Author Archives: Patrick Howell O'Neill

Treasury Department sanctions Iranians for cyberattacks

Posted on by

The U.S. Treasury Department on Thursday announced sanctions against 11 entities for supporting Iran’s Islamic Revolution Guard Corps and alleged attacks against the U.S. financial system. The targets of the sanctions are the Sadid Caran Saba Engineering Company (SABA) which is accused of providing support for Iran’s ballistic missile program, the Khors Aircompany and Dart Airlines, which are accused of illegally procuring American airplanes, individuals from ITSec Team for roles in denial of service attacks against U.S. financial institutions and individuals from Mersad Co. for “causing a significant disruption to the availability of a computer or network of computers.” “Treasury will continue to take strong actions to counter Iran’s provocations, including support for the IRGC-Qods Force and terrorist extremists, the ongoing campaign of violence in Syria, and cyber-attacks meant to destabilize the U.S. financial system,” Treasury Secretary Steven Mnuchin said in a release. ITSec Team and Mersad Co. are private […]

The post Treasury Department sanctions Iranians for cyberattacks appeared first on Cyberscoop.

Continue reading Treasury Department sanctions Iranians for cyberattacks

Congress invites Eugene Kaspersky to address claims about his company’s products

Posted on by

Congress has officially invited Eugene Kaspersky, the CEO of the Moscow-based cybersecurity company that bears his name, to testify before the House Science, Space and Technology Committee about the security of his company’s products. The hearing will focus on the risks Kaspersky products pose to U.S. information systems. The hearing is scheduled to take place on Sept. 27. Kaspersky offered to testify in front of Congress earlier this year on this subject.  The hearing, if it takes place, will garner a lot of attention due to the growing tension between Kaspersky and the U.S. government. “We want the government, our users and the public to fully understand that having Russian roots does not make us guilty,” he wrote in a blog post in June. On Wednesday, the Department of Homeland Security ordered federal agencies to remove Kaspersky products from federal networks within 90 days. Sen. Jeanne Shaheen, D-N.H., has been a vocal supporter a Kaspersky […]

The post Congress invites Eugene Kaspersky to address claims about his company’s products appeared first on Cyberscoop.

Continue reading Congress invites Eugene Kaspersky to address claims about his company’s products

AppGuard gets $30 million investment, wraps it in a boast

Posted on by

The Japanese-owned endpoint security company AppGuard announced Thursday it had taken in a $30 million investment led by Japan’s JTB Corporation. The new injection of cash comes just three months after AppGuard’s parent company, Japan’s Blue Planet-works, took in a $50 million investment as part of a “relaunch” effort focused around Black Hat USA 2017. AppGuard also will have a new CEO in control. Jon Loew, previously the CEO of secure video messaging service KeepTree, will now be the top executive at AppGuard. The company consists of about 25 total employees and executives. The new investments come with the notable claim, via a company press release, that the “revolutionary” technology “prevents all endpoint breaches.” That kind of extremely strong language is bound to raise eyebrows. When asked to explain the boast, Loew said that no one using AppGuard’s system has ever, to the company’s knowledge, been breached. He added, however, that “anyone who would make a guarantee for […]

The post AppGuard gets $30 million investment, wraps it in a boast appeared first on Cyberscoop.

Continue reading AppGuard gets $30 million investment, wraps it in a boast

Equifax CEO called to testify before Congress about breach

Posted on by

Equifax’s chief executive was formally invited Wednesday to testify Oct. 3 before Congress by top members of the House Energy and Commerce Committee. The invitation to Chairman and CEO Richard F. Smith comes less than a week after Equifax, a massive multinational credit reporting company, announced a data breach affecting up to 143 million Americans. “We look forward to hearing directly from Mr. Smith on this unprecedented breach that has raised serious questions about the security of consumers’ personal information,” full committee Chairman Greg Walden, R-Ore., and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta, R-Ohio, said in a statement. “We know members on both sides of the aisle appreciate Mr. Smith’s willingness to come before the committee and explain how our constituents might be impacted and what steps are being taken to rectify this situation.” The committee has jurisdiction over the Federal Trade Commission and Consumer Financial Protection Bureau, two of the agencies […]

The post Equifax CEO called to testify before Congress about breach appeared first on Cyberscoop.

Continue reading Equifax CEO called to testify before Congress about breach

$1 million bounty offered for Tor Browser zero-day exploits

Posted on by

Zerodium, a hacking company that sells exploits to governments around the world, is now offering $1 million for previously undiscovered vulnerabilities in the Tor web browser. The top prize, a $250,000 bounty, requires a researcher to be able to demonstrate a remote code exploit against Tor while the browser is at its highest security settings on either Windows 10 or the security-focused operating systems TAILS. The attack vector has to be a website targeting the Tor Browser. The Tor browser anonymizes web traffic, encrypting it between computers known as nodes. The network’s architecture makes determining the origin of traffic extremely difficult. The section of the internet known as the “dark web” is only accessible via the Tor browser. The six-figure prize comes weeks after Zerodium placed $500,000 bounties on secure messenger applications, like Signal, Telegram and WhatsApp. The highest single bounty offered by the company is $1.5 million for an iPhone zero-day vulnerability […]

The post $1 million bounty offered for Tor Browser zero-day exploits appeared first on Cyberscoop.

