Tag Archive for: hunters

Hunting the hunters: How Russian hackers targeted US cyber first responders in SolarWinds breach

/in


Over the course of a few months, as US officials remained unaware of the breach, hackers identified a handful of key cyber security officials and analysts who would be among the first to respond once the hack was detected, so-called ‘threat hunters,’ and attempted to access their email accounts, according to two sources familiar with the matter.

While it is unclear if any of those accounts were compromised, sources say the fact that the hackers knew which working-level cybersecurity analysts at the Department of Homeland Security to go after suggests they were able to develop a much deeper understanding of US cyberdefenses than was previously known.

“It appears as if the Russian SolarWinds hackers possess granular information on personnel and who among them is likely to be involved in investigating the SolarWinds hack,” said Cedric Leighton, a former NSA official and CNN military analyst. “This could mean that networks have been penetrated to a degree we’ve not known before. If that’s true, we need a complete housecleaning of all our defensive cyberoperations.”

The assessment that hackers deliberately targeted DHS threat hunters, which has not been previously reported, underscores how the SolarWinds attack was among the most sophisticated cyberoperations ever conducted against the US, according to current and former officials.

By keeping tabs on these cyber first responders, sources and experts tell CNN the hackers could have been able to monitor in real-time as US officials began to discover the attack, allowing them to tailor their actions accordingly and remain hidden for as long as possible.

Biden says Putin 'will pay a price' for Russian efforts to undermine the 2020 US election

“What this does is it shows a level of sophistication in terms of targeting those who are working actively to prevent the attacks from either occurring or expanding. And so that is different than what you’re seeing in past cyberattacks,” former acting DHS acting undersecretary Chris Cummiskey told CNN.

“The level of sophistication is problematic because they’re actually going after people that they see as more valuable, so it shows a sense of prioritization,” he added.

While emails belonging to the senior-most cyber officials, including Chris Krebs, the former director of the Cybersecurity…

Source…

Bug hunters fail third year in a row to get top prize in Android hacking program

/in

  1. Bug hunters fail third year in a row to get top prize in Android hacking program  ZDNet

  2. Here’s a list of Android devices with security updates from the last 90 days (Ouch HTC)  Android Authority (blog)
  3. Android bug bounty tops $ 3m in third year, but pay flattens out  CSO Australia

    4. Full coverage

android security news – read more

Zero-Day Hunters Offer $500K For iOS Bugs – PC Magazine

/in

PC Magazine

Zero-Day Hunters Offer $ 500K For iOS Bugs
PC Magazine
Cybersecurity researchers are invited to participate in the new Research Sponsorship Program (RSP), which awards bounties for both zero-day flaws and exploits against patched (n-day) vulnerabilities. Currently, iOS 9.3+ flaws are going for a max of …
Zero-Day Hunters Will Pay Over Twice as Much as Apple's New Bug Bounty ProgrammeMotherboard
Exploit broker steals Apple thunder, offers $ 500,000 for iOS zero …ZDNet
Exodus Intelligence Offers Hackers Up to $ 500000 for iOS Zero Day VulnerabilityiClarified
The TechNews –O’Grady’s Power Page (blog) –Quartz
all 33 news articles »

“zero day” – read more