Patrick Howell O’Neill – Page 27

“Hacking back” legislation is back in Congress

Posted on October 13, 2017 by Patrick Howell O'Neill

A bill legalizing companies’ ability to “hack back” after they’ve been attacked is back on track after months of feedback. Let’s unpack. Reps. Tom Graves, R-Ga., and Kyrsten Sinema, D-Ariz., introduced a modified Active Cyber Defence Certainty (ACDC) Act on Friday allowing companies to “hack back” against hackers in an effort to identify and stop cyberattacks. The ACDC amends the Computer Fraud and Abuse Act (CFAA), which makes it illegal to access computers without authorization. Companies and individuals would be granted the right to “active defense” using various ways to identify, disrupt and possibly even destroy data in the name of “hacking back.” “These changes reflect careful analysis and many thoughtful suggestions from a broad spectrum of industries and viewpoints,” Graves said in a statement. “I thank everyone who helped sharpen this idea and improve the legislation. I look forward to continuing the conversation and formally introducing ACDC in the next few weeks.” […]

The post “Hacking back” legislation is back in Congress appeared first on Cyberscoop.

Continue reading “Hacking back” legislation is back in Congress→

Klobuchar urges DHS to ensure no Kaspersky software is on U.S. election systems

Posted on October 12, 2017 by Patrick Howell O'Neill

Sen. Amy Klobuchar, D-Minn., wrote a letter to the Department of Homeland Security urging the agency to ensure no Kaspersky software is on U.S. election systems. The letter was published days after a series of incendiary reports alleged Russian intelligence services used Kaspersky antivirus software to steal sensitive U.S. government information. “As we continue to receive reports that the Kremlin may have accessed classified national security information through Kaspersky Lab software, it is imperative that we take all necessary steps to prevent future cyberattacks,” Klobuchar wrote. “The Department’s recent decision requiring all federal agencies to remove Kaspersky software from government computers is an important first step towards addressing the potential vulnerabilities our networks face. Now, we must also ensure that state and local government officials are aware of these threats and have the guidance and resources needed to remove Kaspersky software from their networks. This is especially necessary where officials maintain […]

The post Klobuchar urges DHS to ensure no Kaspersky software is on U.S. election systems appeared first on Cyberscoop.

Continue reading Klobuchar urges DHS to ensure no Kaspersky software is on U.S. election systems→

Kaspersky’s North American operations undergoes shuffle; head of PR leaves company

Posted on October 11, 2017 by Patrick Howell O'Neill

Kaspersky Lab, the Moscow-based cybersecurity firm at the heart of an international controversy, is in the middle of a staff reshuffling at its North American offices. The biggest public-facing personnel loss is Jennifer Wood, the head of Kaspersky’s corporate communications in North America and a self-described crisis communications professional. The company’s North American operation also recently added new faces to several key positions, including Don Kaye as the new EVP of regional development in North America and Jason Stein as the new VP of all North American sales. With the recent federal goverment ban, private sector removals and charges that Russian intelligence uses Kaspersky as a spying tool, Kaye and Stein face mounting challenges in their new roles. “After 20 years in business, we’ve learned that executive departures are a routine part of operations,” Kaspersky told CyberScoop. “Kaspersky Lab is fortunate to have a veteran leadership team that will continue driving the region to achieve its goals this […]

The post Kaspersky’s North American operations undergoes shuffle; head of PR leaves company appeared first on Cyberscoop.

Continue reading Kaspersky’s North American operations undergoes shuffle; head of PR leaves company→

Russian cybercrime suspect’s extradition to be decided by Greek government

Posted on October 11, 2017 by Patrick Howell O'Neill

The battle between the United States and Russia over Russian cybercrime suspect Alexander Vinnik’s extradition from Greece was complicated on Wednesday when a Greek court ruled in favor of the Russian effort to extradite Vinnik over the U.S. effort. Russian media outlet RIA Novosti reports that Vinnik will face charges of fraud in Russia on the scale of around $11,000. This week’s ruling follows another ruling by a separate panel of Greek judges that agreed to send Vinnik to the U.S., which seeks to extradite him on charges that he ran the cryptocurrency exchange BTC-e and engaged in money laundering to the tune of $4 billion. Vinnik’s fate will fall to Greece’s Supreme Court where a hearing will take place within the next three weeks. Greece’s justice minister Nikos Paraskevopoulos has the final say in where Vinnik ends up. Vinnik, 37, pleaded not guilty all charges. He has repeatedly fought for extradition to Russia where he faces far less serious […]

The post Russian cybercrime suspect’s extradition to be decided by Greek government appeared first on Cyberscoop.

Continue reading Russian cybercrime suspect’s extradition to be decided by Greek government→

Attivo Networks raises $21 million Series C funding on strength of ‘deception’ cybersecurity

Posted on October 11, 2017 by Patrick Howell O'Neill

The cybersecurity firm Attivo Networks raised a $21 million Series C round of funding led by Trident Capital Cybersecurity and with participation from Omidyar Technology Ventures and Bain Capital Ventures, the firm announced Wednesday. Attivo sells “deception” cybersecurity technology designed to lure attackers into revealing their presence on targeted networks. The technique, akin to a hall of mirrors, places fake machines and production assets within an enterprise’s actual network. They run real operating systems and contain credentials, ransomware bait and other lures in order to tempt the attacker to act. Anything from ATMs, medical devices, point-of-sale systems and servers can be imitated and monitored. The funding comes quick on the heels of a $15 million Series B round in May and $45.7 million in overall investment. Attivo was founded in 2011 in Fremont, California. It’s one of many companies embracing the philosophy that preventing breaches is virtually impossible, so detecting attackers quickly and effectively should be a […]

The post Attivo Networks raises $21 million Series C funding on strength of ‘deception’ cybersecurity appeared first on Cyberscoop.

