Patrick Howell O’Neill – Page 25

Yahoo, Equifax still don’t know who was behind their massive hacks

Posted on November 8, 2017 by Patrick Howell O'Neill

Two of the most impactful data breaches in history remain unsolved mysteries. Yahoo’s 2013 breach that impacted all 3 billion of the company’s users remains an open case, former CEO Marissa Mayer told the Senate Commerce Committee on Wednesday, testifying alongside to the interim and former CEOs of Equifax and a senior Verizon executive. Yahoo didn’t even know of the record-setting 2013 breach until a U.S. indictment in November 2016, more than three years later. An FBI investigation of the 2013 breach is ongoing. This year’s Equifax breach has smaller numbers (145 million people affected) but the data stolen is extremely sensitive and may end up causing more harm than Yahoo. Like Yahoo, the interim and former CEOs of Equifax don’t know who breached their company. There are now multiple ongoing federal investigations into both the breach and the company itself, interim CEO Paulino Barros told the committee. Yahoo’s 2014 breach, which impacted 500 million users, […]

The post Yahoo, Equifax still don’t know who was behind their massive hacks appeared first on Cyberscoop.

Continue reading Yahoo, Equifax still don’t know who was behind their massive hacks→

Previously unknown cyber-espionage group has successfully hacked in South America since 2015

Posted on November 7, 2017 by Patrick Howell O'Neill

A previously unknown and sophisticated hacking group has engaged in highly targeted cyber-espionage against a host of South American and Asian governments since at least early 2015, according to new research from Symantec. The hacking group called Sowbug, named after a sneaky but successful critter, has been conducting highly targeted attacks, according to Symantec, against organizations and governments in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia. Judging by the incidents being investigated, Sowbug’s goal appears to be very specific information on foreign policy and diplomacy in South America and Southeast Asia. It’s an exceptional event because this type of espionage is relatively rare in those regions, compared with North America, Europe and other areas of Asia. Sowbug has been successful in attacks against targeted foreign ministries, the U.S.-based Symantec said. The targeted governments and organizations have been informed of the breaches, the company said, and several are currently investigating to see if further […]

The post Previously unknown cyber-espionage group has successfully hacked in South America since 2015 appeared first on Cyberscoop.

Continue reading Previously unknown cyber-espionage group has successfully hacked in South America since 2015→

Most Americans have never heard of multi-factor authentication

Posted on November 7, 2017 by Patrick Howell O'Neill

Most Americans have never heard of two-factor authentication, even as the world’s biggest tech companies are pushing increasingly strong versions of multi-factor authentication in hopes of solving a vast array of cybersecurity problems. According to a new survey from Duo Security, only 28 percent of Americans use two-factor authentication and over 56 percent never heard of the technology before the survey. Just over half (54 percent) of Americans using two-factor authentication began doing so voluntarily. About 45 percent of respondents began because they were forced or incentivized to do so. There may be some good news hidden in these numbers. Of the people who have turned on two-factor authentication, only about 1 percent ended up turning it off. Every one of them cited inconvenience as the reason. Two-factor authentication is a way for people to prove their identity in two ways using something they know (like a password) and something they have (like their phone or a security key). […]

The post Most Americans have never heard of multi-factor authentication appeared first on Cyberscoop.

Continue reading Most Americans have never heard of multi-factor authentication→

U.S. utility EPB will replace Kaspersky software after customer concerns

Posted on November 6, 2017 by Patrick Howell O'Neill

EPB, a publicly owned U.S. power and telecommunications company, is replacing Kaspersky anti-virus as the security software it provides customers because of suspicions from customers and U.S. government officials that the Moscow-based company’s connections to the Russian government pose a security risk. Based in Chattanooga, Tennessee, EPB follows American retail giants like Best Buy and Staples that have removed Kaspersky from their shelves. It’s the first American power company to publicly remove Kaspersky, but FBI briefings around the industry have resulted in utilities — including at least one nuclear power company — privately nixing business deals with the Russian firm, according to one U.S. intelligence official. The FBI has been briefing private sector firms on Kaspersky and pushing American companies to cut ties for some time. “What we started doing since the spring [of 2017] is basically evaluate other options,” John Pless, an EPB spokesman, told CyberScoop. The company is currently looking at McAfee’s anti-virus as a free […]

The post U.S. utility EPB will replace Kaspersky software after customer concerns appeared first on Cyberscoop.

Continue reading U.S. utility EPB will replace Kaspersky software after customer concerns→

U.S. Army and Navy Cyber Mission Force teams declared fully operational a year ahead of schedule

Posted on November 3, 2017 by Patrick Howell O'Neill

The U.S. Army and Navy say their Cyber Mission Force teams are fully operational a full year ahead of the deadline imposed by the Pentagon. The Army’s 41 teams and the Navy’s 40 will perform offensive and defensive missions, including combat support missions and defense of critical infrastructure. They report to U.S. Cyber Command, which validated the Army’s teams on Sept. 28 and Navy’s teams on Oct. 6, officials said Thursday. “Reaching [full operational capability] at this point in the development of the Navy’s CMF teams is a testament to the extraordinary hard work invested in manning our teams and training our personnel,” Navy Vice Adm. Michael Gilday, commander of U.S. Fleet Cyber Command, said in a statement. “Although reaching this milestone is a great accomplishment, the true challenge will be sustaining readiness and the prompt ability to ‘answer all bells’ when directed by U.S. Cyber Command.” The Navy’s force means 1,800 […]

The post U.S. Army and Navy Cyber Mission Force teams declared fully operational a year ahead of schedule appeared first on Cyberscoop.

