Patrick Howell O’Neill – Page 37

Trump administration removes Kaspersky from list of approved vendors

Posted on July 11, 2017 by Patrick Howell O'Neill

The Trump administration on Tuesday limited the federal government’s ability to buy cybersecurity software from Russia-based Kaspersky Lab. The General Services Administration (GSA) removed Kaspersky products from its approved list of vendors, adding significant difficulty for federal agencies to buy and use Kaspersky Lab products. The company has come under increasing suspicion for possible connections to Russian intelligence agencies. The action follows U.S. intelligence officials unanimously slamming Kaspersky during a Senate Intelligence Committee hearing in May. Additionally, a draft Pentagon budget that would ban Kaspersky products was released last month. In response to the move, a Kaspersky representative told CyberScoop that the company “has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.” “Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company […]

The post Trump administration removes Kaspersky from list of approved vendors appeared first on Cyberscoop.

Continue reading Trump administration removes Kaspersky from list of approved vendors→

1Password has confused everyone with shift to cloud-based subscriptions

Posted on July 11, 2017 by Patrick Howell O'Neill

The popular password management software 1Password is under fire from security experts as the app is moving toward subscription-based cloud storage — and away from the local machine storage — that helped it become popular among the information security community. Options to create local vaults are hidden in several new versions of the software and the latest Windows 1Password app does not allow local storage password vaults, a stark departure from what has long been one of 1Password’s defining characteristics. Criticism erupted on social media over the weekend as news spread and several prominent cybersecurity experts roundly came out against the new direction. Much of the damage has been seemingly self-inflicted, as 1Password’s employees and website have offered confusing and at times contradictory guidance about the service’s future. Infosec experts are calling it a step backward, because it means users risk losing their passwords by storing them in a piece of hardware they do not own. […]

The post 1Password has confused everyone with shift to cloud-based subscriptions appeared first on Cyberscoop.

Continue reading 1Password has confused everyone with shift to cloud-based subscriptions→

NATO extends cybersecurity help to Ukraine in wake of cyberattack

Posted on July 10, 2017 by Patrick Howell O'Neill

NATO is extending cybersecurity help to the Ukrainian government following last month’s malware attacks that largely targeted Ukrainian institutions. Standing next to Ukrainian President Petro Poroshenko at a press conference in Kiev on Monday, NATO secretary-general Jens Stoltenberg said the alliance is “in the process of providing Ukraine with new equipment to some key government institutions” that would “help Ukraine investigate who is behind the different attacks.” Poroshenko claimed to “have evidence that a recent cyberattack was also organized by the Russian Federation.” The Ukrainian president said the country’s goal is to join NATO and asked for discussions to expand the 29-member alliance. In response, Kremlin spokesman Dmitry Peskov said Ukraine joining the alliance would “not help strengthen stability and security in Europe.” Just last month, Stoltenberg reiterated that a massive cyberattack against a NATO member nation could trigger a military response according to the alliance’s mutual defense guarantee. The position, held by NATO leadership since […]

The post NATO extends cybersecurity help to Ukraine in wake of cyberattack appeared first on Cyberscoop.

Continue reading NATO extends cybersecurity help to Ukraine in wake of cyberattack→

Russia and U.S. to create ‘working group’ to discuss election hacking

Posted on July 7, 2017 by Patrick Howell O'Neill

Russia and the United States will create a bilateral working group to discuss the issue of election hacking, Russian Foreign Minister Sergey Lavrov said after talks held between the two nations’ presidents in Hamburg, Germany, during the G20 meetings. Earlier during G20 events, President Donald Trump declined to say he believed Russia interfered with the 2016 U.S. elections despite conclusions drawn by several U.S. intelligence agencies including the NSA, CIA and FBI. On Friday, Lavrov said Trump accepted Russian President Vladimir Putin’s statement that Russia did not meddle in U.S. elections. Immediately afterwards, U.S. Secretary of State Rex Tillerson said Trump and Putin agreed to work toward an agreement on non-interference in the politics of foreign nations. Trump and Putin see no value in “religitating the past,” Tillerson said, and will instead focus on the future of the U.S.-Russia relationship. That puts into doubt the idea that this working group will look at the […]

The post Russia and U.S. to create ‘working group’ to discuss election hacking appeared first on Cyberscoop.

Continue reading Russia and U.S. to create ‘working group’ to discuss election hacking→

DHS: Nuclear plant hacks show ‘no indication’ of threat to public safety

Posted on July 7, 2017 by Patrick Howell O'Neill

U.S. officials warned industrial firms last week about an ongoing hacking campaign targeting individuals in the nuclear and energy industry, a DHS official confirmed to CyberScoop. No operations systems were impacted, instead it was “limited to limited to administrative and business networks” and posed “no indication of a threat to public safety.” Hackers sent spearphishing emails containing malware hidden in fake résumé documents to engineers in attempts to gain access to targeted machines and networks, according to a DHS and FBI report. The New York Times identified Wolf Creek Nuclear Operating Corporation and their plant near Burlington, Kansas as one of the targets. “The Department of Homeland Security and the Federal Bureau of Investigation are aware of a potential cyber intrusion affecting entities in the energy sector,” a DHS spokesperson told CyberScoop. “There is no indication of a threat to public safety, as any potential impact appears to be limited to administrative and business networks. […]

The post DHS: Nuclear plant hacks show ‘no indication’ of threat to public safety appeared first on Cyberscoop.

