Patrick Howell O’Neill – Page 16

Drones emerge as new dimension in cyberwar

Posted on February 5, 2018 by Patrick Howell O'Neill

It sounds a little bit sci-fi, but make no mistake: The next front in cyberwar is literally above your head. Military technology companies from around the world are rushing to design, build and sell drones that hack and track, while others want to own the business of hacking of the drones themselves. The burgeoning market is foreshadowing battles that could play out in the skies and, for some companies, bring significant profits. It’s an immature set of technologies — lots of marketing, precious few finished products — but there is a growing appetite for them. “This market is about to blow up,” said Francis Brown, a partner at the cybersecurity consultancy Bishop Fox. “Everybody’s trying to grab market share. The next year or two is going to decide who will become Pepsi and Coke out of all these products.” As an act of research, as opposed to selling a product, Brown and Bishop Fox […]

The post Drones emerge as new dimension in cyberwar appeared first on Cyberscoop.

Continue reading Drones emerge as new dimension in cyberwar→

Norton takes over Pentagon’s network defense headquarters and DISA

Posted on February 2, 2018 by Patrick Howell O'Neill

On the same day U.S. Cyber Command’s network defense headquarters became fully operational, Navy Vice Adm. Nancy A. Norton assumed command of the Joint Force Headquarters – Department of Defense Information Network (JFHQ-DODIN) and became director of of the Defense Information Systems Agency (DISA) on Thursday. Lt. Gen. Alan Lynn retired this week as director of DISA. Norton’s command began at a ceremony Fort Meade in Maryland, the home of U.S. Cyber Command and the National Security Agency and DISA among other agencies. “I look at this audience and I think to myself, ‘Man, if you are doing anything in [information technology], networks, cyber … you are here today,” Adm. Mike Rogers, director of the NSA and Cyber Command, said at the opening of the ceremony. Norton reports directly to Rogers. Rogers will retire this spring after a tumultuous four year command. Lt. Gen. Paul Nakasone, currently the head of U.S. Army Cyber Command, is expected to […]

The post Norton takes over Pentagon’s network defense headquarters and DISA appeared first on Cyberscoop.

Continue reading Norton takes over Pentagon’s network defense headquarters and DISA→

Russian spammer and hacker Peter Levashov extradited to United States

Posted on February 2, 2018 by Patrick Howell O'Neill

A year-long battle over the fate of one of the world’s most prolific spammers ended Friday when Spain extradited Russian hacker Peter Levashov to the United States. Levashov, who was arrested while on vacation in April 2017, is accused of being behind a massive botnet that pumped out a torrent of spam emails for profit. He’s charged with fraud and unauthorized interception of electronic communications. Spain’s National Police handed Levashov to U.S. Marshals on Friday. The counter-extradition request from Russia was rejected. The U.S. and Russia have spent the last year battling over his extradition. Russian authorities have accused the U.S. of “hunting” and “kidnapping” Russian citizens, while Levashov’s lawyers say the “political” debate between Russia and the U.S. is tainting the case. But U.S. law enforcement’s longstanding strategy to extradite accused cybercriminals dates back to the George W. Bush administration. American officials have claimed that U.S. efforts to arrest Levashov in Russia were […]

The post Russian spammer and hacker Peter Levashov extradited to United States appeared first on Cyberscoop.

Continue reading Russian spammer and hacker Peter Levashov extradited to United States→

Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches

Posted on February 1, 2018 by Patrick Howell O'Neill

Medical supplies giant Fresenius Medical Care North America (FMCNA) agreed to pay $3.5 million to U.S. federal regulators after five separate data breaches in 2012. The U.S. Department of Health and Human Services Office for Civil Rights levied the fine along with a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. A federal investigation found the company failed to conduct an accurate risk analysis of vulnerabilities to its protected information. FMCNA filed five breach reports in January 2013 covering incidents from February-July 2012 impacting the electronic protected health information for five FMCNA-owned branches across the United States. The list of violations is long. One branch didn’t encrypt sensitive information, another had no policies around removing hardware from facilities, two businesses had no safeguards against unauthorized access or theft while yet another had no procedure to address security incidents, according to the federal investigation. “The number of breaches, involving […]

The post Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches appeared first on Cyberscoop.

Continue reading Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches→

Pentagon’s network defense headquarters is fully operational

Posted on February 1, 2018 by Patrick Howell O'Neill

U.S. Cyber Command’s network defense headquarters is fully operational, the Department of Defense announced on Wednesday. Joint Force Headquarters Department of Defense Information Network (also known as JFHQ-DoDIN) has been building since 2014 when it aimed to have around 219 staff for full operations. It now defends about 15,000 networks with 3 million users. The organization is meant to command and control Pentagon network operations worldwide. If that sounds like a massively broad mission, here are two slides from a Pentagon presentation defining the organization: JFHQ-DoDIN reached initial operating capacity in January 2015 when it gained authority over the 39 military organizations it works with, including all combatant commands, all defense agencies and field activities as well as service cyber components. In November, the U.S. Army and Navy announced their Cyber Mission Force teams were fully operational a year ahead of the deadline imposed by the Pentagon. The rest of the teams, totaling 133, are […]

The post Pentagon’s network defense headquarters is fully operational appeared first on Cyberscoop.

