now browsing by tag
With help from Eric Geller, Martin Matishak and John Hendel
Editor’s Note: This edition of Morning Cybersecurity is published weekdays at 10 a.m. POLITICO Pro Cybersecurity subscribers hold exclusive early access to the newsletter each morning at 6 a.m. Learn more about POLITICO Pro’s comprehensive policy intelligence coverage, policy tools and services at www.politicopro.com.
Story Continued Below
— The latest back-and-forth between the White House and House Democrats on impeachment features some jousting over the president’s remarks on the hacked DNC server.
— Cyber Command gave itself good grades in one of its most ambitious military cyber operations, Operation Glowing Symphony, internal documents released today found.
— Top DHS officials in recent days offered their perspective on cyber threats from Russia, China and Iran.
HAPPY TUESDAY and welcome to Morning Cybersecurity! Send your thoughts, feedback and especially tips to email@example.com. Be sure to follow @POLITICOPro and @MorningCybersec. Full team info below.
CEASELESS SERVER SILLINESS — The White House on Monday doubled down on the discredited claim that Ukraine hacked the DNC in 2016, suggesting that President Donald Trump was right to request Ukrainian President Volodymyr Zelensky’s help in investigating the conspiracy theory during their now-infamous phone call. Democrats seized on Trump’s reference to the DNC server in the July 25 call as evidence of the president’s fixation on a debunked right-wing talking point meant to boost his reelection prospects. But in a brief filed as part of the Senate impeachment trial, the White House said Democrats were wrong to claim that by exploring the possibility of Ukrainian hacking, Trump was dismissing Russian hacking.
“That convoluted chain of reasoning is hopelessly flawed,” the brief contended. “Simply asking about any Ukrainian involvement in the 2016 election — including with respect to hacking a DNC server — does not imply that Russia did not attempt to interfere with the 2016 election.” The administration further argued that Trump’s pursuit of the conspiracy theory “benefits the United States by laying bare all foreign attempts to meddle in our elections,” adding, “it is entirely possible that foreign nationals from more than one country sought to interfere in our election by different means (or coordinated means), and for different reasons.”
House Democrats rejected many of the White House’s arguments in their own filing, and they singled out another one of Trump’s cyber-related beliefs for special censure. Key to the “Ukraine hacked the DNC” conspiracy theory are the notions that (a) a Ukrainian oligarch owns the cybersecurity firm CrowdStrike and (b) CrowdStrike conducted the DNC intrusion. There is “no factual basis” for those beliefs, the House said, citing testimony by former NSC aide Fiona Hill and former homeland security adviser Tom Bossert, the latter of whom described the entire narrative as “not only a conspiracy theory” but one that “is completely debunked.”
IT WAS NO ‘OPERATION RAMSHACKLE JUG BAND’ — An internal U.S. Cyber Command review of a cyber offensive operation against ISIS that began in 2016 concluded the mission was a success that “imposed time and resource costs” on the terrorist group’s propaganda, according to documents released this morning by George Washington University’s National Security Archive. In partially redacted documents obtained via a Freedom of Information Act request, Cyber Command dubbed Operation Glowing Symphony the “most complex offensive cyberspace operation USCYBERCOM has conducted to date.”
The documents also revealed significant coordination in the operation. “Perhaps most importantly to the evolution of USCYBERCOM, Operation GLOWING SYMPHONY exercised the command’s ability to operate at scale while coordinating with combatant commanders, other US agencies, and coalition partners,” the Archive’s summary of the documents concludes.
ISN’T IT IRONIC? — SafeBreach Labs discovered a ransomware technique that abuses a Windows built-in file encryption feature for business users to, well, encrypt victim devices with ransomware, the company revealed this morning. Researchers called it a sign of how ransomware can move in an “alarming new direction,” and warned that “many security offerings from major Windows endpoint security vendors are affected.”
FAMOUS LAST WORDS — Acting DHS Secretary Chad Wolf on Friday said the U.S. government is ready to defend the 2020 election from Russian interference. “As we saw in 2016, we fully expect Russia to attempt to interfere in the 2020 elections to sow public discord and undermine our democratic institutions. Let me be clear: We are prepared,” according to prepared remarks Wolf gave at an event hosted by the Homeland Security Experts Group.
