Greg Otto – WindowsTechs.com

Trump issues executive orders that will ban transactions with TikTok, WeChat parent companies

Posted on August 7, 2020 by Greg Otto

President Donald Trump issued two executive orders Thursday that will ban making transactions with Chinese tech companies ByteDance and Tencent as of Sept. 20. The two companies own widely popular applications — ByteDance owns video-sharing app TikTok, while Tencent operates messaging service WeChat — that have been characterized as national security threats. Trump has expressed particular concern over TikTok in the last week, telling reporters over the weekend that he was looking to ban the app in the United States. In the executive order, Trump says TikTok allows the Chinese government to capture vast swaths of data from U.S. citizens, censor content it deems politically sensitive, and use it for disinformation campaigns. “The United States must take aggressive action against the owners of TikTok to protect our national security,” the order reads. TikTok is wildly popular, having been downloaded more than 2 billion times worldwide, including 165 million times in […]

The post Trump issues executive orders that will ban transactions with TikTok, WeChat parent companies appeared first on CyberScoop.

Continue reading Trump issues executive orders that will ban transactions with TikTok, WeChat parent companies→

Gigabytes of ‘sensitive’ internal Intel documents dumped online

Posted on August 6, 2020 by Greg Otto

Chip giant Intel is investigating the leak of what appears to be a 20 GB cache of internal documents, some of which are marked “confidential,” after it appeared on various messaging platforms and data hosting sites. An Intel spokesperson told CyberScoop that the data looks to be from the company’s Resource and Design Center, which hosts information for customers, partners and other external parties that have access. “We believe an individual with access downloaded and shared this data,” a spokesperson told CyberScoop. The cache, dubbed “Intel exconfidential Lake,” is mostly comprised of training manuals and other technical documents for various software and firmware development kits. However, a section marked “Intel Restricted Secret” contains data on a March 2020 version of Intel’s 2016 Kaby Lake Platforms Silicon Initialization Code, which works with Intel BIOS. A post in a Telegram channel highlighted some of the other contents in the cache: It is […]

The post Gigabytes of ‘sensitive’ internal Intel documents dumped online appeared first on CyberScoop.

Continue reading Gigabytes of ‘sensitive’ internal Intel documents dumped online→

HHS dealing with cyber-incident in midst of COVID-19 outreach

Posted on March 16, 2020 by Greg Otto

The Department of Health and Human Services was the target of an attempted cyberattack, a source with knowledge of the matter tells CyberScoop. HHS saw an increase in traffic against its systems as the department continues to respond to the novel coronavirus outbreak. Signs pointed, at most, to a failed distributed denial-of-service attack, a source told CyberScoop. Bloomberg News was first to report on the incident. The attempted attack does not appear to have taken any systems offline. A source told Bloomberg that no data appears to have been stolen. The Department of Homeland Security is looking into the matter, a source told CyberScoop. The National Security Agency referred questions to HHS and DHS. HHS did not return requests for comment. News of the attack comes as the National Security Council tweeted Sunday that rumors spreading online about a nationally-mandated quarantine are false. It is unclear if the tweet is related to the incident at […]

The post HHS dealing with cyber-incident in midst of COVID-19 outreach appeared first on CyberScoop.

Continue reading HHS dealing with cyber-incident in midst of COVID-19 outreach→

Duo CEO Dug Song: We have to make security simple

Posted on January 29, 2020 by Greg Otto

Duo Security CEO Dug Song kept it simple Tuesday when he described the last decade in cybersecurity. “It sucked,” Song told the crowd at the Zero Trust Security Summit presented by Duo and produced by FedScoop and CyberScoop. The next decade doesn’t have to be that way, he says, because the technology ecosystem has the tools it needs to make security as seamless and easy to use as possible. Architectures like zero trust can become more commonplace, giving enterprises simple ways to protect themselves against the most familiar threats. At the core, it’s about ensuring that users and devices are connecting only with the data that they need. In a sit-down with CyberScoop on the sidelines of the summit, Song talked about the evolution of zero trust, how the cybersecurity market is changing, and how cybersecurity can be better woven into campaign operations. The title of the event is the Zero Trust Security Summit. “Zero trust” […]

The post Duo CEO Dug Song: We have to make security simple appeared first on CyberScoop.

Continue reading Duo CEO Dug Song: We have to make security simple→

Critical flaw in Citrix applications could allow unauthorized access to internal networks

Posted on December 23, 2019 by Greg Otto

A critical vulnerability has been discovered in Citrix’s Application Delivery Controller (ADC) and Gateway products that could give attackers unauthorized access to enterprise networks as well as the ability to run code on them. Security company Positive Technologies, which first discovered the flaw, says the vulnerability spans several years’ worth of Citrix technology. It estimates that “at least 80,000 companies in 158 countries are potentially at risk.” Citrix’s ADC is a cloud-based application delivery and load balancing tool, while Gateway allows remote access to a company’s applications. The vulnerability affects Citrix ADC and Citrix Gateway 13.0, 12.1, 12.0, 11.1, and 10.5. “Considering the high risk brought by the discovered vulnerability, and how widespread Citrix software is in the business community, we recommend information security professionals take immediate steps to mitigate the threat,” Dmitry Serebryannikov, director of the security audit department for Framingham, Massachusetts-based Positive Technologies, said in a blog post. Citrix […]

The post Critical flaw in Citrix applications could allow unauthorized access to internal networks appeared first on CyberScoop.

