Greg Otto – Page 3 – WindowsTechs.com

Election tech vendors say they’re securing their systems. Does anyone believe them?

Posted on April 24, 2019 by Greg Otto

The last few years have been an awakening for Election Systems & Software. Before 2016, very few people were publicly pressing the company to change the way it handled its cybersecurity practices. Now, the nation’s leading manufacturer of election technology has become a lightning rod for critics. Security experts say the small number of companies that dominate the nation’s election technology market, including ES&S, have failed to acknowledge and remedy vulnerabilities that lie in systems used to hold elections across the country. Once left to obscurity, the entire ecosystem has been called into question since the Russian government was found to have interfered with the 2016 presidential campaign. While there has never been any evidence to suggest that any voting machines were compromised, the Department of Homeland Security and FBI recently issued a memo that all 50 states were at least targeted by Russian intelligence. The peak of the criticism came after the Voting Village exhibition […]

The post Election tech vendors say they’re securing their systems. Does anyone believe them? appeared first on CyberScoop.

Continue reading Election tech vendors say they’re securing their systems. Does anyone believe them?→

Marcus Hutchins pleads guilty to two counts related to Kronos banking malware

Posted on April 19, 2019 by Greg Otto

A cybersecurity researcher known for helping stop the global spread of the WannaCry ransomware variant has pleaded guilty to computer hacking crimes related to the creation of banking malware. Marcus Hutchins, a British cybersecurity researcher, was accused of writing malware known as Kronos in 2014. According to a 2017 indictment, Hutchins allegedly created and updated Kronos while another unidentified person sold the malware on dark web marketplace AlphaBay and other cybercrime forums. Kronos was designed to steal log-in credentials and other financial information from online banking websites that are accessible via Internet Explorer, Mozilla Firefox and Google Chrome. Hutchins’ arrest made waves in the cybersecurity community after he was detained by FBI agents at McCarran International Airport in Las Vegas following the 2017 DEF CON security conference. Days later, he pleaded not guilty in federal court in Milwaukee. His trial was expected to begin this summer. The two counts that Hutchins pleaded guilty to […]

The post Marcus Hutchins pleads guilty to two counts related to Kronos banking malware appeared first on CyberScoop.

Continue reading Marcus Hutchins pleads guilty to two counts related to Kronos banking malware→

Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say

Posted on April 2, 2019 by Greg Otto

A Chinese woman who briefly entered President Donald Trump’s Mar-a-Lago residence last week had two Chinese passports and numerous electronic devices in her possession, including a thumb drive carrying malware, according to federal prosecutors. Yujing Zhang, 32, has been charged with with making false statements toward federal law enforcement agents and unlawfully entering a restricted building or grounds, according to court documents released Monday by the Southern District of Florida. According to the criminal complaint, Zhang was detained on Saturday after initially telling Secret Service guards that she was there to attend an event held by the United Nations Chinese American Association. After a Mar-a-Lago receptionist determined that no such event was being held, Secret Service agents took her into custody. Agents initially expressed confusion over whether she was related to a member of the beach club with the same last name. When she did not respond to questioning, agents believed […]

The post Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say appeared first on CyberScoop.

Continue reading Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say→

How DHS is following the Pentagon’s plan for internal cybersecurity

Posted on April 1, 2019 by Greg Otto

The Department of Homeland Security is trying to replicate a strategy used by the Department of Defense to protect and defend its networks, and the plan could soon be used across the entire federal government. DHS is currently assessing its 16 federated security operations centers (SOCs) to determine which agencies meet the parameters by which they could offer services to other agencies in need of various services, according to DHS Chief Information Security Officer Paul Beckman. “We are trying to figure out how we collectively get our arms around all those SOCs and how we optimize that,” Beckman told a crowd at the 2019 IT Modernization Summit, presented by FedScoop. Beckman said the process is following the DOD’s Cybersecurity Service Provider (CSSP) model. That program assesses which internal security centers hit a number of benchmarks. When one center is qualified to provide a certain level of security, other internal agencies […]

The post How DHS is following the Pentagon’s plan for internal cybersecurity appeared first on CyberScoop.

Continue reading How DHS is following the Pentagon’s plan for internal cybersecurity→

Ex-NSA contractor set to plead guilty for theft of top secret information

Posted on March 27, 2019 by Greg Otto

A former National Security Agency contractor accused of perhaps the largest theft of government secrets in U.S. history is expected to plead guilty Thursday in federal court, according to court records. Harold T. Martin III has been charged with 20 counts of unauthorized and willful retention of national defense information in 2017. His trial was scheduled to start in June, but a rearraignment — a hearing held when a defendant is changing a plea — has been scheduled for 3 p.m. Thursday in Baltimore, Maryland. Martin, a former Navy officer turned defense contractor, was indicted for allegedly stealing and hoarding secret documents that outline U.S. hacking operations. Martin worked in a supporting role for multiple intelligence agencies — including the NSA and the Office of the Director of National Intelligence — during his employment at several different federal consulting firms. Investigators found over the course of their investigation that Martin had removed […]

The post Ex-NSA contractor set to plead guilty for theft of top secret information appeared first on CyberScoop.

