Greg Otto – Page 33 – WindowsTechs.com

Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say

Posted on April 2, 2019 by Greg Otto

A Chinese woman who briefly entered President Donald Trump’s Mar-a-Lago residence last week had two Chinese passports and numerous electronic devices in her possession, including a thumb drive carrying malware, according to federal prosecutors. Yujing Zhang, 32, has been charged with with making false statements toward federal law enforcement agents and unlawfully entering a restricted building or grounds, according to court documents released Monday by the Southern District of Florida. According to the criminal complaint, Zhang was detained on Saturday after initially telling Secret Service guards that she was there to attend an event held by the United Nations Chinese American Association. After a Mar-a-Lago receptionist determined that no such event was being held, Secret Service agents took her into custody. Agents initially expressed confusion over whether she was related to a member of the beach club with the same last name. When she did not respond to questioning, agents believed […]

The post Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say appeared first on CyberScoop.

Continue reading Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say→

How DHS is following the Pentagon’s plan for internal cybersecurity

Posted on April 1, 2019 by Greg Otto

The Department of Homeland Security is trying to replicate a strategy used by the Department of Defense to protect and defend its networks, and the plan could soon be used across the entire federal government. DHS is currently assessing its 16 federated security operations centers (SOCs) to determine which agencies meet the parameters by which they could offer services to other agencies in need of various services, according to DHS Chief Information Security Officer Paul Beckman. “We are trying to figure out how we collectively get our arms around all those SOCs and how we optimize that,” Beckman told a crowd at the 2019 IT Modernization Summit, presented by FedScoop. Beckman said the process is following the DOD’s Cybersecurity Service Provider (CSSP) model. That program assesses which internal security centers hit a number of benchmarks. When one center is qualified to provide a certain level of security, other internal agencies […]

The post How DHS is following the Pentagon’s plan for internal cybersecurity appeared first on CyberScoop.

Continue reading How DHS is following the Pentagon’s plan for internal cybersecurity→

Ex-NSA contractor set to plead guilty for theft of top secret information

Posted on March 27, 2019 by Greg Otto

A former National Security Agency contractor accused of perhaps the largest theft of government secrets in U.S. history is expected to plead guilty Thursday in federal court, according to court records. Harold T. Martin III has been charged with 20 counts of unauthorized and willful retention of national defense information in 2017. His trial was scheduled to start in June, but a rearraignment — a hearing held when a defendant is changing a plea — has been scheduled for 3 p.m. Thursday in Baltimore, Maryland. Martin, a former Navy officer turned defense contractor, was indicted for allegedly stealing and hoarding secret documents that outline U.S. hacking operations. Martin worked in a supporting role for multiple intelligence agencies — including the NSA and the Office of the Director of National Intelligence — during his employment at several different federal consulting firms. Investigators found over the course of their investigation that Martin had removed […]

The post Ex-NSA contractor set to plead guilty for theft of top secret information appeared first on CyberScoop.

Continue reading Ex-NSA contractor set to plead guilty for theft of top secret information→

Introducing the RunSafe Pwn Index

Posted on March 6, 2019 by Greg Otto

So much of the dark web leaves enterprises, well, in the dark. Unless a security team has someone infiltrating and scouring hacker forums, it’s hard to get a handle on how much money adversaries are spending on the latest exploits. We’ve seen tons of stories on exorbitant price points for first-class zero-days, but attackers don’t need to shell out Rolls Royce prices for every remote code execution on the market. In order to give enterprises a better look at what attackers are paying for, CyberScoop has teamed up with McLean, Virginia-based RunSafe Security to bring you the RunSafe Pwn Index. Think of it as the Dow Jones Industrial Average for dark web exploits: Every quarter, RunSafe examines multiple sources of exploit data, including dark web marketplaces, payout services and private practitioners. From the zero-day pricing data it collects, RunSafe then creates a weighted average price based on the target platform […]

The post Introducing the RunSafe Pwn Index appeared first on CyberScoop.

Continue reading Introducing the RunSafe Pwn Index→

The struggle with simplifying the government’s cybersecurity efforts

Posted on March 5, 2019 by Greg Otto

When it comes to protecting the federal government from cyberattacks, simplicity is not that simple. That was the underlying message Monday during multiple panels at RSA Public Sector conference in San Francisco, where government cybersecurity experts and the federal contractors that carry out the government’s cybersecurity operations discussed why things are currently complicated and what it will take to make things easier. The government’s ongoing embrace of the cloud is helping move things in the right direction, but because agencies often follow a hybrid cloud model, watching over a government enterprise is still a highly complex task. Kevin Cox, the program manager for the Department of Homeland Security’s Continuous Diagnostics and Monitoring program, said Monday that it’s a challenge to ascertain exactly how each agency has its enterprise configured. “From our perspective, CDM is working with civilian agencies to have a foundation in place to have the proper visibility on […]

The post The struggle with simplifying the government’s cybersecurity efforts appeared first on CyberScoop.

