Chris Bing – Page 4 – WindowsTechs.com

Trisis masterminds have hacked U.S. industrial firms, new research claims

Posted on May 24, 2018 by Chris Bing

A group known for infecting a Saudi petrochemical plant with highly sophisticated industrial control malware has targeted the same type of systems inside the United States, according to new research by ICS-focused cybersecurity startup Dragos. The group behind the malware, which Dragos refers to as “Xenotime,” has expanded their operations to include attacks on multiple undisclosed U.S. companies. The malware shows similarities to what’s commonly known as Trisis, which was used in an attack last year in Saudi Arabia. While Trisis exploited one particular industrial control system, researchers say a new variant impacts a variety of safety instrumented systems. Safety instrumented systems, or SIS for short, are hardware and software controls that protect large-scale industrial processes and equipment typically found in nuclear, petrochemical or manufacturing plants. There are few companies who create and manage SIS systems, including but not limited to St. Louis-based Emerson, New Jersey-based Honeywell, and Tokyo-based Yokogawa. Dragos has […]

The post Trisis masterminds have hacked U.S. industrial firms, new research claims appeared first on Cyberscoop.

Continue reading Trisis masterminds have hacked U.S. industrial firms, new research claims→

Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine

Posted on May 23, 2018 by Chris Bing

A massive hacking operation that co-opts more than 500,000 routers into a botnet looms over Ukraine, according to cybersecurity researchers and people familiar with the matter who spoke with CyberScoop. Over the last several days, a combination of at least three groups — Cisco’s cybersecurity unit Talos, the non-profit information sharing group Cyber Threat Alliance (CTA) and U.S. law enforcement — have all been quietly notifying companies about what appears to be the early stages of a potentially expansive cyberattack against Ukraine. The scheme carries indicators that suggests a Russian government-linked hacking group may be involved, but so far that connection is only tentative. The public notifications are ahead of a massive international soccer match, which will be hosted in Kiev, on May 26 and an important domestic holiday in Ukraine on June 28. Last year, there was a delayed reaction inside Ukraine to the NotPetya attack due to it being launched a day before […]

The post Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine appeared first on Cyberscoop.

Continue reading Researchers uncover sophisticated botnet aimed at possible attack inside Ukraine→

Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Posted on May 22, 2018 by Chris Bing

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday. Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company. “With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. “That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their […]

The post Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says appeared first on Cyberscoop.

Continue reading Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says→

Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command

Posted on May 21, 2018 by Chris Bing

A secret information sharing agreement between the Financial Services Information Sharing and Analysis Center (FS-ISAC) and U.S. Cyber Command reveals the blurring line between the country’s public and private sectors as the U.S. government becomes increasingly receptive to launching offensive hacking operations. The pilot program, codenamed “Project Indigo,” recently established a confidential information sharing channel for a subunit of FS-ISAC known as the Financial Systemic Analysis & Resilience Center (FSARC). That subunit shares “scrubbed” cyberthreat data, including malware indicators, with the Fort Meade-based Cyber Command, according to current and former U.S. officials. Project Indigo also provides data to the Department of Homeland Security and U.S. Treasury. However, those agencies were already getting data from the banks, which is narrowly leveraged for defensive measures. The broad purpose of Project Indigo is to help inform U.S. Cyber Command about nation-state hacking aimed at banks. In practice, this intelligence is independently evaluated and, if appropriate, […]

The post Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command appeared first on Cyberscoop.

Continue reading Inside ‘Project Indigo,’ the quiet info-sharing program between banks and U.S. Cyber Command→

Alphabet’s Jigsaw offers political campaigns free DDoS protection

Posted on May 16, 2018 by Chris Bing

U.S. political organizations are now being offered a free tool to defend against distributed denial of service attacks courtesy of Jigsaw, a subsidiary of Google parent company Alphabet, ahead of the 2018 midterm elections. The offer comes after a local election in Knox County, Tennessee, was recently forced to delay the release of voting results after their website was hit by a DDoS attack. Dubbed “Project Shield,” Jigsaw’s defensive software is designed to flag, filter and contain loads of malicious traffic. The tool is built off of Google’s own server architecture and scanning capabilities, making it capable of quickly identifying and blocking IP addresses that are recognized as being part of botnets. The integrated web software was previously available for free to journalists and human rights organizations, among others, but Wednesday’s inclusion of U.S. political organizations opens the door to a massive new user base that is set to include political […]

The post Alphabet’s Jigsaw offers political campaigns free DDoS protection appeared first on Cyberscoop.

