Greg Otto – Page 37 – WindowsTechs.com

Corelight raises $25 million to grow Bro-based business

Posted on September 11, 2018 by Greg Otto

San Francisco-based Corelight has announced a $25 million Series B funding round, filling its coffers to boost its efforts in commercializing the open source Bro network security monitor. Developed in 1995, Bro was created to study complex patterns in internet traffic in high-performance environments. It has been supported by a host of government agencies, including grants from the National Science Foundation. Corelight has built its products on top of Bro, giving government agencies and large enterprises a way to make sense of the traffic they see on a daily basis. The company’s products support incident response, threat hunting, and other forensic capabilities. “The question today isn’t if the bad guys have access to your network — they do — but instead, what they’ve done once they’ve gotten in,” said Steve Herrod, managing director at General Catalyst and Corelight board member. “Corelight helps security professionals get to breach impact and remediation […]

The post Corelight raises $25 million to grow Bro-based business appeared first on Cyberscoop.

Continue reading Corelight raises $25 million to grow Bro-based business→

U.S. charges North Korean hacker over Sony, WannaCry incidents

Posted on September 6, 2018 by Greg Otto

The Department of Justice announced charges Thursday against a North Korean spy in connection with the 2014 attack on Sony Pictures and the 2017 WannaCry ransomware attack. Park Jin Hyok, a North Korean computer programmer, has been charged with one count of conspiracy to commit wire fraud and one count of conspiracy to commit computer-related fraud. The government alleges that Park was operating under the front company “Chosun Expo” or the “Korean Expo Joint Venture,” in addition to activities conducted on behalf of North Korea’s Reconnaissance General Bureau. The complaint says along side the attacks on Sony, Park was part of a group that also attacked AMC Theaters, U.K.-based independent production company Mammoth Screen around the same time as the Sony Pictures hack. Additionally, the government alleges that Park was instrumental in attacks on defense contractor Lockheed Martin and the Bank of Bangladesh. The latter incident saw $81 million stolen through the […]

The post U.S. charges North Korean hacker over Sony, WannaCry incidents appeared first on Cyberscoop.

Continue reading U.S. charges North Korean hacker over Sony, WannaCry incidents→

ES&S security lead: We trust our process over DEF CON village findings

Posted on August 30, 2018 by Greg Otto

While there are a number of companies that build and sell election-related technology, ES&S has been the most notable as of late. The company’s CEO released a letter last week that took issue with calls from lawmakers to work with anonymous researchers, like those at the DEF CON Voting Village that uncovered various vulnerabilities in election-related hardware and software. “We will not, however, provide or submit any hardware, software, source code or other intellectual property to unvetted, anonymous security researchers, nor would we make public any assessments of vulnerability findings, because providing or making available secure information to individuals or groups whose interests may counter the United States’ interests would be irresponsible and may in fact, jeopardize the integrity of elections,” the letter from ES&S CEO Tom Burt read. That letter was poorly received by both Capitol Hill and the security research community, who both felt the response was inadequate […]

The post ES&S security lead: We trust our process over DEF CON village findings appeared first on Cyberscoop.

Continue reading ES&S security lead: We trust our process over DEF CON village findings→

ES&S security lead: We trust our process over DEF CON village findings

Posted on August 30, 2018 by Greg Otto

The post ES&S security lead: We trust our process over DEF CON village findings appeared first on Cyberscoop.

Continue reading ES&S security lead: We trust our process over DEF CON village findings→

Facebook, Twitter remove hundreds of accounts tied to ‘coordinated influence’ campaign

Posted on August 22, 2018 by Greg Otto

Facebook and Twitter announced late Tuesday that hundreds of accounts tied to an influence operation have been removed, part of the companies’ heightened efforts to remove bad actors from the social media networks. In a blog post, Facebook announced it had removed 652 pages, groups and accounts for what the company calls “coordinated inauthentic behavior.” The accounts were linked to a group known as “Liberty Front Press,” an effort that originated in Iran. Working with cybersecurity firm FireEye, Facebook discovered the group was primarily posting political content focused on the Middle East, as well as the U.K., U.S., and Latin America. Beginning in 2017, its focus on the U.K. and U.S. increased. “The activity we have uncovered highlights that multiple actors continue to engage in and experiment with online, social media-driven influence operations as a means of shaping political discourse,” an assessment from FireEye read. “The activity we have uncovered highlights that […]

The post Facebook, Twitter remove hundreds of accounts tied to ‘coordinated influence’ campaign appeared first on Cyberscoop.

Continue reading Facebook, Twitter remove hundreds of accounts tied to ‘coordinated influence’ campaign→

Report: PGA hit with ransomware attack on eve of major tournament

Posted on August 9, 2018 by Greg Otto

The Professional Golfers Association of America has been hit with a ransomware attack, locking employees out of crucial files hours before the start of the association’s namesake tournament. According to GolfWeek, PGA employees found they were locked out of systems Tuesday that housed various banners, logos and signage to be used for the upcoming PGA Championship. The tournament, which starts Thursday at Bellerive Country Club in St. Louis, is one professional golf most prestigious tournaments. Employees were also locked out of similar files related to the upcoming Ryder Cup, a golf competition between teams from Europe and the United States. “Your network has been penetrated,” a message on PGA-owned computers read. “All files on each host in the network have been encrypted with a strong algorythm [sic]. We exclusively have decryption software for your situation. No decryption software is available in the public.” The attackers asked for a unidentified amount […]

The post Report: PGA hit with ransomware attack on eve of major tournament appeared first on Cyberscoop.