Continue reading The struggle with simplifying the government’s cybersecurity efforts→

Former Air Force intelligence officer charged with espionage

Posted on February 13, 2019 by Greg Otto

A former U.S. Air Force intelligence agent has been charged with espionage, with the Department of Justice alleging the officer defected to Iran in order to help recruit assets from the U.S. intelligence community. Monica Witt is accused of spying in a forthcoming indictment that will be unsealed Wednesday, the DOJ said. According to the indictment, Witt was allegedly recruited by Iran as part of a program that targets former U.S. intelligence officers and others who have held security clearances. After defecting in 2013, she is alleged to have told the Iranian government about what the DOJ called a “highly classified intelligence collection program.” Witt is also alleged to have revealed the identity of a U.S. intelligence officer. Additionally, four members of Iran’s Islamic Revolutionary Guard Corps (IRGC) have been charged with “computer intrusions and aggravated identity theft” aimed at members of the U.S. intel community. Witt is alleged to have assisted […]

The post Former Air Force intelligence officer charged with espionage appeared first on CyberScoop.

Continue reading Former Air Force intelligence officer charged with espionage→

Researchers found a way to hack those ubiquitous electric scooters

Posted on February 12, 2019 by Greg Otto

You can add another bullet point to the long list of things that drive people nuts about the electric scooter craze in America: the scooters can be hacked. A researcher with San Francisco-based Zimperium discovered a way to manipulate Xiaomi M365 scooter through a Bluetooth connection. Users can access their scooter via an app that connects to the scooter, as long as users authenticate with a password. However Zimperium researcher Rani Idan determined the password fails to completely protect users. “During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password,” Idan wrote in a blog post Tuesday. “The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state.” From there, Idan wrote an app for his mobile device that allowed him to […]

The post Researchers found a way to hack those ubiquitous electric scooters appeared first on CyberScoop.

Continue reading Researchers found a way to hack those ubiquitous electric scooters→

Axonius raises $13 million to boost product that tracks connected devices

Posted on February 12, 2019 by Greg Otto

You’d be hard pressed to find someone in charge of an enterprise’s information security efforts who finds it easy to monitor all the connected devices sitting on the network. New York-based Axonius understands this, which is why it created a platform that allows CISOs to automatically boot these devices off a network if they don’t fit with the enterprise’s security policies. The company is building its business around the platforms, thanks to a new funding raise. The company announced a $13 million series A funding Tuesday, led by Bessemer Venture Partners. There was also participation from existing investors YL Ventures, Vertex, WTI and Emerge. The company says the platform differs from similar products due to its ease of installation, as well as the automation built into the product. Axonius says enterprises don’t have deploy an agent, a piece of software that is put on each device in similar solutions. Additionally, the company claims the product […]

The post Axonius raises $13 million to boost product that tracks connected devices appeared first on CyberScoop.

Continue reading Axonius raises $13 million to boost product that tracks connected devices→

Inside the online fight between DerbyCon, illmob, and harassed infosec women

Posted on February 4, 2019 by Greg Otto

A published cybersecurity expert and the person in charge of security at a popular information security conference are at odds over a Facebook group that has served as a platform for harassment and misogynistic comments toward women in the profession. Last month, the founders of DerbyCon — an annual hacker conference held in Louisville, Kentucky — announced that 2019 would be the last year for the event. In a blog post announcing the cancellation, the conference’s founders didn’t point to a single incident that led them to their decision. However, one passage stirred up controversy: “There is a small, yet vocal group of people creating negativity, polarization, and disruption, with the primary intent of self-promotion to advance a career, for personal gain, or for more social media followers.” The “negativity, polarization and disruption” heightened in the wake of the announcement, with members of a Facebook group known as “illmob” posting comments […]

The post Inside the online fight between DerbyCon, illmob, and harassed infosec women appeared first on CyberScoop.

Continue reading Inside the online fight between DerbyCon, illmob, and harassed infosec women→

Apple disables group chat on FaceTime after discovery of bad bug

Posted on January 29, 2019 by Greg Otto

Apple has disabled the group chat feature of its FaceTime video calling service after a bug was discovered that allows users to eavesdrop on others via audio and video. The bug, which takes advantage of a logic flaw in the app’s group chat, works like this: When making a FaceTime video call, the caller adds themselves to a group chat before the user on the other end picks up. Once added, the bug leads FaceTime to believe an active group call has started, even though the recipient hasn’t answered the call. The person who initiated the call can then hear audio from the recipient’s device. Shortly after the initial audio bug was discovered, users also found that if recipients pressed the power or volume down button to silence or dismiss the call, video was transmitted back to the person initiating the call. According to Apple’s status page, the company has […]

The post Apple disables group chat on FaceTime after discovery of bad bug appeared first on CyberScoop.

Continue reading Apple disables group chat on FaceTime after discovery of bad bug→