Categories
The Verge

Google says Chinese hackers who targeted Biden campaign are faking McAfee software

Google said in a new blog post that hackers linked to the Chinese government have been impersonating antivirus software McAfee to try to infect victims’ machines with malware. And, Google says, the hackers appear to be the same group that unsuccessfully targeted the presidential campaign of former Vice President Joe Biden with a phishing attack earlier this year. A similar group of hackers based in Iran had tried to target President Trump’s campaign, but also was unsuccessful. The group, which Google refers to as APT 31 (short for Advanced Persistent Threat), would email links to users which would download malware hosted on GitHub, allowing the attacker to upload and download files and execute commands. Since the group used services like GitHub and Dropbox to carry out the attacks, it made it more difficult to track them. “Every malicious piece of this attack was hosted on legitimate services, making it harder for defenders to rely on network signals for detection,” the head of Google’s Threat Analysis Group Shane Huntley wrote in the blog post. Google In the McAfee impersonation scam, the recipient of the email would be prompted to install a legitimate version of McAfee software from GitHub, while at the same time malware was installed without the user being aware. Huntley noted that whenever Google detects that a user has been the victim of a government-backed attack, it sends them a warning. The blog post doesn’t mention who was affected by APT-31’s latest attacks, but said there had been “increased…Continue readingGoogle says Chinese hackers who targeted Biden campaign are faking McAfee software

Categories
TechCrunch

Tesla targeted in ransomware attack – TechCrunch

The Justice Department reveals a thwarted malware attack on Tesla, Facebook tests linking your news subscriptions to your social network account and Xiaomi has plans for under-screen cameras. This is your Daily Crunch for August 28, 2020. The big story: Tesla targeted in ransomware attack The Justice Department released a complaint Thursday describing a thwarted malware attack against an unidentified company in Sparks, Nevada, where Tesla has a factory. And Elon Musk confirmed in a tweet that Tesla was the target: “This was a serious attack.” In the complaint, the Justice Department alleged that Russian national Egor Igorevich Kriuchkov attempted to recruit and bribe a Tesla employee to introduce malware in the company’s network — specifically ransomware, which encrypts a victim’s files and, in this case, would also have exfiltrated the data to the hacker’s servers. The tech giants Facebook tests linking your FB account to your news subscriptions — Once you’re linked, if you encounter a paywalled article on Facebook, you’ll be able to read it without hitting the paywall or having to log in again. Xiaomi plans to bring under-screen cameras to its smartphones next year — The company says it’s been able to effectively double the pixel density of competing technology, letting light through to the camera without sacrificing the uniformity of the screen. Startups, funding and venture capital Railsbank is buying Wirecard Card Solutions, the UK arm of the disgraced fintech — Wirecard collapsed into insolvency earlier this year after facing a huge accounting scandal and…Continue readingTesla targeted in ransomware attack – TechCrunch

Categories
TechCrunch

EU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints – TechCrunch

A month after Europe’s top court struck down a flagship data transfer arrangement between the EU and the US as unsafe, European privacy campaign group, noyb, has filed complaints against 101 websites with regional operators which it’s identified as still sending data to the US via Google Analytics and/or Facebook Connect integrations. Among the entities listed in its complaint are ecommerce companies, publishers & broadcasters, telcos & ISPs, banks and universities — including Airbnb Ireland, Allied Irish Banks, Danske Bank, Fastweb, MTV Internet, Sky Deutschland, Takeaway.com and Tele2, to name a few. “A quick analysis of the HTML source code of major EU webpages shows that many companies still use Google Analytics or Facebook Connect one month after a major judgment by the Court of Justice of the European Union (CJEU) — despite both companies clearly falling under US surveillance laws, such as FISA 702,” the campaign group writes on its website. “Neither Facebook nor Google seem to have a legal basis for the data transfers. Google still claims to rely on the ‘Privacy Shield’ a month after it was invalidated, while Facebook continues to use the ‘SCCs’ [Standard Contractual Clauses], despite the Court finding that US surveillance laws violate the essence of EU fundamental rights.” We’ve reached out to Facebook and Google with questions about their legal bases for such transfers — and will update this report with any response. Privacy watchers will know that noyb’s founder, Max Schrems, was responsible for the original legal challenge that took down…Continue readingEU websites’ use of Google Analytics and Facebook Connect targeted by post-Schrems II privacy complaints – TechCrunch