“More importantly, the state and local officials who run our elections are prepared,” Wolf said, adding that DHS would once again create classified and unclassified “election war rooms” connected to “election officials in all 50 states, political parties, social media companies,” the FBI, DoD and the intelligence community. Wolf admitted that even though leaders have been “laser-focused” on election security, “100 percent security is never realistic.” He noted that feds are working to bolster the country’s election systems and encouraging states to conduct audits of paper ballots. In 2020, “over 90 percent of votes will have a corresponding paper ballot. This is a significant achievement,” Wolf said.
— ALSO, DHS TALKS IRAN, CHINA THREATS: In the same speech, Wolf said “China is our most persistent nation state threat in the cyber realm,” primarily due to its cyber espionage but also because of its information operations. On Iran, he said, “We remain especially vigilant regarding cyber-enabled attacks from Iran against a range of U.S.-based targets — including our critical infrastructure,” according to his prepared remarks.
On a podcast and subsequently on Twitter, DHS CISA Director Chris Krebs discussed timing of Iranian cyber retaliation over the killing of Gen. Qassem Soleimani. “The truth here is that if the Iranians were going to do something, they would probably — it was already too late,” Krebs said. “If they were going to do something cyber — cybery — they would probably already be in a position and take the shot. We saw that they really didn’t.” Later, though, he specified that he meant attacks that depended on access for immediate retribution.
MORE WHITE HOUSE CYBER TURMOIL — Two key White House cyber-related positions are reportedly getting a shakeup. The NSC’s senior director for European and Russian affairs, Andrew Peek, was placed on administrative leave and apparently escorted out of the building, amid a security-related investigation. His predecessors in the job, Tim Morrison and Fiona Hill, testified in the House impeachment inquiry. Morrison held the position for a handful of months before leaving in October, making way for Peek.
Also on the move: Rear Adm. Peter Brown, Trump’s third counterterrorism and homeland security adviser. Bloomberg reported he’s being shifted out of the role he took on last summer to oversee Puerto Rico’s recovery from natural disasters, although the position he held has seen less cybersecurity responsibility of late.
ON THE EVE OF DAVOS CONFERENCE — The World Economic Forum’s Global Risks Perception Survey ranked cyberattacks and data fraud/theft among the top 10 risks. The larger Global Risks Report 2020 that contains the survey, released over the weekend, also warns about cyberattacks and their potential impact on the economy: “The current lack of global technology governance and the presence of cybersecurity blind spots increase the risk of a fragmented cyberspace and competing technology regulations.” A collection of related documents further offers advice to global leaders on cyber and more.
SENATE STALL FOR HUAWEI RIP-AND-REPLACE FUNDS — Over a month has passed since Sen. Mike Lee (R-Utah) blocked Senate Commerce Chairman Roger Wicker’s attempt to fast-track House-passed legislation, H.R. 4998, authorizing $1 billion in funding to reimburse rural wireless carriers that replace gear from companies deemed a national security risk (i.e. Chinese telecom giants Huawei and ZTE). Lee’s big concern: where lawmakers are getting the money (he prefers the Senate approach, which would pay for a $700 million fund via airwaves sale revenue).
But no resolution appears imminent as the Senate kicks off its impeachment trial. “We haven’t heard from Wicker or his staff but we are very happy to work with them if they reach out,” a Lee spokesman told Morning Tech on Friday. Wicker (R-Miss.) earlier this month, however, suggested an interest in hashing out the differences with Lee and said he didn’t think the Senate would resort to scheduling a roll-call vote to bypass Lee’s objections. Wicker also expressed some frustration with the process: “There’s something to be said for scheduling a bill, bringing it up for amendments, taking a couple days and letting the majority speak. We’re going to be in trouble if we become a body where one member has veto authority over every issue.”
And Huawei is watching the legislation closely, as one exec said recently on C-SPAN, predicting that congressional action could dictate its future U.S. layoffs.
TWEET OF THE WEEKEND — Why???
— DOJ thinks highly of the prospects for passing encryption legislation. The Washington Post
— Some at the FBI are uneasy about Attorney General William Barr’s encryption push. The Wall Street Journal
— The current dispute between Apple and the FBI and how much the company needs to help, via The New York Times.