Continue reading Report: PGA hit with ransomware attack on eve of major tournament→

Asia’s hackers are finding a home on the dark web

Posted on August 8, 2018 by Greg Otto

While the vast majority of Asia-focused cybersecurity research examines government-backed threats, a new report shows that the region’s dark web is becoming a fertile training ground for independent hackers to learn more skills and trade new exploits. Research released Wednesday by New York-based IntSights details a number of Asian countries’ use of websites that require access through special software such as the Tor browser. Hackers in China, Japan, North Korea, Indonesia and Vietnam have adopted the dark web — which is usually associated with U.S. and Russian activity — to create their own criminal communities, the report says. “As the dark web grows, companies and government organizations need to understand that it’s no longer enough to monitor cybercrime activities typically associated with Russian, North Korean or other English-speaking cyber groups,” said Itay Kozuch, Director of Threat Research for IntSights. In a presentation shown to CyberScoop at the Black Hat security conference in […]

The post Asia’s hackers are finding a home on the dark web appeared first on Cyberscoop.

Continue reading Asia’s hackers are finding a home on the dark web→

DHS vulnerability scanning program offline after Virginia office loses power

Posted on August 1, 2018 by Greg Otto

Two cybersecurity programs the Department of Homeland Security offers both states and the private sector have been temporarily knocked offline due to a power outage, while other services have been shifted to backup locations, multiple sources tell CyberScoop. The National Cybersecurity and Communications Integration Center (NCCIC), the 24/7 hub for monitoring cyberthreats across the government and critical infrastructure, has shifted operations to a backup location in Florida. The move was made after the Arlington, Virginia, building that houses NCCIC lost power last week due to heavy rains. Additionally, two other programs under NCCIC’s National Cybersecurity Assessments and Technical Services (NCATS) — Cyber Hygiene vulnerability scans and Phishing Campaign Assessment — have been offline since July 26. The Cyber Hygiene program remotely detects known vulnerabilities on internet-facing services. The Phishing Campaign Assessment program is part of a remote penetration testing service. Both programs are used by hundreds of customers across the country. Thirty-four states have received vulnerability scans through the Cyber Hygiene program, according to a DHS presentation given at […]

The post DHS vulnerability scanning program offline after Virginia office loses power appeared first on Cyberscoop.

Continue reading DHS vulnerability scanning program offline after Virginia office loses power→

Newly uncovered ‘Leafminer’ hacking group hitting wide array of Middle Eastern targets

Posted on July 25, 2018 by Greg Otto

A newly uncovered hacking group has breached a number of critical infrastructure and government organizations in the Middle East with a mixture of publicly available and custom-built tools, according to new research from cybersecurity giant Symantec. Dubbed Leafminer by the company, the group has infiltrated a number of organizations in countries such as Azerbaijan, Israel, Lebanon and Saudi Arabia, with a variety of intrusion techniques. Researchers observed the group using watering hole websites, vulnerability scans and brute-force login attempts for the purposes of data theft. Symantec researchers categorized the group as “highly active,” conducting various operations since early 2017. The group targeted a wide range of sectors, including energy, government, finance and telecommunications. According to Vikram Thakur, Symantec’s technical director, the group was active up until publication of the company’s research. “Their servers are very much still up,” Thakur told CyberScoop. The group is particularly adept at honing its skills based […]

The post Newly uncovered ‘Leafminer’ hacking group hitting wide array of Middle Eastern targets appeared first on Cyberscoop.

Continue reading Newly uncovered ‘Leafminer’ hacking group hitting wide array of Middle Eastern targets→

Equifax CISO Jamil Farshchi’s three-act, ‘shared fate’ security plan

Posted on July 13, 2018 by Greg Otto

Even in normal times, credit reporting agencies are never among the world’s most admired companies. So it’s easy to see why Equifax’s brand reputation has suffered immensely thanks to the massive breach that saw information on 148 million people taken from the company and two former executives charged with insider trading. New Equifax CISO Jamil Farshchi is working to overcome the “visceral” reaction he’s witnessed post-breach. A veteran of massive rehabilitation efforts via his time spent as CISO at Home Depot, Farshchi is embarking on a plan to move Atlanta-based Equifax beyond its security lapses to a position where the company is actually seen as security leader. In an exclusive interview with CyberScoop, Farshchi describes his “three-act plan” to secure Equifax, which includes having the entire company understand that cybersecurity doesn’t fall to the IT division. “Security isn’t just security’s job,” he said. “Everyone needs to feel it through and […]

The post Equifax CISO Jamil Farshchi’s three-act, ‘shared fate’ security plan appeared first on Cyberscoop.

Continue reading Equifax CISO Jamil Farshchi’s three-act, ‘shared fate’ security plan→