Categories
TechCrunch

US charges two Chinese spies for a global hacking campaign that targeted COVID-19 research – TechCrunch

U.S. prosecutors have charged two Chinese nationals, said to be working for China’s state intelligence bureau, for their alleged involvement in a massive global hacking operation that targeted hundreds of companies and governments for more than a decade. The 11-count indictment, unsealed Tuesday, alleges Li Xiaoyu, 34, and Dong Jiazhi, 33, stole terabytes of data from high-technology companies, around the world — including the United States, the prosecutors said. More recently, the prosecutors accused the hackers of targeting the networks of over a dozen U.S. companies in Maryland, Massachusetts and California developing vaccines and treatments for COVID-19. The indictment comes just weeks after both the FBI and Homeland Security warned that China was actively trying to steal U.S. research data related to the coronavirus pandemic. The FBI’s ‘wanted’ poster for Li Xiaoyu and Dong Jiazhi. (Image: FBI) The hackers were first discovered after they targeted a U.S. Department of Energy network in Hanford, Washington, the Justice Department said. The hackers also targeted companies in Australia, South Korea, and several European nations. The hackers used known but unpatched vulnerabilities in widely-used web server software to break into their victims’ networks. By gaining a foothold onto the network, the hackers installed password-stealing software to gain deeper access to their systems. The prosecutors said that the hackers would “frequently” return to the networks — in some cases years later. According to the indictment, the hackers stole “hundreds of millions of dollars” worth of trade secrets and intellectual property. The prosecutors also allege that…Continue readingUS charges two Chinese spies for a global hacking campaign that targeted COVID-19 research – TechCrunch

Categories
VentureBeat

Twitter confirms that 130 accounts were targeted in high-profile hack

Find all the Transform 2020 sessions on-demand.  (Reuters) – Twitter said late on Thursday that hackers targeted about 130 accounts during the cyber attack this week, an incident in which profiles of many prominent personalities and organizations were compromised. Hackers had accessed Twitter’s internal systems to hijack some of the platform’s top voices including U.S. presidential candidate Joe Biden, reality TV star Kim Kardashian, former U.S. President Barack Obama and billionaire Elon Musk and used them to solicit digital currency. In its latest statement, Twitter said that the hackers were able to gain control to a “small subset” of the targeted accounts, and send tweets from them. The company added that it was continuing to assess whether the attackers were able to access private data of the targeted accounts. The high-profile accounts that were hacked also included rapper Kanye West, Amazon.com Inc founder Jeff Bezos, investor Warren Buffett, Microsoft cofounder Bill Gates, and the corporate accounts for Uber and Apple. Twitter reiterated that it was working with impacted account owners. The FBI’s San Francisco division is leading an inquiry into the hacking, with many Washington lawmakers also calling for an accounting of how it happened. The law enforcement agency said that cyber attackers committed cryptocurrency fraud in the incident. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency. “We’re still in the process of assessing longer-term steps that we may take and will share more details as soon as we can,” Twitter added in its statement.…Continue readingTwitter confirms that 130 accounts were targeted in high-profile hack

Categories
Engadget

Twitter says attackers targeted 130 accounts in Wednesday’s breach

Details continue to slowly come out from Twitter around the troubling attack on Wednesday that allowed hackers to tweet a Bitcoin spam message from high profile accounts. Tonight, the company revealed that based on its investigation so far, “we believe approximately 130 accounts were targeted by the attackers in some way as part of the incident. For a small subset of these accounts, the attackers were able to gain control of the accounts and then send Tweets from those accounts.” A major question throughout has been whether hackers had access to DMs for accounts we know they compromised (Elon Musk, Bill Gates, Warren Buffett, Barack Obama, Joe Biden and others), or for ones that we don’t know about. Reports suggest whoever had access to its internal tools was prepared to use them days before the attacks started, and that they’d used them to take over other accounts before the spam messages popped up. Source linkContinue readingTwitter says attackers targeted 130 accounts in Wednesday’s breach