Continue reading Attivo Networks raises $21 million Series C funding on strength of ‘deception’ cybersecurity→

Critical Windows DNS vulnerability gives hackers the ‘keys to the kingdom’

Posted on October 10, 2017 by Patrick Howell O'Neill

A critical vulnerability affecting millions of Windows users allows an attacker to potentially insert malicious payloads, execute arbitrary code with the permission of an application like a web browser or any software that uses DNS, and take complete control over a target computer or server. The vulnerability, discovered by researcher Nick Freeman at cybersecurity firm Bishop Fox, impacts the DNS client in Windows 8 and Windows 10, as well as Windows Server 2012 through 2016. A huge range of software conducts DNS requests for everything from web browsing to streaming media. Stepping in the middle of a target and DNS server, an attacker can respond to a request with malicious data to trigger the vulnerability. Microsoft published a fix in the October 2017 instance of Patch Tuesday, the monthly round of software updates pushed out by the tech giant. There is no indication that the vulnerability has been exploited in the wild. […]

The post Critical Windows DNS vulnerability gives hackers the ‘keys to the kingdom’ appeared first on Cyberscoop.

Continue reading Critical Windows DNS vulnerability gives hackers the ‘keys to the kingdom’→

The confrontation that fueled the fallout between Kaspersky and the U.S. government

Posted on October 10, 2017 by Patrick Howell O'Neill

The United States’ hostile relationship with Moscow-based cybersecurity firm Kaspersky Lab may have been partially shaped by an incident two years ago in which an eyebrow-raising Kaspersky sales pitch eventually led to a secret and previously undisclosed confrontation between Russian intelligence and the CIA. The confrontation, which ended in Russia’s domestic intelligence agency issuing a diplomatic démarche, was the result of the U.S. government’s intrusive treatment of the Russian company and helped set off a chain of events that is still unfolding today, according to multiple people with knowledge of the matter. These officials spoke to CyberScoop anonymously in order to freely discuss the sensitive nature of the ongoing saga. In the first half of 2015, Kaspersky was making aggressive sales pitches to numerous U.S. intelligence and law enforcement agencies, including the FBI and NSA, multiple U.S. officials told CyberScoop. The sales pitch caught officials’ attention inside the FBI’s Counterterrorism Division […]

The post The confrontation that fueled the fallout between Kaspersky and the U.S. government appeared first on Cyberscoop.

Continue reading The confrontation that fueled the fallout between Kaspersky and the U.S. government→

Young Israelis increasingly opt for cyber service and contribute to combat troop shortage

Posted on October 9, 2017 by Patrick Howell O'Neill

The Israeli military’s cyber units have a reputation as some of the world’s most effective. All of a sudden, that’s a problem. A reported shortage of combat troops is being exacerbated by Israeli draftees opting more and more for the IDF’s cybersecurity efforts instead of combat roles, the Israeli newspaper Haaretz reported on Friday. The IDF’s cyber roles are safe, prestigious postings that have been boosted by a deliberate and long-running public relations campaign from the government. “The IDF may need many more cyberexperts, but not in the numbers that the education system producing,” a senior officer in the Manpower Directorate told Haaretz. “We don’t need so many mathematicians and not every one of them has the characteristics that meet the needs of the intelligence branch, which often looks for other personal characteristics among the draftees for its units. Israeli society is struggling to accept this, and the army is portrayed as being deaf, […]

The post Young Israelis increasingly opt for cyber service and contribute to combat troop shortage appeared first on Cyberscoop.

Continue reading Young Israelis increasingly opt for cyber service and contribute to combat troop shortage→

Disqus confirms 2012 database breach impacting 17.5 million users

Posted on October 9, 2017 by Patrick Howell O'Neill

Disqus confirmed a 2012 database breach on Friday impacting some data for 17.5 million users and including information dating back to 2007. “The snapshot includes email addresses, Disqus user names, sign-up dates, and last login dates in plain text for 17.5mm users,” Jason Yan, the company’s CTO, wrote in a blog post. “Additionally, passwords (hashed using SHA1 with a salt; not in plain text) for about one-third of users are included.” The company, which builds a commenting system for news websites, was notified on Thursday by security researcher Troy Hunt. Hunt runs the data breach notification website Have I Been Pwned. No plain text passwords were exposed but, as a precaution, all affected users had their passwords reset and Disqus is recommending changing any related password. The company does “not believe that this data is widely distributed or readily available.”

The post Disqus confirms 2012 database breach impacting 17.5 million users appeared first on Cyberscoop.

Continue reading Disqus confirms 2012 database breach impacting 17.5 million users→

Cellebrite: Hacking into iPhones is harder than ever

Posted on October 6, 2017 by Patrick Howell O'Neill

The government may never reveal the name of the company that helped the FBI hack into the iPhone 5c that belonged to the man responsible for the San Bernardino shooting, but conventional wisdom along with media reports point to one company capable of that task: Cellebrite. The multimillion-dollar Israeli company is the worldwide leader in cracking locked phones and extracting all the data. Over the past two years, Cellebrite has run a smooth, lucrative operation. They operate a network of laboratories to research zero-day vulnerabilities and they sell their closely-guarded capabilities to companies and governments ranging from democratic to authoritarian. Six months ago, Cellebrite’s director of forensic research announced they were creeping up on the latest Apple models and were capable of hacking into the iPhone 6 and 6+. Now the company is beginning to change their message: Their ability to crack iPhones is diminishing. In a recent sales presentation, Dan Embury, the technical director of Cellebrite Advanced Investigative […]

The post Cellebrite: Hacking into iPhones is harder than ever appeared first on Cyberscoop.

Continue reading Cellebrite: Hacking into iPhones is harder than ever→