Swiss police raid over hack on Bay Area tech company

GENEVA (AP) — Swiss authorities on Monday confirmed a police raid at the home of a Swiss software engineer who took credit for helping to break into a U.S. security-camera company’s online networks, part of what the activist hacker cited as an effort to raise awareness about the dangers of mass surveillance.

The Federal Office of Justice said regional police in central Lucerne, acting on a legal assistance request from U.S. authorities, on Friday carried out a house search involving hacker Tillie Kottmann.

The hacker said online that electronics devices were seized during the raid. The Swiss office declined to specify the location or comment further, deferring all questions to “the relevant U.S. authority.”


The FBI said in a statement Friday it was “aware of the law enforcement activity conducted in Switzerland” but had no further comment.

Kottmann had identified as a member of a group of “hacktivists” who say

Read More

Microsoft Exchange hack, explained

One week ago, Microsoft disclosed that Chinese hackers were gaining access to organizations’ email accounts through vulnerabilities in its Exchange Server email software and issued security patches.

The hack will probably stand out as one of the top cybersecurity events of the year, because Exchange is still widely used around the world. It could lead companies to spend more on security software to prevent future hacks, and to move to cloud-based email instead of running their own email servers in-house.

IT departments are working on applying the patches, but that takes time and the vulnerability is still widespread. On Monday, internet security company Netcraft said it had run an analysis over the weekend and observed over 99,000 servers online running unpatched Outlook Web Access software.

Shares of Microsoft stock have fallen 1.3% since March 1, the day before the company disclosed the issues, while the S&P 500 index is down

Read More

Dozens burned with single hack

BOSTON (AP) — The SolarWinds hacking campaign blamed on Russian spies and the “grave threat” it poses to U.S. national security are widely known. A very different — and no less alarming — coordinated series of intrusions also detected in December has gotten considerably less public attention.

Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used.

The victims include New Zealand’s central bank, Harvard Business School, Australia’s securities regulator, the high-powered U.S. law firm Jones Day — whose clients include former President Donald Trump — the rail freight company CSX and the Kroger supermarket and pharmacy chain. Also hit was Washington state’s auditor’s office, where the personal data of up to 1.3 million people gathered for an investigation into unemployment fraud was potentially exposed.

The two-stage

Read More

Hack of Software Provider Accellion Sets Off Global Ripple Effects

The hack of software provider Accellion USA LLC has renewed security experts’ fears of attacks on suppliers and highlighted the difficulty of defending against them in real time.

A growing list of affected customers have shared timelines of the attack and claims of inadequate software patches that at times contradict the vendor’s account of events. The disclosure this week that victims include Jones Day—a law firm that handles sensitive information for clients—underscores how individuals who don’t interact with Accellion directly nonetheless might be exposed, security experts say.

These moving parts can complicate the response for all victims and start a blame game that could end up in court to determine liability, said Anthony J. Ferrante, global head of cybersecurity at
FTI Consulting
.

“The finger-pointing is just beginning,” said Mr. Ferrante,

Read More