Continue reading DHS: Nuclear plant hacks show ‘no indication’ of threat to public safety→

Scammers make millions in two months with dated Android exploits

Posted on July 6, 2017 by Patrick Howell O'Neill

A newly discovered strain of Android malware earned hackers $1.5 million, with researchers pointing to a Chinese ad firm as possibly being responsible for the malware’s spread. The malware, called CopyCat, infected 14 million Android devices, rooted 8 million phones and had 3.8 million devices serve ads, according to the Israeli cybersecurity firm Check Point Technologies. Victims were mainly in South and Southeast Asia, but over 280,000 Android users in the United States were also infected. India was the hardest hit nation with over 3.8 million victims from the CopyCat campaign. Researchers from Check Point released a report on the threat on Thursday calling out CopyCat’s “unprecedented success rate.” CopyCat uses an arsenal of exploits that are, at the most recent, two years old. The oldest exploit, CVE-2013-6282 (VROOT), dates back to 2013. The success of the campaign is a testament to the fact that millions of users are operating old, unpatched and […]

The post Scammers make millions in two months with dated Android exploits appeared first on Cyberscoop.

Continue reading Scammers make millions in two months with dated Android exploits→

Israeli hacking firm Ability under SEC investigation, adding to its woes

Posted on July 5, 2017 by Patrick Howell O'Neill

At a glance, the private hacking and surveillance industry is rich and getting richer. Yet that industry boom doesn’t mean every company is raking in millions. Amid the high demand for surveillance tech, there is a multimillion-dollar Israeli firm whose future is very much in doubt. Ability Inc. is staring at a mountain of business and legal challenges. The 23-year-old company is currently under investigation by the Securities and Exchange Commission for allegedly lying about products and finances. It’s also facing an investor lawsuit for many of the same allegations, was nearly delisted from NASDAQ and has watched nearly a dozen board members resign in the last year. At the heart of the lawsuits are allegations that Ability lied for years about the company’s ability to develop, sell and deploy its flagship product. The tool, which is spyware designed to eavesdrop on any mobile phone, was not developed by Ability nor does the company […]

The post Israeli hacking firm Ability under SEC investigation, adding to its woes appeared first on Cyberscoop.

Continue reading Israeli hacking firm Ability under SEC investigation, adding to its woes→

Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say

Posted on July 3, 2017 by Patrick Howell O'Neill

The search for the source of last week’s global malware attacks continues as experts are increasingly pointing toward Russian involvement in the incident. The NATO-affiliated Cooperative Cyber Defence Centre of Excellence (CCD COE) in Tallinn, Estonia, concluded last week that the attack was “most likely” carried out by a nation-state. The report followed a string of separate analyses that said the attacks appeared to have Russian sources. CCD COE researchers pointed to the sophistication of the malware. “In the case of NotPetya, significant improvements have been made to create a new breed of ultimate threat,” said one of the researchers, Bernhards Blumbergs. “Among all new features, the malware has been more professionally developed in contrast with sloppy WannaCry, and instead of scanning the whole Internet it is more targeted and searches for new hosts to infect deeper on local computer networks once initial breach has occurred.” The assertion by NATO-sponsored researchers that a nation-state probably spread the malware only intensifies questions […]

The post Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say appeared first on Cyberscoop.

Continue reading Global malware attack ‘most likely’ carried out by a nation-state, NATO-sponsored researchers say→

Pentagon’s looming Kaspersky ban viewed as ‘purely political’

Posted on June 30, 2017 by Patrick Howell O'Neill

The Department of Defense may ban products from Moscow-based cybersecurity company Kaspersky, yet experts would be surprised if it changes much from an operational standpoint. The ban is receiving criticism from security professionals, who said the move signifies little more than political posturing. “I’d like to call this out as what it is: a purely political move,” Jake Williams, founder of Rendition Infosec, told CyberScoop. “This doesn’t need to be in the [Pentagon budget]. If intelligence indicates that Kaspersky is in cahoots with the Russian government, [the Department of Defense] could (and should) ban the use of Kaspersky products by policy.” Eugene Kaspersky, the firm’s CEO and co-founder, offered again on Friday to let the U.S. government audit the company’s source code to prove “we’ve got nothing to hide.” “We want the government, our users and the public to fully understand that having Russian roots does not make us guilty,” he wrote in […]

The post Pentagon’s looming Kaspersky ban viewed as ‘purely political’ appeared first on Cyberscoop.

Continue reading Pentagon’s looming Kaspersky ban viewed as ‘purely political’→

Kaspersky products banned in draft Pentagon budget

Posted on June 29, 2017 by Patrick Howell O'Neill

The Department of Defense’s next budget may ban the use of products from Kaspersky, the Moscow-based cybersecurity company accused by U.S. officials of possibly being under Russian influence. The newest draft of the National Defense Authorization Act draft won unanimous approval of the Senate Armed Services Committee on Wednesday. The Kaspersky amendment was added by Sen. Jeanne Shaheen, D-N.H. The Senate amendment’s addition was first reported by Reuters. The House is working on its own version of the NDAA, which sets funding levels and policy annually for the Pentagon. At a Senate Intelligence Committee hearing last month, Sen. Ted Cruz, R-Texas, asked top American intelligence officials if any of them would use Kaspersky products. Director of National Intelligence Daniel Coats responded with a “resounding no,” an answer echoed by acting FBI Director Andrew McCabe and Adm. Mike Rogers, who runs the NSA and U.S. Cyber Command. There has been no public evidence whatsoever […]

The post Kaspersky products banned in draft Pentagon budget appeared first on Cyberscoop.

Continue reading Kaspersky products banned in draft Pentagon budget→