Continue reading Critical flaw in Citrix applications could allow unauthorized access to internal networks→

Wawa says payment processing servers were hacked, potentially affecting all of its stores

Posted on December 19, 2019 by Greg Otto

Popular East Coast convenience store chain Wawa announced Thursday that it found malware on payment processing servers that affected card information gathered from customers at potentially all of its locations. The company said malware had been running sometime after March 4 and was present on most store systems by approximately April 22. Among the information collected was cardholder names, including credit and debit card numbers and expiration dates. Debit card PIN numbers, credit card CVV2 numbers, other PIN numbers, and driver’s license information used to verify age-restricted purchases were not affected, Wawa said. Additionally, ATMs located in Wawa stores were not affected. “I apologize deeply to all of you, our friends and neighbors, for this incident,” Wawa CEO Chris Gheysens said in a release. “You are my top priority and are critically important to all of the nearly 37,000 associates at Wawa. We take this special relationship with you and the protection of your […]

The post Wawa says payment processing servers were hacked, potentially affecting all of its stores appeared first on CyberScoop.

Continue reading Wawa says payment processing servers were hacked, potentially affecting all of its stores→

Exclusive: PR software firm exposes data on nearly 500k contacts

Posted on December 9, 2019 by Greg Otto

A company that sells content management software and services exposed data on 477,000 media contacts, including 35,000 hashed user passwords, to the public internet. In October, iPRsoftware, a U.S.-based company that specializes in software that manages and disseminates company public relations and marketing, was discovered to be exposing the data along with administrative system credentials and assorted documents. Among the documents were marketing materials for client companies, as well as credentials for the company’s Google and Twitter accounts and a MongoDB hosting provider. Chris Vickery, director of cyber risk research at UpGuard, first contacted the company about the exposure in October. Despite the company’s acknowledgement of the issue, Vickery observed that over the next week, the only thing that changed was the appearance of a log file for the purpose of reviewing activity related to the open repository. When contacted weeks later by CyberScoop about the exposure, a company representative said it […]

The post Exclusive: PR software firm exposes data on nearly 500k contacts appeared first on CyberScoop.

Continue reading Exclusive: PR software firm exposes data on nearly 500k contacts→

‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine

Posted on November 8, 2019 by Greg Otto

For experts, trying to definitively explain the full scope of a cybersecurity incident is often a difficult and delicate process. They normally don’t find reason to tie attacks back to 13th-century massacres at the hands of Mongolian warlords. Yet, in “Sandworm,” the new book from Wired magazine’s Andy Greenberg, it’s the Mongols’ 13th-century raid on Ukraine (and other brutalities the region has endured) that helps explain why this area in the world has been linked to almost every major cyberattack in the past decade. “Sandworm” chronicles the hacker group of the same name, diving into the hectic moments behind the Russian outfit’s attacks, which have hit targets from the Ukrainian power grid to international shipping conglomerates. The book shows that attacks like BlackEnergy, NotPetya and Olympic Destroyer do not happen in a vacuum. Greenberg weaves them and others into a narrative that illuminates the personalities responsible for studying or thwarting Sandworm’s […]

The post ‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine appeared first on CyberScoop.

Continue reading ‘Sandworm’ book review: To understand cyberwar, you must understand Ukraine→

Twitter: We accidentally used security data to target users with ads

Posted on October 8, 2019 by Greg Otto

Twitter announced Tuesday that email addresses and phone numbers used to secure accounts had accidentally been used for advertising purposes. In a blog post, the company says the addresses and numbers were used in its “Tailored Audiences” product, which allows advertisers to target ads to customers based on the advertiser’s own marketing lists. “When an advertiser uploaded their marketing list, we may have matched people on Twitter to their list based on the email or phone number the Twitter account holder provided for safety and security purposes,” the blog states. “This was an error and we apologize.” Twitter does not know how many people were impacted by the error. The company says no data was shared with third parties that used the Tailored Audiences feature. Twitter users share phone numbers with the company for security purposes, particularly for its two-factor authentication feature. With that feature, Twitter sends a code to […]

The post Twitter: We accidentally used security data to target users with ads appeared first on CyberScoop.

Continue reading Twitter: We accidentally used security data to target users with ads→

VMware CEO: The security industry has ‘failed its customers’

Posted on October 2, 2019 by Greg Otto

Pat Gelsinger, the CEO of VMware, says the security industry has “failed its customers” and that security must become more intrinsic if enterprises are ever going to keep up with the threats they face on a daily basis. “Every year we are asking [enterprises] for more money from their security budgets and every year there’s an increasing number and cost of breaches,” Gelsinger said at VMware’s Security Through Innovation Summit produced by FedScoop and StateScoop. “This is a failure.” He compared the state of the industry to lawyers who make a living chasing after car accident victims in the hopes of scoring a personal injury settlement. “We show up after the car accident and then we say ‘Here, you need to buy more tools for forensics to tell you what happened in the car accident,’” Gelsinger said. “We are showing up after the fact. We need to have a better […]

The post VMware CEO: The security industry has ‘failed its customers’ appeared first on CyberScoop.

Continue reading VMware CEO: The security industry has ‘failed its customers’→