Hackers Target Journalists, Tribal Members and Use Forged Cookies

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

State-Sponsored Hackers Target Journalists, Google Warns

“Warning: Google may have detected government-backed attackers trying to steal your password,” reads a red banner greeting some journalists as they log into Gmail.

Google has used the banner since 2012 and it displays when it detects that attempts have been made to compromise an account within the last month. Politico reported several prominent journalists—including some at New York Magazine, The Atlantic, Vox and The New York Times—received the warning recently.

It’s not the first time: Several journalists and professors in November shared on social media that they had been getting notices from Google. Leading up to the U.S. presidential election, think tanks focused on Russia were also targeted, according to security firm CrowdStrike.

The actors behind the attacks may be attempting to find embarrassing emails or uncover confidential information or government sources.

The banner directs users to a page where the company offers tips for securing accounts, including enabling two-factor authentication, using a Google Authenticator, or using a physical security key.

Bureau of Indian Affairs Warns 20,000 Tribal Members of Possible Data Breach

The Bureau of Indian Affairs recently notified more than 20,000 members of Montana’s Crow and Northern Cheyenne Tribes their personal information may have been compromised.

Tribal members’ unencrypted names, addresses, birthdates and tribal enrollment information were on an external hard drive stolen from a bureau vehicle last month, a bureau spokeswoman confirmed to NBC KULR-8.

In a letter to tribal members, BIA Director Walter Loudermilk wrote he was confident the hard drive wasn’t accessed. The Big Horn County sheriff’s office will investigate the incident.

Yahoo Issues Fresh Warning About Forged Cookie Breach

Some Yahoo users recently received alerts that intruders may have accessed their accounts last year using forged cookies.

A forged cookie can grant access to account information without needing passwords. The tech company previously disclosed the scheme—and blamed unnamed state-sponsored actors—in late 2016, but sent alerts to users Wednesday, The Guardian reported. Yahoo didn’t say how many users were affected.

Despite disclosing multiple security breaches, including a 2013 breach that affected 1 billion users, Yahoo is still in the middle of selling its core business to Verizon. Recode reported Verizon may knock up to $350 million off the original $4.8 billion deal and shift liability for undiscovered breaches to what’s left of Yahoo.