Author Archives: Patrick Howell O'Neill

Mike Potts to take over as CEO at Webroot

Posted on by

U.S. antivirus and cybersecurity company Webroot will have a new CEO by the end of the month after Dick Williams, 73, retires after eight years at the helm. Mike Potts, previously an executive at Cisco, takes over Sept. 25. Colorado-based Webroot, founded in 1997, employs 680 people globally and brought on a new CISO, Gary Hayslip, in April 2017. Before Cisco, Potts served as CEO of the network security company Lancope and CEO of Motorola AirDefense (now the IoT security company 802 Secure). The balance sheet has seen little but good news of late for Webroot, which reported an ongoing streak of 14 consecutive quarters of double-digit growth under Williams. Under his leadership, Williams expanded the business to include endpoint security, network security and threat intelligence services. Potts will be building Webroot’s threat intelligence business along with building the company’s managed service provider work for small to medium-sized businesses. The consumer market is also viewed […]

The post Mike Potts to take over as CEO at Webroot appeared first on Cyberscoop.

Continue reading Mike Potts to take over as CEO at Webroot

Charges of political hacking emerge as major German federal election approaches

Posted on by

It just wouldn’t be a modern day election without the possibility of cyberattacks and international conflict casting a shadow over the process. With the German federal election approaching on Sept. 24, a political ally of Chancellor Angela Merkel said her website was the subject of around 3,000 attempted cyber attacks in the run up to Sunday’s crucial televised debate. Julia Kloeckner, vice chairman of Merkel’s Christian Democratic Union (CDU) party, did not explain the nature of the attacks but said “many of the senders have Russian IP addresses.” Germany’s Federal Office for Information Security (BSI) confirmed to CyberScoop they are in contact with CDU over the alleged attacks but could not discuss specific details. The party did not respond to inquiries about the exact nature of the attacks. The vagueness left experts wondering if the thousands of “attacks” are actually something far less severe such as vulnerability scans or a denial of service […]

The post Charges of political hacking emerge as major German federal election approaches appeared first on Cyberscoop.

Continue reading Charges of political hacking emerge as major German federal election approaches

Israeli startup Axonius gets $4 million in seed funding

Posted on by

Axonius, a cybersecurity firm founded and staffed largely by veterans of Israel’s military and intelligence agencies, raised $4 million in seed funding, the company announced Wednesday. The platform aims to give “visibility and control over all types and numbers of devices” to enterprises at a time when just  knowing all the devices on a corporate network is considered a tricky issue. The Axonius platform is billed as a central standard interface, CEO Dean Sysman told CyberScoop, that enables, for instance, an easy password policy change across devices. “Whether it’s Linux servers in the cloud or corporate employee’s laptops running Windows, I would do it all in the same fashion within the same plugin and the platform would know how to use the infrastructure that manages that device,” Sysman said. The company’s three founders include Sysman, previously the CTO at Cymmetria and a security researcher in the IDF’s intelligence corps; CTO […]

The post Israeli startup Axonius gets $4 million in seed funding appeared first on Cyberscoop.

Continue reading Israeli startup Axonius gets $4 million in seed funding

‘Nation-state’ hackers increase sabotage attempts aimed at Western energy companies

Posted on by

A nation-state caliber hacking group known as Dragonfly is actively and successfully targeting U.S. and European energy companies in a campaign stretching back to 2015, gained unprecedented access to operational systems of Western power companies. Researchers for Symantec who discovered the campaign warn that “the group now potentially has the ability to sabotage or gain control of these systems should it decide to do so.” Dragonfly is an advanced persistent threat group that’s been attributed to Russia. The group is also known as Energetic Bear, Koala and Iron Liberty. The group first came onto the scene in 2010 operated in secrecy until it was spotted in 2014 by the security firms Crowdstrike, FireEye and Symantec. The group’s goal then and now has appeared to be surveillance and access to the oil, gas and energy industry in the U.S., Turkey and Switzerland. The group has spiked its level of hacking activity in 2017. […]

The post ‘Nation-state’ hackers increase sabotage attempts aimed at Western energy companies appeared first on Cyberscoop.

Continue reading ‘Nation-state’ hackers increase sabotage attempts aimed at Western energy companies

Apache Struts vulnerability lets hackers execute malicious code on corporate servers

Posted on by

A severe security vulnerability in server software allows hackers to remotely execute malicious code in unpatched software protecting a wide swath of the richest private enterprises in the world. Apache Struts, an open-source framework for developing Java web applications, was discovered to have a remote code execution vulnerability. Discovered using lgtm, a free software engineering analytics tool launched last year, All web apps using Struts’ REST plugin are vulnerable. The 2.5.13 patch for Struts that addresses the issue, which launched just under two months after first disclosure, was released on Tuesday. Experts recommend patching immediately, but the challenges and typical speed of that process, especially in large enterprises, suggest it could be some time before all the firms involved have secured their systems. “The Struts framework is used by an incredibly large number and variety of organizations,” Man Yue Mo, an lgtm security researcher who discovered the vulnerability, said. “This vulnerability poses a huge risk, because […]

The post Apache Struts vulnerability lets hackers execute malicious code on corporate servers appeared first on Cyberscoop.

