Tag Archive for: western

‘Western Government Operatives’ Behind This Hacking Campaign

/in


Illustration for article titled Turns Out This Sophisticated Hacking Campaign Was Actually the Work of 'Western Government Operatives'

Photo: Damien Meyer/AFP (Getty Images)

A sophisticated hacking campaign that was previously witnessed targeting security flaws in Android, Windows and iOS devices is actually the work of “Western government operatives” conducting a “counterterrorism operation,” according to a new report from MIT Technology Review.

The campaign in question, which has garnered more and more attention from media outlets over the last few weeks, was first written about in January by Google’s threat research team Project Zero. At the time, all that was publicly known was that someone had been up to some very tricky business: a “highly sophisticated” group, likely staffed by “teams of experts,” was responsible for targeting numerous zero-day vulnerabilities (the grand total would later turn out to be 11) in various prominent operating systems, researchers wrote.

This hacking campaign, which ended up going on for about nine months, used the so-called “watering hole” method—in which a threat actor injects malicious code into a website to effectively “booby trap” it (visitors to the site will subsequently become infected with malware, which allows the hacker to target and escalate compromise of specific targets).

From all of these descriptors, signs naturally pointed to the involvement of some sort of high-level nation-state hackers—though few would’ve guessed that the culprits were, in fact, our friends! Nevertheless, that would appear to be the case. It is unclear what government is actually responsible for the attacks, who its targets were, or what the so-called “counterterrorism” operation related to all of this entailed. MIT has not divulged how they came into this information.

One thing is certain: Google’s discovery and subsequent public disclosure of the exploits (as well as the company’s decision to patch the vulnerabilities) has apparently derailed whatever government operation was occurring. MIT writes that, by going public, the tech company effectively shut down a “live counterterrorism” cyber mission, also adding that it “is not clear whether Google gave advance notice to government officials that they would be publicizing and shutting down”…

Source…

SolarWinds hack sets experts scrambling | Western Advocate

/in


news, world

Suspected Russian hackers who broke into US government agencies also spied on less high-profile organisations, including groups in Britain, a US internet provider and a county government in Arizona, according to web records and a security source. More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage. US Secretary of State Mike Pompeo told a radio show the intrusion appeared to come from Russia. “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” he told the Mark Levin show. Networking gear maker Cisco Systems said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company’s ongoing probe said fewer than 50 were compromised. In Britain, a small number of organisations were compromised and not in the public sector, a security source said. Shares in cyber security companies FireEye, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology. Reuters identified Cox Communications and Pima County, Arizona, government as victims of the intrusion. The hack hijacked ubiquitous network management software made by SolarWinds Corp. The breaches of US government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy. In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said. Trump has not said anything publicly about the intrusion. He was being briefed “as needed”, White House spokesman Brian Morgenstern told reporters. National security adviser Robert O’Brien was leading interagency meetings daily, if not more often, he said. No determinations have been made on how to respond or who was responsible, a senior US official said. SolarWinds, which disclosed its unwitting role at the centre of the global hack…

Source…

Western Digital adds “Red Plus” branding for non-SMR hard drives

/in
wd red family

Enlarge / The newer SMR-equipped small drives remain “Red”—while the CMR models will all become “Red Plus.” (credit: Western Digital)

Update 5:08pm ET: Pricing
Ars asked a senior Western Digital executive about pricing on the new Red and Red Plus lines. The initial answer given was “in general, we expect WD Red drives will be priced below WD Red Plus drives.” When asked to comment on how prices of the existing EFRX and EFAX models will shift in order to make Red less expensive than Red Plus, the only response was “I can only comment on the [preceding] at this time,” followed by “WD Red Plus will be available in August time period.”

Original story 7:34am ET
Last night, a Western Digital executive reached out to Ars to let us know of a blog post concerning their controversial Red drives.

The company is taking a new branding initiative to clarify the technology used in its NAS drives—in the near future, “WD Red” will exclusively mean disks using Shingled Magnetic Recording technology, and “WD Red Plus” will mean disks using Conventional Magnetic Recording.

Read 15 remaining paragraphs | Comments

Biz & IT – Ars Technica

NY AG settles mobile security case against Western Union, Priceline, Equifax, others – ATM Marketplace

/in

NY AG settles mobile security case against Western Union, Priceline, Equifax, others  ATM Marketplace

The New York State Attorney General’s office has reached a settlement with Western Union, Equifax, Priceline, Spark Networks and Credit Sesame Inc. over …

“mobile security news” – read more