Continue reading Pentagon’s network defense headquarters is fully operational→

Pentagon’s network defense headquarters is fully operational

Posted on February 1, 2018 by Patrick Howell O'Neill

The post Pentagon’s network defense headquarters is fully operational appeared first on Cyberscoop.

Continue reading Pentagon’s network defense headquarters is fully operational→

Monero mining botnet ‘Smominru’ earns hackers $3.6 million

Posted on January 31, 2018 by Patrick Howell O'Neill

A global botnet dubbed “Smominru” has been secretly mining Monero on infected machines and making millions of dollars for its owners, according to research from Proofpoint. The operators have mined about 8,900 Monero valued at up to $3.6 million at a rate of 24 Monero ($8,500) per week. Researchers have watched the Smominru botnet spread since May 2017. Now including over 526,000 infected Windows hosts, Smominru uses EternalBlue, a Windows exploit developed by the NSA and leaked by the hacking group Shadow Brokers. The Smominru botnet’s command and control infrastructure is hosted behind SharkTech, a hosting and DDoS protection service, that reportedly ignored repeated abuse notification. SharkTech did not respond to a request for comment. “This Monero mining botnet is extremely large, made up mostly of Microsoft Windows servers spread around the globe,” Kevin Epstein, a vice president of threat operations at Proofpoint, said in a release. “Taking down the botnet is very difficult […]

The post Monero mining botnet ‘Smominru’ earns hackers $3.6 million appeared first on Cyberscoop.

Continue reading Monero mining botnet ‘Smominru’ earns hackers $3.6 million→

Google killed 700,000 malicious apps in the Play Store in 2017

Posted on January 31, 2018 by Patrick Howell O'Neill

If it seems like every day there is news of a malicious Android app being removed from the Google Play Store, your assumption is actually wrong. It’s closer to 2,000 apps per day. Google removed 700,000 malicious apps from the Google Play Store in 2017, according to Android product manager Andrew Ahn. That number represents a 70 percent increase over the previous year due in part to the increasing role of machine learning in detecting malware. “Not only did we remove more bad apps, we were able to identify and action against them earlier,” Ahn wrote. “99 percent of apps with abusive contents were identified and rejected before anyone could install them.” Despite the increase in removals, the operating system’s security tool, Android Play Protect, earned mediocre marks in tests against rivals. Android is by far the most popular mobile operating system in world, commanding well over 80 percent of the market […]

The post Google killed 700,000 malicious apps in the Play Store in 2017 appeared first on Cyberscoop.

Continue reading Google killed 700,000 malicious apps in the Play Store in 2017→

Israel accounts for 16 percent of global cybersecurity investment, second only to U.S.

Posted on January 31, 2018 by Patrick Howell O'Neill

Israel’s cybersecurity industry raised $814.5 million in venture capital and private equity investment in 2017, a 28 percent rise over 2016 that brings the country to second only to the United States, according to research by Start-Up Nation Central. Centered in Tel Aviv, Israeli cybersecurity companies account for 16 percent of industry investment overall as of 2017, a major growth since 2014 when that number was around five to ten percent. “Once it was a disadvantage to say you are from Israel,” Prime Minister Benjamin Netanyahu said earlier this year. “Today when you talk about cyber or advanced technologies, it is an advantage. It is advantage to say ‘I am an Israeli company.’” Israel punches well above its weight class in cybersecurity due in large part to the pipeline provided by Israel’s mandatory military service as well as support from the Israeli government. The industry is so popular within the country that its contributing […]

The post Israel accounts for 16 percent of global cybersecurity investment, second only to U.S. appeared first on Cyberscoop.

Continue reading Israel accounts for 16 percent of global cybersecurity investment, second only to U.S.→

Firefox vulnerability allowing for arbitrary code execution is fixed

Posted on January 31, 2018 by Patrick Howell O'Neill

A critical vulnerability in Firefox that allowed an attacker to remotely execute code if a user opens a malicious document or link has been patched, Mozilla announced Monday. The bug presented possible attackers with an incredibly potent phishing tool for common attacks like ransomware. “The vulnerability is due to insufficient sanitization of HTML fragments in chrome-privileged documents by the affected software,” according to a Cisco brief. “An attacker could exploit the vulnerability by persuading a user to access a link or file that submits malicious input to the affected software. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the user. If the user has elevated privileges, the attacker could compromise the system completely.” The flaw received an 8.8 score on the Common Vulnerability Scoring System, a global standard run by the industry group FIRST. It affects Firefox versions 56, 57 and 58.0.0. Firefox version 58.0.1 fixes the problem. Mozilla developer Johann Hofmann discovered […]

The post Firefox vulnerability allowing for arbitrary code execution is fixed appeared first on Cyberscoop.

Continue reading Firefox vulnerability allowing for arbitrary code execution is fixed→