cybersecurity firm PhishMe uncovered the phishing campaign, which sent out Netflix-branded emails claiming to be from the company’s support team. Emails in the campaign…

    The post NETFLIX PHISHING CAMPAIGN STEALS CUSTOMERS’ CREDIT CARD DETAILS appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    How a suspected nation state cyber campaign turned out to be a lone hacker in Nigeria

    Source: National Cyber Security – Produced By Gregory Evans

    A hacker in his mid-20’s who used the motto “get rich or die trying” on social media has been linked to a series of cyberattacks against global companies in the energy, construction, mining, oil and infrastructure sectors that were initially believed to be state-sponsored operations. That’s according to Check Point,…

    The post How a suspected nation state cyber campaign turned out to be a lone hacker in Nigeria appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    Researchers Find Cyberattacks on The Epoch Times Part of Larger Hacking Campaign

    Source: National Cyber Security – Produced By Gregory Evans

    New research suggests that a series of large-scale cyberattacks on The Epoch Times, starting in January and continuing to the present, are part of a coordinated campaign. CitizenLab of the University of Toronto published a report on July 5, which detailed the cyberattacks and noted that several Chinese-language news outlets…

    The post Researchers Find Cyberattacks on The Epoch Times Part of Larger Hacking Campaign appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    Melania Trump kicks off anti-bullying campaign in White House

    To Purchase This Product/Services, Go To The Store Link Above Or Go To First Lady Melania Trump finally kicked off her campaign to end cyber bullying by making her first presentation to a very small crowd in the White House yesterday. Melania pledged during …

    The post Melania Trump kicks off anti-bullying campaign in White House appeared first on

    View full post on

    Passwords at centre of latest cyber security campaign

    Source: National Cyber Security – Produced By Gregory Evans

    Passwords at centre of latest cyber security campaign

    A new cyber security campaign has been launched to help improve the ‘password hygiene’ of the Brock community.

    Brock ITS Services is reminding people to change their passwords regularly and to make them strong by including numbers, symbols and characters.

    In order to keep information protected, passwords should never be shared or made visible.

    Tips from ITS:

    Pick a strong password that is difficult to guess and contains a mixture of letters, numbers and special characters. One method is to pick a memorable sentence to convert into a password. For instance, “The best university in the world is Brock University!” could be used as “TbuinwiBU!” by using the first letter of each word. An entire sentence can also be used with special characters in a pattern. For example, “My cat has furry feet” could be used as “My, cat,has,furry,feet!”
    Use different passwords for different services.
    Do not share your passwords or make them visible to anyone.
    Change your password every four months.
    Use a password management program or service.


    The post Passwords at centre of latest cyber security campaign appeared first on National Cyber Security Ventures.

    View full post on National Cyber Security Ventures

    Hennepin County, nonprofit team up for fifth year of child abuse prevention campaign

    Hundreds of blue signs raising awareness about child abuse will be placed this month around the metro area, marking the fifth year of the annual Blue Kids Campaign.

    Hundreds of blue signs raising awareness about child abuse will be placed this month around the metro area, marking the fifth year of the annual Blue Kids Campaign.

    Hennepin County and CornerHouse, a Minneapolis nonprofit that helps families and adults dealing with abuse, launched the campaign Wednesday by planting 100 signs at the Hennepin County Government Center in downtown Minneapolis. The signs represent the thousands of kids abused in Minnesota each year. April is National Child Abuse Prevention Month.

    Read More

    The post Hennepin County, nonprofit team up for fifth year of child abuse prevention campaign appeared first on Parent Security Online.

    View full post on Parent Security Online