Continue reading Ex-NSA contractor set to plead guilty for theft of top secret information→

Introducing the RunSafe Pwn Index

Posted on March 6, 2019 by Greg Otto

So much of the dark web leaves enterprises, well, in the dark. Unless a security team has someone infiltrating and scouring hacker forums, it’s hard to get a handle on how much money adversaries are spending on the latest exploits. We’ve seen tons of stories on exorbitant price points for first-class zero-days, but attackers don’t need to shell out Rolls Royce prices for every remote code execution on the market. In order to give enterprises a better look at what attackers are paying for, CyberScoop has teamed up with McLean, Virginia-based RunSafe Security to bring you the RunSafe Pwn Index. Think of it as the Dow Jones Industrial Average for dark web exploits: Every quarter, RunSafe examines multiple sources of exploit data, including dark web marketplaces, payout services and private practitioners. From the zero-day pricing data it collects, RunSafe then creates a weighted average price based on the target platform […]

The post Introducing the RunSafe Pwn Index appeared first on CyberScoop.

Continue reading Introducing the RunSafe Pwn Index→

The struggle with simplifying the government’s cybersecurity efforts

Posted on March 5, 2019 by Greg Otto

When it comes to protecting the federal government from cyberattacks, simplicity is not that simple. That was the underlying message Monday during multiple panels at RSA Public Sector conference in San Francisco, where government cybersecurity experts and the federal contractors that carry out the government’s cybersecurity operations discussed why things are currently complicated and what it will take to make things easier. The government’s ongoing embrace of the cloud is helping move things in the right direction, but because agencies often follow a hybrid cloud model, watching over a government enterprise is still a highly complex task. Kevin Cox, the program manager for the Department of Homeland Security’s Continuous Diagnostics and Monitoring program, said Monday that it’s a challenge to ascertain exactly how each agency has its enterprise configured. “From our perspective, CDM is working with civilian agencies to have a foundation in place to have the proper visibility on […]

The post The struggle with simplifying the government’s cybersecurity efforts appeared first on CyberScoop.

Continue reading The struggle with simplifying the government’s cybersecurity efforts→

Former Air Force intelligence officer charged with espionage

Posted on February 13, 2019 by Greg Otto

A former U.S. Air Force intelligence agent has been charged with espionage, with the Department of Justice alleging the officer defected to Iran in order to help recruit assets from the U.S. intelligence community. Monica Witt is accused of spying in a forthcoming indictment that will be unsealed Wednesday, the DOJ said. According to the indictment, Witt was allegedly recruited by Iran as part of a program that targets former U.S. intelligence officers and others who have held security clearances. After defecting in 2013, she is alleged to have told the Iranian government about what the DOJ called a “highly classified intelligence collection program.” Witt is also alleged to have revealed the identity of a U.S. intelligence officer. Additionally, four members of Iran’s Islamic Revolutionary Guard Corps (IRGC) have been charged with “computer intrusions and aggravated identity theft” aimed at members of the U.S. intel community. Witt is alleged to have assisted […]

The post Former Air Force intelligence officer charged with espionage appeared first on CyberScoop.

Continue reading Former Air Force intelligence officer charged with espionage→

Researchers found a way to hack those ubiquitous electric scooters

Posted on February 12, 2019 by Greg Otto

You can add another bullet point to the long list of things that drive people nuts about the electric scooter craze in America: the scooters can be hacked. A researcher with San Francisco-based Zimperium discovered a way to manipulate Xiaomi M365 scooter through a Bluetooth connection. Users can access their scooter via an app that connects to the scooter, as long as users authenticate with a password. However Zimperium researcher Rani Idan determined the password fails to completely protect users. “During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password,” Idan wrote in a blog post Tuesday. “The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state.” From there, Idan wrote an app for his mobile device that allowed him to […]

The post Researchers found a way to hack those ubiquitous electric scooters appeared first on CyberScoop.

Continue reading Researchers found a way to hack those ubiquitous electric scooters→

Axonius raises $13 million to boost product that tracks connected devices

Posted on February 12, 2019 by Greg Otto

You’d be hard pressed to find someone in charge of an enterprise’s information security efforts who finds it easy to monitor all the connected devices sitting on the network. New York-based Axonius understands this, which is why it created a platform that allows CISOs to automatically boot these devices off a network if they don’t fit with the enterprise’s security policies. The company is building its business around the platforms, thanks to a new funding raise. The company announced a $13 million series A funding Tuesday, led by Bessemer Venture Partners. There was also participation from existing investors YL Ventures, Vertex, WTI and Emerge. The company says the platform differs from similar products due to its ease of installation, as well as the automation built into the product. Axonius says enterprises don’t have deploy an agent, a piece of software that is put on each device in similar solutions. Additionally, the company claims the product […]

The post Axonius raises $13 million to boost product that tracks connected devices appeared first on CyberScoop.

Continue reading Axonius raises $13 million to boost product that tracks connected devices→