Tag Archive for: names

Suffolk documents posted by hackers include traffic tickets with defendants’ names, and county contracts

/in


Documents published by a group taking responsibility for the ransomware attack on Suffolk County government include speeding tickets, contracts with county vendors, and a handwritten marriage license from 1908, according to a Newsday review of the materials.

Such documents, which in some cases show the names, addresses and dates of birth of county residents, could contain increasingly sensitive information as hackers press their demands, one cybersecurity expert said.

Steve Morgan, founder of Cybersecurity Ventures in Northport, which provides data and research to the information technology industry, said ransomware hackers sometimes will start by leaking less sensitive data in what they consider to be a show of good faith to open ransom negotiations.

“They’re putting data out to try to provide evidence that we have your data, and we’re willing to put your data out, but without putting out anything that would be too compromising to scare the county,” Morgan told Newsday Monday.

Morgan said hackers could continue to leak increasingly sensitive information to ramp up pressure on the county.

“The worst of what they have is the last that would get published,” Morgan said.

Suffolk County took down its web-based applications and websites on Sept. 8 following a cyberattack on county computer systems.

On Friday, Suffolk County Executive Steve Bellone announced cybercriminals had taken credit for a hack on county government.

Bellone said county officials were working to protect sensitive information.

County officials referred to postings on the “dark web” — an anonymized portion of the internet where criminal activity can occur — attributing the attack to the BlackCat or ALPHV strain of ransomware.

County officials have not said whether hackers have made a ransom demand, and have offered no timeline for when county operations could be back online.

An updated posting Monday said the hackers were seeking an unspecified “small reward.”

County officials did not respond immediately for comment last night.

Earlier Monday, Marykate Guilfoyle, a spokeswoman for Bellone, said county officials were continuing to assess the attack.

In their post on the dark…

Source…

CYBER SKILLS, CREATIVITY ON DISPLAY AS SANS INSTITUTE NAMES THE WINNERS OF ITS ANNUAL HOLIDAY HACK CHALLENGE

/in


Press release content from PR Newswire. The AP news staff was not involved in its creation.

Click to copy

BETHESDA, Md., Feb. 9, 2022 /PRNewswire/ — SANS Institute (SANS) today announced the winners of the SANS 2021 Holiday Hack Challenge as part of its closing ceremonies, delivered via webcast. In addition to the winners’ announcement, the virtual event featured a behind-the-scenes look at this year’s challenge as well as a peek into next year’s challenge, already in development.

The annual SANS Holiday Hack Challenge is a free, online cybersecurity game in which players of all skill levels and ages from across the globe tackle hands-on cyber challenges. The 2021 challenge was held from December 2021 through January 2022.

As announced today, the winners are:

  • Grand Prize Winner: Thomas Bouve
    (who in 2020 won Best Technical Answer)
  • Most Creative Answer: Jai Minton
    (who created a 3D video game based on the Holiday Hack Challenge itself)
  • Runner-Up Most Creative Answer: Joel Tan
  • Best Technical Answer: David Forsythe
  • Runner-Up Best Technical Answer: Roger Johnsen

The Holiday Hack Challenge is SANS’ gift to the community, and prizes awarded at the end of the competition to the winners included cybersecurity goodies such as four-month subscriptions to the NetWars Continuous 2 cyber range, and a SANS online training course, which was awarded to the Grand Prize Winner, Thomas Bouve.

More than 15,000 players took part in the most festive cyber security challenge and virtual conference of the year. All ages and skill levels were eligible to play in this series of high-quality cybersecurity challenges, ranging from beginner to serious expert, from elementary students to cybersecurity professionals. The whimsical and spirited challenges were all designed to be a playful way to help players build critical cyber security skills to make the world a safer, more secure place. To help players develop Log4j analysis skills, the critical vulnerability that surfaced in December, the Holiday Hack Challenge included two bonus challenges: one red, one blue.

“The annual SANS Holiday Hack Challenge…

Source…

Minecraft Modpacks Carrying Malware Returned to the Play Store Under New Names| TechNadu

/in


  • The authors of adware-ridden Minecraft modpack apps have found a way into the Play Store again.
  • The apps now use an extra module that adds more functions like opening app pages or YouTube videos.
  • Keeping malware outside the Play Store is practically impossible, so users are advised to pick their apps carefully.

Back in November 2020, Kaspersky discovered several fake Minecraft “modpack” apps on the Play Store, which had the sole purpose of infecting unsuspecting users with adware. After the apps were reported to Google and quickly removed, their authors had to return to the drawing board, and according to Kaspersky’s latest report, they did. The malware-ridden apps have returned on the Google Play Store, albeit under new names and themes, and also with some additional hiding tricks under their sleeve.

More specifically, Kaspersky decided to look at the currently available Minecraft modpack apps again and was not surprised to find that many of them were again adware. The addition this time comes in the form of an extra module fetched by the apps after installation, enabling them to carry out more functions. These include hiding their icons, run the browser, play YouTube videos, open Google Play app pages, and more.

Of course, the apps download this module after their installation to evade review-stage rejections and also to secure the granting of risky permissions from the user. As such, this is yet another reminder to pay attention to what is requested from you on the permissions prompt and not just approve anything that is thrown at you.

Source: Kaspersky

In addition to the Minecraft mods, which appears to be a pretty risky category, Kaspersky mentions an app named “File Recovery – Recover Deleted Files” v1.1.0, which carries the same adware. The app has been available on the Play Store until late February 2021, so there’s a good chance that a significant number of Android devices still have it. After its removal at that point, the developers uploaded a clean version, number 1.1.1, which isn’t dangerous to use.

More recent examples come in the form of fake Madgicx and fake TikTok ad-management apps, which are basically just phishing Facebook accounts…

Source…

Biden Names Chris Inglis to Be First National Cyber Director

/in


His former colleagues at the National Security Agency credit Mr. Inglis with leading the agency through one of the darkest periods in its history, after leaks from Edward J. Snowden, a former contractor who stole tens of thousands of classified documents and shared them with journalists.

His arrival in the Biden administration comes as the United States is contemplating responses to the Russian SolarWinds operation, in which hackers got into network management software used by most of America’s largest companies and many government agencies, and what appears to be a Chinese exploitation of Microsoft servers.

The administration’s response to those attacks is likely to come before Mr. Inglis is confirmed, which will likely take months. Jake Sullivan, the national security adviser, has promised a series of “seen and unseen” responses to the SolarWinds attack. Officials have said a public response is coming, but no announcements are expected this week.

Some in the Biden administration had worried about creating competing power centers by appointing a national cyber director. But officials said their concerns had been resolved by tapping Mr. Inglis, someone who has strong ties on Capitol Hill and has worked closely with Anne Neuberger, the deputy national security adviser at the White House for cyber issues.

Mr. Inglis, Ms. Neuberger and Ms. Easterly have all worked closely together in the past. While some critics of the National Security Agency have questioned the fact that all three spent significant portions of their careers at the agency, others described the experience as an asset.

“I can’t think of anyone who has more unique insight into the history, creation and congressional intent behind this position,” said Frank J. Cilluffo, the director for Auburn University’s McCrary Institute for Cyber and Critical Infrastructure Security, who served on the commission with Mr. Inglis. “He knows what it will take to fulfill the mission and to succeed.”

Colleagues describe Ms. Easterly, a graduate of the United States Military Academy at West Point who holds a master’s degree in philosophy, politics and economics from the University…

Source…