Continue reading Apache Struts vulnerability lets hackers execute malicious code on corporate servers

Charter Communications is assessing damage in ‘massive’ 600gb data leak

Posted on by

Approximately 600 gigabytes of data containing 4 million records that held sensitive information on Time Warner Cable customers were mistakenly available to the public, a security firm discovered in August. Kromtech Security Center announced on Friday that it found two Amazon Web Services S3 bucket repositories containing private information but lacking a password. The buckets are likely connected to BroadSoft, Inc., an IT infrastructure firm active in 80 countries. The company is reportedly exploring a billion-dollar sale and its stock price is soaring. BroadSoft did not respond to a request for comment. The publicly available data spans from Nov. 2010 to July 2017. The trove contains access credentials, access logs, usernames, transaction IDs, MAC addresses, serial numbers, account numbers, billing addresses, phone numbers and more. Due to the “massive amount of sensitive information” in the repository, it would “take weeks to fully sort through all the data,” according to Kromtech’s researchers. “In this […]

The post Charter Communications is assessing damage in ‘massive’ 600gb data leak appeared first on Cyberscoop.

Continue reading Charter Communications is assessing damage in ‘massive’ 600gb data leak

Charter Communications is assessing damage in ‘massive’ 600gb data leak

Posted on by

Approximately 600 gigabytes of data containing 4 million records that held sensitive information on Time Warner Cable customers were mistakenly available to the public, a security firm discovered in August. Kromtech Security Center announced on Friday that it found two Amazon Web Services S3 bucket repositories containing private information but lacking a password. The buckets are likely connected to BroadSoft, Inc., an IT infrastructure firm active in 80 countries. The company is reportedly exploring a billion-dollar sale and its stock price is soaring. BroadSoft did not respond to a request for comment. The publicly available data spans from Nov. 2010 to July 2017. The trove contains access credentials, access logs, usernames, transaction IDs, MAC addresses, serial numbers, account numbers, billing addresses, phone numbers and more. Due to the “massive amount of sensitive information” in the repository, it would “take weeks to fully sort through all the data,” according to Kromtech’s researchers. “In this […]

The post Charter Communications is assessing damage in ‘massive’ 600gb data leak appeared first on Cyberscoop.

Continue reading Charter Communications is assessing damage in ‘massive’ 600gb data leak

Fake FCC statement posted to agency’s website stokes security worries

Posted on by

The Federal Communications Commission’s website allows users to upload any file to the agency’s domain, including malware, GIFs and one strange and official-looking proclamation that grabbed the internet’s attention this week. The permissive nature of the site has stoked worries about potential security issues. Here’s the problem: To enable public comment on proposed FCC rule changes, the application programming interface (API) on the agency’s Electronic Comment Filing System allows seemingly any document to be uploaded and published to the FCC’s website. On Wednesday, a PDF uploaded through the comment system on FCC.gov slamming FCC chairman Ajit Pai made the rounds online. FCC has released a statement regarding Ajit Pai and net neutrality. https://t.co/AMzRe1mdLx @FCC @AjitPaiFCC #NetNeutrality @Lucky225 @Hak5 pic.twitter.com/KsVJED6st8 — JON JOLLEE (@h3apspray) August 31, 2017 Pranks are obvious attention-getters but this can potentially be used in phishing and malware campaigns that point to the legitimate FCC.gov domain. An FCC spokesperson said the […]

The post Fake FCC statement posted to agency’s website stokes security worries appeared first on Cyberscoop.

Continue reading Fake FCC statement posted to agency’s website stokes security worries

A scam within a scam: new malware dupes crooks with unexpected backdoor

Posted on by

Meet the extraordinarily duplicitous Cobian RAT. The remote access trojan debuted this year on numerous dark web black-market forums, where it was shared among users without a price tag. The no-cost RAT caught the eye of many would-be hackers who downloaded the malware unaware that Cobian is, according to new research, backdoored so that the original author controls everything no matter what the second-level malware operator does. The findings help shed light on a specially tailored hacking campaign aimed at cybercriminals. Cybersecurity firm Zscaler published research Thursday outlining the scheme. “User systems compromised by the malicious payload initially communicate with the [command and control] server configured by the second-level operator, but they get subsequent instructions to communicate with the original author’s [command and control],” the researcher’s wrote. “The original author is able to take full control of compromised systems, and, if he wishes, cut off all communications to the second-level malware operator.” Cobian appears […]

The post A scam within a scam: new malware dupes crooks with unexpected backdoor appeared first on Cyberscoop.

Continue reading A scam within a scam: new malware dupes crooks with unexpected backdoor

711 million email addresses found in popular banking malware’s spambot

Posted on by

A trove of 711 million email accounts used by a colossal spam operation was found by a Parisian security researcher this week. The collection, hosted on a publicly accessible server in the Netherlands, includes email addresses, corresponding passwords and servers engineered to help the spam avoid inbox filters. Uncovered by a pseudonymous researcher named Benkow moʞuƎq and reported by blogger and developer Troy Hunt, the spambot known as “Onliner” marks the largest-ever data set loaded into haveibeenpwned.com, a popular breach notification service operated by Hunt. Onliner delivers Ursnif banking malware, ZDNet reported, which is responsible in more than 100,000 global infections. Ursnif is infamous years-old data-stealing malware that has been updated continuously. It’s an evolving threat that can move through numerous attack vectors. In a 2017 report, Palo Alto Networks researchers said “newer versions of the threat allow attackers to steal browsing data such as banking and credit card information, acquire passwords via screenshots and keylogging, […]

The post 711 million email addresses found in popular banking malware’s spambot appeared first on Cyberscoop.

Continue reading 711 million email addresses found in popular banking malware’s spambot