Continue reading U.S. Army and Navy Cyber Mission Force teams declared fully operational a year ahead of schedule→

National Science Foundation invests $74.5 million into cybersecurity research

Posted on November 3, 2017 by Patrick Howell O'Neill

The National Science Foundation will invest $74.5 million into “foundational research and education” in cybersecurity, the agency announced this week. The investment will come through the NSF’s Secure and Trustworthy Cyberspace program, a federal research effort aimed to promote successful cybersecurity research and development. NSF issued 214 awards to researchers in areas including access control and identity management, cryptography, intrusion detection, human interaction and usability and network topology. Three particular projects top the list with budgets ranging from $1.4 million to $3 million each over five years: Viaduct: A Framework for Automatically Synthesizing Cryptographic Protocols, Andrew Myers, Cornell University Accountable Information Use: Privacy and Fairness in Decision-Making Systems, Anupam Datta, Carnegie Mellon University Investigating the Susceptibility of the Internet Topology to Country-level Connectivity Disruption and Manipulation, Amogh Dhamdhere, University of California, San Diego “The Secure and Trustworthy Cyberspace program is poised to strengthen our nation’s competitive edge through safer and more secure cyber systems, and […]

The post National Science Foundation invests $74.5 million into cybersecurity research appeared first on Cyberscoop.

Continue reading National Science Foundation invests $74.5 million into cybersecurity research→

New bill would transform cybersecurity at Dept. of Health and Human Services

Posted on November 3, 2017 by Patrick Howell O'Neill

A bill aimed to reorganize and sharply focus cybersecurity at the Department of Health and Human Services (HHS) was reintroduced on Wednesday by Rep. Billy Long, R-Miss., and Rep. Doris Matsui, D-Calif. The HHS Cybersecurity Modernization Act comes in response to congressional hearings on the state of cybersecurity in the health care sector. A recent federal task force report on the state of hospital cybersecurity was starkly negative in its diagnosis. “Many organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty,” the task force reported. “These organizations often lack the infrastructure to identify and track threats, the capacity to analyze and translate the threat data they receive into actionable information, and the capability to act on that information.” Critics say the federal effort toward cybersecurity in the health care sector lacks clear leadership and focus. The new legislation would grant the chief information […]

The post New bill would transform cybersecurity at Dept. of Health and Human Services appeared first on Cyberscoop.

Continue reading New bill would transform cybersecurity at Dept. of Health and Human Services→

Israeli firm selling WiFi interception kit that can be used remotely

Posted on November 2, 2017 by Patrick Howell O'Neill

The Wi-Fi interception industry is more competitive than ever as multiple Israeli companies market products that governments can use to break into wireless networks for the purposes of surveillance and further cyberattacks. The Israeli company Jenovice Cyber Labs, founded in 2012 near Tel Aviv by Israeli intelligence veteran Leon Perez, is now marketing two interception products that allow the company’s clients to geolocate targets and intercept Wi-Fi with a tool that can be operated remotely from anywhere in the world. The newest product, a Wi-Fi interception tool known as Piranha, has a maximum range of 700 meters (2100 feet) when used with an external amplifier. An officer in the field will carry or place the small device within range while a remote operator can control the action from any location. Piranha exploits vulnerabilities in WiFi networks, connects an attacker to as many as 50 targeted devices at once, and enables bothg surveillance and man-in-the-middle […]

The post Israeli firm selling WiFi interception kit that can be used remotely appeared first on Cyberscoop.

Continue reading Israeli firm selling WiFi interception kit that can be used remotely→

CIA-backed Recorded Future gets new $25 million investment

Posted on October 31, 2017 by Patrick Howell O'Neill

Threat intelligence firm Recorded Future announced a $25 million round of funding on Tuesday led by Insight Venture Partners. The company, which is based in both the U.S. and Sweden, sells threat intel software to give enterprise customers automated intelligence ready for human or machine consumption and analysis. The platform spits out “Recorded Future Intel Cards” that lay out threat context ranging from a risk score to technical indicators of compromise. The niche the company is best known for is “dark web intelligence.” They employ a small army of researchers to frequent underground forums and give customers real-time views of malware, vulnerabilities, tools and services being discussed in the hacker communities where Recorded Future maintains visibility. Here’s Recorded Future’s overview of their product: Founded in 2009 by CEO Christopher Ahlberg and CTO Staffan Truve, the company says it’s now expanded its reach to 22 industry verticals and handles incident response, vulnerability management and […]

The post CIA-backed Recorded Future gets new $25 million investment appeared first on Cyberscoop.

Continue reading CIA-backed Recorded Future gets new $25 million investment→

Unexplained cyberattacks sow chaos among dark web markets

Posted on October 30, 2017 by Patrick Howell O'Neill

A three-week long wave of cyberattacks against several popular dark web marketplaces has left the notorious underground e-commerce economy drenched in uncertainty and wondering if, like earlier this year, this is a prelude another round of arrests. Just two months after police brought down a slew of the most well-known dark web markets, those left standing can’t quite figure out — nor defeat — who has been behind a three-week long denial-of-service offensive that’s knocked their sites offline. As if looking to further stoke fear and uncertainty, Deputy Attorney General Rod Rosenstein recently spoke in Washington, D.C. on how the Department of Justice is continuing to target crime on the dark web. Deputy AG Rosenstein said today the DOJ is focusing in on dark net markets. pic.twitter.com/Ms4kvMdmAK — Patrick O’Neill (@HowellONeill) October 25, 2017 Paranoia haunts the mood of those who remain as many wait for the next looming law enforcement sting. Those actions have sown a deep distrust […]

The post Unexplained cyberattacks sow chaos among dark web markets appeared first on Cyberscoop.

Continue reading Unexplained cyberattacks sow chaos among dark web markets→