— The U.S. is still too vulnerable to hack-and-leak election security woes, a DOJ official said. CyberScoop
— The FBI warned last month of a big hike in Ryuk attacks on municipalities. Rolling Stone
— “The FBI said in a flash security alert that nation-state actors have breached the networks of a US municipal government and a US financial entity by exploiting a critical vulnerability affecting Pulse Secure VPN servers.” BleepingComputer.com
— DOJ shuttered WeLeakInfo. CyberScoop
— Just a half-million server and router passwords leaked, that’s all. ZDNet
— Citrix released its first patches for a big flaw. BankInfoSecurity
— Hackers are exploiting that Citrix flaw, though, in an unusual way. CyberScoop
— Hackers are also exploiting an Internet Explorer flaw. TechCrunch
— Travelex is still having issues. BBC
— “Can the 5G network be secured against spying?” Financial Times
— Ending privacy as we know it? The New York Times
— Pensacola, Fla., isn’t sure whether personal information was compromised during its recent cyberattack. WEARTV
— “A Georgia man who co-founded a service designed to protect companies from crippling distributed denial-of-service (DDoS) attacks has pleaded to paying a DDoS-for-hire service to launch attacks against others.” Krebs on Security
That’s all for today.
Stay in touch with the whole team: Mike Farrell (firstname.lastname@example.org, @mikebfarrell); Eric Geller (email@example.com, @ericgeller); Mary Lee (firstname.lastname@example.org, @maryjylee) Martin Matishak (email@example.com, @martinmatishak) and Tim Starks (firstname.lastname@example.org, @timstarks).
The post #nationalcybersecuritymonth | DNC server feud resurfaces in impeachment battle appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices. One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans By Ryan Squires Posted December 1, 2019 Setting up LDAP servers is a time-consuming process. There are many aspects of your infrastructure to integrate it with, including systems, applications, and in some cases even networking gear. Of course, making sure your LDAP server is highly available […] View full post on AmIHackerProof.com
Azure® is a cloud infrastructure provider that offers compute, storage, and other infrastructure platforms, such as Office 365. Azure introduced its own identity management solution called Azure Active Directory® (AD), but this doesn’t serve as a solution for bringing the on-prem directory service, Active Directory, to the cloud. Though Azure does not offer its own RADIUS server, RADIUS-as-a-Service solutions make it simple to level up the security of WiFi and VPN networks.
What Does Azure AD Do?
Azure AD incorporates a user management function (like authentication and authorization) for Azure services (like compute, storage, and applications). Azure AD provisions, deprovisions, and modifies user access to Azure-related services such as Windows® servers and Office 365.
It also does web application single sign-on, enabling SSO for Office 365, Salesforce®, Dropbox, and other select applications to be accessed with a singular identity.
What Azure AD doesn’t offer is an integrated, hosted, and managed RADIUS solution, making it difficult to manage access to VPNs and on-prem WiFi and forcing IT admins to leverage other mechanisms to manage user access. Often this means setting up their own RADIUS servers (i.e. FreeRADIUS or Windows NPS) to keep their networks secure.
Azure AD RADIUS Authentication Services
Because Azure AD doesn’t have native RADIUS server functionality, IT admins need to employ different methods for securing their on-prem wireless Internet access.
For instance, admins can host a RADIUS server in Azure, either through an NPS extension or through FreeRADIUS, but this process is time consuming, requiring extensive self-implementation and potentially forcing IT admins to stray away from cloud-based services and applications that shift the heavy lifting of the infrastructure to a third party. Beyond that, admins still have to integrate the RADIUS infrastructure back into whatever core directory service they are using.
Azure AD does offer IT admins the ability to configure Azure MFA servers for RADIUS authentication through an NPS extension, or they can implement their own FreeRADIUS authentication source to be linked back to AD.
However, Microsoft’s solution is limited in that it only supports RADIUS authentication (Read more…)
The post #cybersecurity | #hackerspace |<p> RADIUS Server in Azure – Security Boulevard <p> appeared first on National Cyber Security.