Continue reading $1 million bounty offered for Tor Browser zero-day exploits

DHS bans Kaspersky from U.S. government networks

Posted on by

The Department of Homeland Security has asked federal agencies to remove all Kaspersky products from federal networks within the next 90 days, according to a new binding operation directive issued Wednesday by Acting Secretary of Homeland Security Elaine Duke. “The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems,” Homeland Security’s statement reads. The ban is being justified “based on the information security risks presented by the use of Kaspersky products on federal information systems” and concern over “the ties between certain […]

The post DHS bans Kaspersky from U.S. government networks appeared first on Cyberscoop.

Continue reading DHS bans Kaspersky from U.S. government networks

BlueBorne: The latest Bluetooth vulnerability that impacts billions of devices

Posted on by

A series of major Bluetooth-related security flaws allows attackers to take over devices, spy on data and networks, spread malware and successfully hack even airgapped targets. Victims don’t need to click on links, download malicious files or even be connected to the internet to be impacted. Billions of devices, including smartphones, connected TVs, laptops and watches are impacted. At least two billion such Android and Linux devices are deemed “unpatchable” and will remain vulnerable, according to researchers at Armis, the Israeli security firm where the issue was discovered in early 2017. The weakness is being called “BlueBorne” because it impacts nearly all devices with Bluetooth capabilities.  Google, Microsoft and Linux are expected to release patches and announcements on Tuesday to address and secure devices against BlueBorne. For Apple users, the issue has been fixed since iOS 10’s release in Sept. 2016. BlueBorne constitutes eight zero-day vulnerabilities, four of which are deemed critical. Beyond Tuesday, […]

The post BlueBorne: The latest Bluetooth vulnerability that impacts billions of devices appeared first on Cyberscoop.

Continue reading BlueBorne: The latest Bluetooth vulnerability that impacts billions of devices

Meet Berla, the little-known company that can pull smartphone data from your car

Posted on by

Late morning on Jan. 7, 2015, a black Citroën C3 arrived in front of Charlie Hebdo’s headquarters at 10 Rue Nicolas-Appert in Paris. Two men stepped out dressed in black, toting Kalashnikov assault rifles and a long list of people to kill. That was the beginning of a historic terrorist massacre and subsequent battle with police that left 12 dead and left much of the world wondering how it happened. Police immediately turned to the digital evidence trail, including the Citroën C3. A French supermini, the C3 is advertised as a “smart car,” meaning it creates mountains of data waiting to be analyzed by anyone who can figure out how to gain access. In order to obtain that evidence, French authorities turned to Berla Corporation, a little-known Maryland-based cybersecurity company that works with and receives funding from the Department of Homeland Security’s Science and Technology Cybersecurity Division. Berla’s flagship product is Project […]

The post Meet Berla, the little-known company that can pull smartphone data from your car appeared first on Cyberscoop.

Continue reading Meet Berla, the little-known company that can pull smartphone data from your car

Best Buy removes Kaspersky from store offerings

Posted on by

The American retail giant Best Buy will no longer sell software from the Moscow-based security company Kaspersky amid escalating tension over the U.S. government’s claims that the company shares information with Russian intelligence agencies. “Kaspersky Lab and Best Buy have suspended their relationship at this time; however, the relationship may be re-evaluated in the future,” a Kaspersky Lab spokesperson told CyberScoop. “Kaspersky Lab has enjoyed a decade-long partnership with Best Buy and its customer base, and Kaspersky Lab will continue to offer its industry-leading cybersecurity solutions to consumers through its website and other retailers.” The FBI has been pushing the American private sector to cut ties with Kaspersky since last year. Federal agents have held meeting with representatives from numerous industries and companies, outlining the threat the FBI says Kaspersky poses to American cybersecurity. Best Buy confirmed the decision to CyberScoop on Friday afternoon. “Best Buy will allow customers who […]

The post Best Buy removes Kaspersky from store offerings appeared first on Cyberscoop.

Continue reading Best Buy removes Kaspersky from store offerings

Member of group who hacked CIA director’s email is sentenced to 5 years in prison

Posted on by

A member of the hacking group “Crackas With Attitude” was sentenced to five years in prison Friday after pleading guilty to conspiracy to hack U.S. government computer systems and accounts. Victims included more than ten U.S. government officials including the then-director of the CIA John Brennan. Justin Liverman, a 25-year-old who was known under the online alias “D3F4ULT,” pleaded guilty on Jan. 6. His sentence is the maximum allowed under the statute. Liverman will also be forced to pay $145,000 in restitution. The sentencing comes exactly one year after the Justice Department announced the arrest of Liverman and Andrew Otto Boggs, otherwise known as “INCURSIO,” for their involvement with Crackas With Attitude. The pair hacked into organizations under the group’s banner between October 2015 and February 2016. Boggs was sentenced to two years in prison for his role. Emails from Brennan’s America Online account showed up on WikiLeaks in October 2015, including a security clearance questionnaire […]

The post Member of group who hacked CIA director’s email is sentenced to 5 years in prison appeared first on Cyberscoop.

Continue reading Member of group who hacked CIA director’s email is sentenced to 5 years in prison