Chris Bing – Page 19 – WindowsTechs.com

Eugene Kaspersky speaks out, defends company over espionage allegations

Posted on September 13, 2017 by Chris Bing

Just twenty four hours before the Department of Homeland Security banned the use of Kaspersky Lab products in the federal government, company founder Eugene Kaspersky gave his first public remarks to claims made by U.S. officials that Kaspersky acts as an intelligence gathering tool for the Kremlin. Kaspersky was speaking at security conference in Sao Paulo, Brazil Tuesday when a U.S. security researcher asked him about recent press reports that alleged the company represented a looming privacy and security concern for private sector companies and government agencies. Watch Eugene’s response here, which was provided to CyberScoop and posted publicly by an attendee of the Brazil-based conference: Here’s a full transcript of the exchange: Q: I’m from the United States, and the question that is, of course, being asked there is whether your product is being used by Russian politic services. Can you address that? Eugene Kaspersky: Yes, there are […]

The post Eugene Kaspersky speaks out, defends company over espionage allegations appeared first on Cyberscoop.

Continue reading Eugene Kaspersky speaks out, defends company over espionage allegations→

U.S. officials looking at Apache vulnerability as cause for Equifax breach

Posted on September 13, 2017 by Chris Bing

It’s likely that whomever was responsible for the giant data breach at credit reporting giant Equifax likely targeted an old version of the Apache Struts framework, according to a senior government official who spoke on condition of anonymity to discuss an ongoing investigation. The attackers, the official said, appear to have relied on a known vulnerability in the open-source web application that was disclosed in March 2017. The vulnerability is different from that one that was widely reported on last week. The official’s comments to CyberScoop are the first from a government source regarding the cause behind one of the largest data breaches in history, which was publicly announced last week. The official cautioned that while the Struts vulnerability is currently considered the mostly likely avenue, an investigation is ongoing and still developing. The FBI is currently working with Equifax in order to fully investigate the cause of the breach […]

The post U.S. officials looking at Apache vulnerability as cause for Equifax breach appeared first on Cyberscoop.

Continue reading U.S. officials looking at Apache vulnerability as cause for Equifax breach→

U.S. official: American companies avoided government help when WannaCry, NotPetya hit

Posted on September 13, 2017 by Chris Bing

A top Department of Homeland Security official says the U.S. government was unable to fully measure the scale and impact of two recent ransomware outbreaks, dubbed WannaCry and NotPetya, due to a lack of private sector engagement. Christopher Krebs, acting undersecretary for the National Protection and Programs Directorate, told an audience of cybersecurity professionals Wednesday that the biggest issue with both incidents came from an absence of reports from businesses who were affected. While experts say that WannaCry and NotPetya disrupted business operations at American companies, it’s not clear how many enterprises were damaged or to what degree. The government wanted to collect more information from affected companies in order to better assess the initial infection vector, track the spread of the virus and develop ways to deter similar future attacks. Collecting data from victim organizations was important in the WannaCry and NotPetya incidents, a senior U.S. official who spoke […]

The post U.S. official: American companies avoided government help when WannaCry, NotPetya hit appeared first on Cyberscoop.

Continue reading U.S. official: American companies avoided government help when WannaCry, NotPetya hit→

In the face of government pressure, Kaspersky pledges to open new U.S. offices

Posted on September 12, 2017 by Chris Bing

Moscow-based cybersecurity firm Kaspersky Lab announced plans Tuesday to open three new offices in the U.S. next year in order to expand business with American companies. The move comes as U.S. law enforcement and intelligence officials continue to discourage private businesses from relying on Kaspersky products to stop hackers due to reported security and privacy concerns. Chief executive Eugene Kaspersky confirmed the decision on social media after Reuters reported Tuesday morning that the anti-virus maker had plans to potentially close its Washington, D.C.-area office and instead open several other locations across the U.S. The D.C.-area office — in Arlington, Virginia — had been previously focused on serving U.S. government clients. In a Twitter post, Kaspersky said the company had already secured leases for offices in Los Angeles, Chicago and Toronto. Hi Chris, locations secured – Chicago, LA, Toronto — Eugene Kaspersky (@e_kaspersky) September 12, 2017 A statement provided to CyberScoop […]

The post In the face of government pressure, Kaspersky pledges to open new U.S. offices appeared first on Cyberscoop.

Continue reading In the face of government pressure, Kaspersky pledges to open new U.S. offices→

New Microsoft Word zero day used in Russian-language spyware campaign, analysts say

Posted on September 12, 2017 by Chris Bing

A well-funded spy group appears to have recently acquired a highly sophisticated zero day vulnerability and used it to deploy a remote access trojan against a Russian-speaking “entity,” according to evidence discovered by U.S. cybersecurity firm FireEye. Researchers with FireEye found the disruptive software vulnerability, which affects recent versions of Microsoft Word, in July. The trojan, known as FinSpy, is made by infamous surveillance technology firm FinFisher, a blog post by FireEye says. The Word flaw remained unpatched until Tuesday afternoon, when Microsoft issued its monthly security update. This vulnerability, labeled CVE-2017-8759, was used as recently as late August to hack into systems, FireEye analyst Ben Read told CyberScoop. Analysts originally uncovered CVE-2017-8759 while examining a highly targeted phishing email that was written in Russian. The email contained an attachment that when opened exploited a software flaw in the word processor to remotely download FinSpy from a computer server controlled by the attacker. […]

The post New Microsoft Word zero day used in Russian-language spyware campaign, analysts say appeared first on Cyberscoop.