Continue reading Alphabet’s Jigsaw offers political campaigns free DDoS protection→

Bolton eliminates White House Cybersecurity Coordinator position

Posted on May 15, 2018 by Chris Bing

The National Security Council has officially decided to eliminate the White House Cybersecurity Coordinator role, a current U.S. official told CyberScoop. Until today, the position had an important role in synchronizing cybersecurity efforts across the federal government, including managing the execution of defensive and offensive cyber operations conducted by the Pentagon. The position was first created under the George W. Bush administration. The move follows the departure of former coordinator Rob Joyce on Friday. Joyce’s planned departure followed a 14-month stint where he pioneered the creation of several new cybersecurity policies and helped shed light on a secretive government disclosure framework, known as the Vulnerabilities Equities Process. The news was first reported by Politico and independently confirmed by CyberScoop. An email sent Tuesday to NSC staffers by an aide of national security adviser John Bolton described that the decision would help cut “another layer of bureaucracy.” The NSC currently employs […]

The post Bolton eliminates White House Cybersecurity Coordinator position appeared first on Cyberscoop.

Continue reading Bolton eliminates White House Cybersecurity Coordinator position→

National Security Council delays publication of cyber strategy over inclusion of ‘offensive’ measures

Posted on May 15, 2018 by Chris Bing

A public summary of the Trump administration’s cyber deterrence strategy has been delayed because of internal disputes over retaliatory hacking measures, two current U.S. officials familiar with the matter tell CyberScoop. According to sources, several National Security Council staffers are seeking edits that further set ground rules for repercussions if an adversary attacks either the U.S. government or a U.S.-based company in cyberspace. The strategy’s outline was supposed to be released last Friday, but was held up after an NSC member requested it be postponed. The summary, although not as comprehensive as the strategy itself, is important because it would broadly inform the public about the government’s secret plan of action and signal to adversaries what behaviors cross a red line. Originally, the Trump administration mandated the cyber deterrence framework through the cybersecurity executive order released in May 2017. The report, a classified document that defines response options for when the country comes under […]

The post National Security Council delays publication of cyber strategy over inclusion of ‘offensive’ measures appeared first on Cyberscoop.

Continue reading National Security Council delays publication of cyber strategy over inclusion of ‘offensive’ measures→

‘Efail’ exploit can expose old email content that was previously encrypted

Posted on May 14, 2018 by Chris Bing

Lingering software flaws that have existed in popular email clients can be exploited under certain conditions to access email content even when they’re protected by PGP or S/MIME standards, according to new research. The research, dubbed “efail,” explains how it’s possible to exploit buggy email platforms, particularly in the way PGP is integrated into the platform. It does not show how to “break” the actual encryption protocol supporting PGP, short for “pretty good privacy.” Sebastian Schnitzel, who co-authored the research, urged people to disable PGP or S/MIME in their email client until a fix can be issued. There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: https://t.co/zJh2YHhE5q #efail 2/4 — Sebastian Schinzel (@seecurity) May 14, 2018 The research is focused on how popular HTML-based email […]

The post ‘Efail’ exploit can expose old email content that was previously encrypted appeared first on Cyberscoop.

Continue reading ‘Efail’ exploit can expose old email content that was previously encrypted→

Possible Kaspersky sanctions meet resistance inside U.S. government

Posted on May 14, 2018 by Chris Bing

A White House plan to sanction Kaspersky Lab has met resistance from senior U.S. government officials who are worried that it could set a dangerous precedent for global behavior on the internet, according to two officials familiar with the matter. The plan to sanction the Moscow-based anti-virus maker has largely been pioneered by the National Security Council, CyberScoop previously reported. A source with knowledge of the effort recently said that Treasury Department head Steve Mnuchin has “OK’d” sanctions against Kaspersky, although several of his advisers are against it. A plan to make the sanctions official has no immediate timetable. The final decision rests with the executive branch; which is home to the NSC. When reached for comment, a spokesperson for the Treasury Department said the agency “does not telegraph sanctions or comment on prospective actions.” The NSC previously declined to comment on possible Kaspersky sanctions. Some in government worry about the impact such sanctions […]

The post Possible Kaspersky sanctions meet resistance inside U.S. government appeared first on Cyberscoop.

Continue reading Possible Kaspersky sanctions meet resistance inside U.S. government→

Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops

Posted on May 10, 2018 by Chris Bing

When Vitaly Kamluk, a security researcher with Kaspersky Lab, discovered a mysterious program named “Computrace” deeply burrowed into his colleagues’ computers, he expected to find an elite hacking group at the other end — something the Moscow-based cybersecurity firm is keenly familiar with. Instead, Kamluk had uncovered a flawed but legitimate tracking software program developed by a Canadian company, named Absolute Software, which had been apparently installed at the manufacturer level. Computrace — now known as LoJack For Laptops via a licensing agreement with the famous vehicle-tracking company — has been publicly documented as having security problems, based on multiple reports, which worried Kamluk because he knew someone could leverage the underlying program in an attack to gain remote access. “It was very alarming to find unauthorized instances of Computrace,” Kamluk told CyberScoop. “There was no explanation how those new private computers had Computrace activated … We contacted Absolute technical support and provided hardware serial numbers, as […]

The post Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops appeared first on Cyberscoop.

Continue reading Russian hackers found the ‘ultimate’ hacking tool buried in the supply chain of laptops→