Categories
Tech Radar

Microsoft Office 365 users targeted in SurveyMonkey phishing

Online polling service SurveyMonkey was used as a disguise for a potentially damaging phishing attack that targeted Microsoft Office 365 users. Researchers at Abnormal Security recently uncovered attempts to steal Office 365 user credentials using SurveyMonkey as cover.  In the campaign, the victim receives an email from a genuine SurveyMonkey site, stating it is conducting a survey among company employees. However the message contains a hidden redirect link, appearing as the text “Navigate to access statement” with the brief message “Please do not forward this email as its survey link is unique to you”. SurveyMonkey phishing However when clicked on, this link instead redirects the victim away from SurveyMonkey to a Microsoft form submission page, which tells the user to submit their Office 365 email and password to proceed. However doing so allows the criminals to steal the unsuspecting user’s Microsoft account security credentials. Abnormal Security notes that this attack may be particularly effective due to its use of a real SurveyMonkey link to hide the nefarious goals within. The email messages carrying the phishing link also use official SurveyMonkey phrases and content, tricking users into believing the message is genuine. Since the phishing URL isn’t visible within the body text, it’s also easy for victims to be tricked and miss this at first glance.  “Phishing is one of the most successful and long-standing cybercriminal tactics, and the constant evolution in the methodology as seen in these attacks goes some of the way to understanding why,” noted Niamh Muldoon, senior…Continue readingMicrosoft Office 365 users targeted in SurveyMonkey phishing

Categories
Wired

Microsoft Halts a Global Fraud Campaign That Targeted CEOs

Microsoft has neutered a large-scale fraud campaign that used knock-off domains and malicious apps to scam customers in 62 countries around the world. ARS TECHNICA This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more. Ars is owned by WIRED’s parent company, Condé Nast. The software maker and cloud-service provider last week obtained a court order that allowed it to seize six domains, five of which contained the word “office.” The company said attackers used them in a sophisticated campaign designed to trick CEOs and other high-ranking business leaders into wiring large sums of money to attackers rather than trusted parties. An earlier so-called BEC, or business email compromise, that the same group of attackers carried out in December used phishing attacks to obtain unauthorized access. The emails used generic business themes such as quarterly earnings reports. Microsoft used technical means to shut it down. The attackers returned with a new BEC that took a different tack: instead of tricking targets into logging in to lookalike sites, and consequently divulging the passwords, the scam used emails that instructed the recipient to give what was purported to be a Microsoft app access to an Office 365 account. The latest scam used the Covid-19 pandemic as a lure. “This scheme enabled unauthorized access without explicitly requiring the victims to directly give up their login credentials at a fake website or similar interface, as they would in a more traditional phishing campaign,” Tom Burt,…Continue readingMicrosoft Halts a Global Fraud Campaign That Targeted CEOs

Categories
The Next Web

Digital media giant J2 Global ‘targeted’ by notorious New York short sellers

J2 Global, parent company of popular tech sites PCMag and Mashable, is now the subject of multiple legal investigations following a tit-for-tat exchange with crew of short sellers that temporarily crashed its stock price. On June 30, short selling outfit Hindenburg Research published a report that alleged J2’s “opaque approach” to acquiring companies “opened the door to egregious insider self-enrichment.” The New York-based Hindenburg calculated J2 has acquired 186 businesses in its 25-year history, but its report drew particular attention to one deal: an undisclosed $900,000 paid to a J2 exec for an entity that had no employees or apparent assets. [Read: Watch Tesla’s meteoric rise — set to techno-remixed Elon Musk tweets] Hindenburg also claimed J2 recently committed $200 million in shareholder cash to a “newly-formed investment vehicle” operated by supposed company chairman Jeroen van der Weijden. That investment vehicle’s first alleged move was $12 million to a supposedly dormant home video business established by van der Weijden’s nephew, sans the required conflict of interest disclosure. In total, Hindenburg says this and other acts like it have generated anywhere from $98 million to $128 million for J2 insiders. The company’s stock has fallen more than 10% since the report surfaced. J2 Global says its under attack by a ‘short and distort’ outfit J2 Global refuted Hindenburg’s report in full with a fiery press release published around a week later. “Attacks from ‘short and distort’ outfits like Hindenburg ordinarily would not be dignified with a response,” said the company. “However, the attempted impugning of J2’s…Continue readingDigital media giant J2 Global ‘targeted’ by notorious New York short sellers