Continue reading New Microsoft Word zero day used in Russian-language spyware campaign, analysts say→

Capitol Hill comes for Equifax, demanding answers for massive breach

Posted on September 12, 2017 by Chris Bing

U.S. lawmakers are demanding answers from consumer credit reporting firm Equifax after the company publicly disclosed a data breach last week where the sensitive personal information, including social security numbers, of upwards of 143 million Americans was stolen. Sens. Orrin Hatch, R-Utah, and Ron Wyden, D-Ore., called Monday upon Equifax to publicly determine when the company originally contacted law enforcement in relation to the breach, Reuters first reported. The two lawmakers, who are the leaders of the Senate Finance Committee, sent a letter to Equifax CEO Rick Smith requesting additional information about the incident, including details about a trio of Equifax executives who sold company stock before the original breach announcement was made on Thursday. The letter is the latest in a series of strong public statements made by lawmakers calling for greater transparency from Equifax as it handles what some cybersecurity experts are already calling “one of the largest data […]

The post Capitol Hill comes for Equifax, demanding answers for massive breach appeared first on Cyberscoop.

Continue reading Capitol Hill comes for Equifax, demanding answers for massive breach→

Amid U.S. effort to exclude Kaspersky, Putin backs plan to force out foreign software

Posted on September 11, 2017 by Chris Bing

Russian President Vladimir Putin voiced his support last Friday for a plan to compel Russian companies to purchase and deploy software that is created only by Russian technology firms rather than foreign competitors. The move comes as the FBI is privately counseling U.S. businesses to uninstall products that are created and sold by Moscow-based cybersecurity giant Kaspersky Lab due to reported privacy and security concerns. Although Kaspersky’s anti-virus software is not widely used in federal agencies, some companies continue to rely on it for protection against hackers. The FBI has yet to publicly provide evidence to support the accusation that Kaspersky acts as an extension of Russian intelligence services. Putin told Russian news agency Interfax that Russian companies looking to secure government contracts should comply with the regulatory directive — which by nature, appears to reward organizations that invest in domestic alternatives if and when they exist. “In terms of security, there are things that […]

The post Amid U.S. effort to exclude Kaspersky, Putin backs plan to force out foreign software appeared first on Cyberscoop.

Continue reading Amid U.S. effort to exclude Kaspersky, Putin backs plan to force out foreign software→

Former officials buck White House adviser’s comments about government hacking

Posted on September 8, 2017 by Chris Bing

A top White House official says the U.S. government cannot rely on offensive cyber operations to deter foreign hackers from attacking American computer networks. Thomas Bossert, an assistant to the president for homeland security and counterterrorism, told an audience of former intelligence and defense officials Wednesday in Washington, D.C., that hacking into foreign computer networks should not be considered a means to deterring enemies from breaching American organizations. “There’s very little reason to believe that an offensive cyberattack is going to have any deterrent effect on a cyber adversary,” Bossert said. “In fact, it will likely encourage them to hurry up and become better hackers and develop better defenses. So I don’t just think this is a misnomer, but it’s something that we need to move past and say out loud.” Bossert suggested the U.S. government should instead leverage “national power” to stop future cyberattacks. “I think what we will […]

The post Former officials buck White House adviser’s comments about government hacking appeared first on Cyberscoop.

Continue reading Former officials buck White House adviser’s comments about government hacking→

Trump adviser proposes broader cybersecurity oversight for private-sector critical infrastructure

Posted on September 6, 2017 by Chris Bing

A top White House official says the U.S. government may have a more extensive role to play in defending computer networks associated with American critical infrastructure, even though most are owned and operated by the private sector. Thomas Bossert, assistant to the president for homeland security and counterterrorism, told an audience of former intelligence and defense officials Wednesday in Washington, D.C., that there are certain narrowly defined cases where the Defense Department could be more closely connected to companies and organizations that handle what the Department of Homeland Security labels as critical infrastructure. The designation applies to 16 different U.S. business sectors, including manufacturing, emergency services, energy and financial markets. There are a number of different federal agencies that are currently involved in defending the private sector from computer intrusions: the NSA, FBI, DHS and the military’s U.S. Cyber Command. Some former intelligence officials, like ex-NSA Director Keith Alexander, believe, however, that this multi-agency approach […]

The post Trump adviser proposes broader cybersecurity oversight for private-sector critical infrastructure appeared first on Cyberscoop.

Continue reading Trump adviser proposes broader cybersecurity oversight for private-sector critical infrastructure→

Security firms pour on evidence of Chinese hacking against Vietnam

Posted on September 5, 2017 by Chris Bing

A hacking group with suspected ties to the Chinese government is engaged in an ongoing and expansive cyber espionage operation against Vietnamese organizations, based on evidence obtained by three different cybersecurity firms. The campaign’s discovery comes during a period of mounting geopolitical tension due to a territorial dispute related to the South China Sea. China, Vietnam, Indonesia and the Philippines, among other powers, disagree on which country has claim to a collection of resource-rich islands that sit in the middle of an important international trade route. Cybersecurity firms Votiro, FireEye and Fortinet each obtained phishing emails that were sent to Vietnamese organizations in recent months. Researchers say these emails carried certain forensic indicators, including overlaps in malware and attack servers, that can be traced back to a group previously attributed to Chinese hackers. The South China Sea dispute represents a longstanding disagreement that dates back years. Foreign policy experts believe […]

The post Security firms pour on evidence of Chinese hacking against Vietnam appeared first on Cyberscoop.

Continue reading Security firms pour on evidence of Chinese hacking against Vietnam→