View full post on National Cyber Security
What Does Active Directory’s Server Do? Active Directory® (AD) is a directory service introduced by Microsoft® that runs on a Windows® server to manage user access to networked resources. The server role in Active Directory is run by Active Directory Domain Services (AD DS), and the server running AD DS is called a domain controller. […]
The post Active Directory Without a Server appeared first on JumpCloud.
*** This is a Security Bloggers Network syndicated blog from Blog – JumpCloud authored by Kayla Coco-Stotts. Read the original post at: https://jumpcloud.com/blog/active-directory-without-a-server/
The post #cybersecurity | #hackerspace |<p> Active Directory Without a Server <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Cybercriminals are always upping their game. One of their latest gambits, a sophisticated phishing attack that involved hosting malware on at least one state’s government servers, shows that they may be outpacing the good guys.
The multistage targeted attack, discovered and announced last week by researchers at the Cisco Talos threat intelligence group, began with the bad actors creating a realistic-looking “spoof” email that purported to be from the Securities and Exchange Commission. This spear-phishing email was sent out to a number of government agencies in a highly targeted scheme, which the researchers deduce came from a motivated threat actor or group that continues to operate.
At the government agencies where the phishing emails succeeded, the online criminals were able to surreptitiously plant malicious code on government servers in at least one state, Louisiana, to create a “malware infection chain” likely to dupe other targets. Representatives from the state of Louisiana had no comment for this story.
According to Craig Williams, senior technical leader at Cisco Talos, this attack is similar to previous so-called DNSMessenger attacks, which have become more frequent this year, whereby sophisticated techniques are used to infect legitimate enterprise and government computer systems with viruses, ransomware, Trojans and other types of malware.
“We have threat hunting techniques specifically designed to detect DNSMessenger,” said Williams, describing how he and his team of researchers tracked this exploit and the infected state government server. “Once we examined the malware sample, that led us to the web server.” He added that it appeared only “a single server” was affected.
While the researchers appear to have exposed this attack before it could gain too much traction (and impact more government servers), the growing creativity and sophistication of both the phishing attacks and hackers’ ability to insert malware into a legitimate government enterprise servers underscores how much more crafty and talented cybercriminals are becoming, according to Williams. “By using ‘known good’ servers, attackers are hoping to go unnoticed,” he said. “No one would normally question someone connecting to a state of Louisiana public web server, for example.”
And the government sector is becoming an increasingly attractive target for such attacks. According to the 2017 U.S. State and Federal Government Cybersecurity Report, released in August 2017 by SecurityScorecard, government organizations received the lowest security scores across multiple sectors, including transportation, retail and healthcare. “It’s clear that cybersecurity incidents are not going anywhere and that government will continue to remain a target,” the report concluded. “But with technology propelling forward and hackers as motivated as ever, government agencies are struggling to put up effective cybersecurity defenses, and hackers are taking advantage.”
Williams agreed. “We will likely see the actors behind DNSMessenger continue to use any public server they can compromise,” he said. “It helps the actors hide their infrastructure and go undetected longer.”
The post Attackers #hijack #state agency #server for #malware appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Source: National Cyber Security – Produced By Gregory Evans Jason Needham, 45, of Arlington, Tennessee was sentenced last week to 18 months in prison and two years of supervised release for hacking his former company’s FTP server and the email account of one of his former colleagues. Needham did all the hacking after he left […] View full post on AmIHackerProof.com | Can You Be Hacked?
To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ Source: National Cyber Security – Produced By Gregory Evans With the arrest of two people, Delhi Police have cracked a case wherein computer servers were allegedly hacked during the National Eligibility …
The post NEET: Medical entrance server was hacked, two held, say cops appeared first on Become007.com.
View full post on Become007.com
Forsyth Public Schools were hit with computer malware over the weekend, causing problems for teachers, students, parents and district administrators. The good news, Superintendent Dinny Bennett said, is that whoever did the damage “did not hack our system to take … View full post on National Cyber Security Ventures
Exclusive Global recruitment giant PageGroup says a hacker infiltrated its network and accessed job applicants’ personal information.
The miscreant broke into a development system run by IT outsourcer Capgemini for PageGroup, and was able to look up job hunters’ names,
The post Recruitment giant PageGroup hacked, Capgemini dev server blamed for info leak appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures